Skip to main content

suno_core/
client.rs

1//! The Suno API client: lists the library behind the [`Http`](crate::Http) port.
2
3use std::collections::BTreeSet;
4
5use serde_json::Value;
6
7use crate::auth::ClerkAuth;
8use crate::backoff::{backoff_delay, retry_after};
9use crate::clock::Clock;
10use crate::consts::{
11    API_MAX_RETRIES, BILLING_INFO_PATH, CLIP_PARENT_PATH, FEED_INITIAL_RATE, FEED_PAGE_SIZE,
12    FEED_V3_PATH, MAX_PAGES, PLAYLIST_ME_PATH, PLAYLIST_PATH, SUNO_API_BASE_URL,
13};
14use crate::error::{Error, Result};
15use crate::http::{Http, HttpRequest, Method};
16use crate::is_downloadable;
17use crate::limiter::{AdaptiveLimiter, retry_after_delay};
18use crate::lyrics::AlignedLyrics;
19use crate::model::Clip;
20
21/// One of the account's own playlists, as listed by `/api/playlist/me`.
22///
23/// Carries only what playlist reconciliation needs: the stable id (the state
24/// key), the display name (drives the `.m3u8` file name and `#PLAYLIST` line),
25/// and the member count for reporting. The ordered members are fetched
26/// separately with [`SunoClient::get_playlist_clips`].
27#[derive(Debug, Clone, PartialEq, Eq)]
28pub struct Playlist {
29    /// The playlist's stable Suno id.
30    pub id: String,
31    /// The playlist's display name.
32    pub name: String,
33    /// The number of clips Suno reports in the playlist.
34    pub num_clips: u64,
35}
36
37/// The authenticated account's current remaining credit balance.
38#[derive(Debug, Clone, PartialEq, Eq)]
39pub struct BillingInfo {
40    /// Credits remaining in the current billing state.
41    pub total_credits_left: u64,
42}
43
44/// One separated stem of a clip, as listed by the free, read-only stems
45/// endpoint.
46///
47/// A stem is itself a full clip object: the listing returns the same shape as
48/// the library feed, so each stem carries its own clip `id`, a `title` whose
49/// trailing parenthetical is the stem label (e.g. `"My Song (Vocals)"`), a
50/// `status`, and a public `audio_url` on `cdn1.suno.ai` that downloads free and
51/// unauthenticated. Listing and downloading stems never spends credits or
52/// triggers separation.
53#[derive(Debug, Clone, PartialEq, Eq)]
54pub struct Stem {
55    /// The stem's own server clip id. Used both as the stable per-stem key and
56    /// to render the stem's lossless WAV through the free `convert_wav` flow.
57    pub id: String,
58    /// The stem label, taken from the trailing parenthetical of the stem clip's
59    /// title (e.g. `Vocals`, `Backing Vocals`, `Drums`). May be blank when the
60    /// title has no parenthetical, so it is never used alone as a key or name.
61    pub label: String,
62    /// The public CDN MP3 URL the stem downloads from (a plain GET; free).
63    pub url: String,
64}
65
66/// A client for the Suno library API, owning the account's [`ClerkAuth`].
67///
68/// The [`Clock`] is held so [`api_request`](Self::api_request) can back off
69/// through the port on a `429` or transient failure — the engine still sleeps
70/// nowhere itself. The [`AdaptiveLimiter`] paces reactively: an unthrottled
71/// listing waits nowhere, and only after a `429` does it space requests out,
72/// halving the rate and ramping it back after a run of clean successes so pacing
73/// tracks Suno's real limit rather than a fixed constant.
74pub struct SunoClient<C> {
75    auth: ClerkAuth,
76    clock: C,
77    limiter: AdaptiveLimiter,
78}
79
80impl<C: Clock> SunoClient<C> {
81    /// Create a client from a fresh or already-authenticated [`ClerkAuth`].
82    pub fn new(auth: ClerkAuth, clock: C) -> Self {
83        Self {
84            auth,
85            clock,
86            limiter: AdaptiveLimiter::new(FEED_INITIAL_RATE),
87        }
88    }
89
90    /// Borrow the underlying authenticator.
91    pub fn auth(&self) -> &ClerkAuth {
92        &self.auth
93    }
94
95    /// The adaptive limiter's current requests-per-second rate, for tests that
96    /// assert the limiter still records success and `429` correctly (including
97    /// under concurrent WAV-render calls serialised through the executor).
98    #[cfg(test)]
99    pub(crate) fn limiter_rate(&self) -> f64 {
100        self.limiter.rate()
101    }
102
103    /// List clips across the whole library, or only liked clips.
104    ///
105    /// Walks the cursor-paginated `POST /api/feed/v3` feed, following
106    /// `next_cursor` until the server reports the end. Once `limit` clips have
107    /// been collected it stops at the next page boundary and truncates to
108    /// `limit`. Paging is hard-capped at [`MAX_PAGES`] so a runaway
109    /// `has_more` can never loop forever. When `liked` is set the feed filter
110    /// scopes to liked clips (`liked: "True"`).
111    ///
112    /// Returns the clips paired with a `complete` flag that is `true` only when
113    /// paging ended because the server reported `has_more == false` (the feed
114    /// fully drained). A missing `has_more`, a `has_more == true` page with no
115    /// usable `next_cursor`, a `limit` stop, exhausting [`MAX_PAGES`], or any
116    /// transport error all yield `false` (or propagate) so the caller can refuse
117    /// to treat a truncated listing as authoritative for deletion.
118    pub async fn list_clips(
119        &mut self,
120        http: &impl Http,
121        liked: bool,
122        limit: Option<usize>,
123    ) -> Result<(Vec<Clip>, bool)> {
124        let mut clips = Vec::new();
125        let mut cursor: Option<String> = None;
126        let mut complete = false;
127        for _ in 0..MAX_PAGES {
128            let body = feed_v3_body(liked, cursor.as_deref());
129            let response = self
130                .api_send_retrying(http, Method::Post, FEED_V3_PATH, body)
131                .await?;
132            let (page_clips, has_more, next_cursor) = parse_feed_v3(&response)?;
133            clips.extend(page_clips);
134            match has_more {
135                Some(false) => {
136                    complete = true;
137                    break;
138                }
139                Some(true) => match next_cursor {
140                    Some(next) => cursor = Some(next),
141                    None => break,
142                },
143                None => break,
144            }
145            if limit.is_some_and(|n| clips.len() >= n) {
146                break;
147            }
148        }
149        if let Some(n) = limit {
150            clips.truncate(n);
151        }
152        Ok((clips, complete))
153    }
154
155    /// Fetch one clip by ID.
156    ///
157    /// Tries the dedicated `/api/clip/{id}` endpoint first, then falls back to
158    /// scanning the library feed, since that endpoint's exact shape is not yet
159    /// confirmed against the live API.
160    pub async fn get_clip(&mut self, http: &impl Http, id: &str) -> Result<Clip> {
161        if let Some(clip) = self.try_get_clip(http, id).await? {
162            return Ok(clip);
163        }
164        self.find_in_feed(http, id).await
165    }
166
167    /// Ask Suno to render a clip to lossless WAV (server-side, asynchronous).
168    pub async fn request_wav(&mut self, http: &impl Http, id: &str) -> Result<()> {
169        let path = format!("/api/gen/{id}/convert_wav/");
170        self.api_request(http, Method::Post, &path, Vec::new())
171            .await?;
172        Ok(())
173    }
174
175    /// Read the rendered WAV URL for a clip, or `None` while it is not ready.
176    pub async fn wav_url(&mut self, http: &impl Http, id: &str) -> Result<Option<String>> {
177        let path = format!("/api/gen/{id}/wav_file/");
178        let body = self.api_get(http, &path).await?;
179        let data: Value = serde_json::from_slice(&body)
180            .map_err(|err| Error::Api(format!("invalid wav_file JSON: {err}")))?;
181        Ok(data
182            .get("wav_file_url")
183            .and_then(Value::as_str)
184            .filter(|url| !url.is_empty())
185            .map(str::to_string))
186    }
187
188    /// Fetch a clip's word- and line-level aligned (synced) lyrics.
189    ///
190    /// `GET /api/gen/{id}/aligned_lyrics/v2/` (the trailing slash is required) on
191    /// the studio-api host, authenticated with the same JWT as every other
192    /// library read. The `v2` shape carries both a flat word-level list and a
193    /// line-level list with section labels and nested per-word timing (see
194    /// [`AlignedLyrics`]).
195    ///
196    /// An instrumental or un-alignable clip returns `200` with empty arrays,
197    /// which maps to an empty [`AlignedLyrics`]; a `404` (no alignment for the
198    /// clip) is treated the same way, so an absent endpoint is "no synced
199    /// lyrics" rather than a run failure — the caller then writes no synced
200    /// artefact, exactly as an empty cover URL writes no cover. Rides the
201    /// adaptive rate limiter like the other reads.
202    pub async fn aligned_lyrics(&mut self, http: &impl Http, id: &str) -> Result<AlignedLyrics> {
203        let path = format!("/api/gen/{id}/aligned_lyrics/v2/");
204        match self.api_get_retrying(http, &path).await {
205            Ok(body) => Ok(AlignedLyrics::from_bytes(&body)),
206            Err(Error::NotFound(_)) => Ok(AlignedLyrics::default()),
207            Err(err) => Err(err),
208        }
209    }
210
211    /// Fetch specific clips by id, one `GET /api/clip/{id}` per id.
212    ///
213    /// Used by lineage resolution to gap-fill ancestors that are absent from a
214    /// normal listing, including trashed ones. The v3 feed has no batch by-id
215    /// filter, so each id is fetched individually; `/api/clip/{id}` returns any
216    /// clip, trashed or artefact, with the full field set. Unlike
217    /// [`list_clips`](Self::list_clips), no downloadability filter is applied: an
218    /// ancestor may itself be an infill or context-window artefact that the
219    /// lineage walk must still traverse. Clips returned here are ancestors for
220    /// resolution only and must never be treated as download candidates. Ids are
221    /// deduplicated in order, and an id that cannot be retrieved (a `404`) is
222    /// skipped so the caller can fall back to the parent endpoint.
223    pub async fn get_clips_by_ids(&mut self, http: &impl Http, ids: &[&str]) -> Result<Vec<Clip>> {
224        let mut clips = Vec::new();
225        let mut seen: BTreeSet<&str> = BTreeSet::new();
226        for id in ids {
227            if id.is_empty() || !seen.insert(id) {
228                continue;
229            }
230            let path = format!("/api/clip/{id}");
231            match self.api_get_retrying(http, &path).await {
232                Ok(body) => {
233                    if let Some(clip) = parse_clip(&body) {
234                        clips.push(clip);
235                    }
236                }
237                Err(Error::NotFound(_)) => continue,
238                Err(err) => return Err(err),
239            }
240        }
241        Ok(clips)
242    }
243
244    /// Fetch a clip's immediate parent via the dedicated parent endpoint.
245    ///
246    /// Returns the parent clip, or `None` when the clip is a root (no parent) or
247    /// the endpoint yields no clip. Lineage resolution uses this as a fallback
248    /// when a missing ancestor cannot be retrieved by id. Only a `404` (the clip
249    /// has no parent) maps to `None`; any other failure, including a transient
250    /// `5xx`, propagates as an error rather than being mistaken for a root.
251    pub async fn get_clip_parent(&mut self, http: &impl Http, id: &str) -> Result<Option<Clip>> {
252        let path = format!("{CLIP_PARENT_PATH}?clip_id={id}");
253        match self.api_get_retrying(http, &path).await {
254            Ok(body) => Ok(parse_clip(&body)),
255            Err(Error::NotFound(_)) => Ok(None),
256            Err(err) => Err(err),
257        }
258    }
259
260    /// List the account's own playlists, paging `/api/playlist/me`.
261    ///
262    /// Trashed and share-list playlists are excluded by query, so the result is
263    /// the account's authoritative own set. Paging stops on the first empty page
264    /// and is hard-capped at [`MAX_PAGES`] so a server that ignores the page
265    /// parameter cannot loop forever. Only entries with a non-empty id are kept.
266    ///
267    /// A hard failure propagates as an error; the caller treats that as "the
268    /// playlist listing did not fully enumerate" and refuses every playlist
269    /// deletion this run, so a dropped fetch can never remove a `.m3u8`.
270    pub async fn get_playlists(&mut self, http: &impl Http) -> Result<Vec<Playlist>> {
271        let mut playlists = Vec::new();
272        for page in 1..=MAX_PAGES {
273            let path =
274                format!("{PLAYLIST_ME_PATH}?page={page}&show_trashed=false&show_sharelist=false");
275            let body = self.api_get_retrying(http, &path).await?;
276            let page_playlists = parse_playlists(&body)?;
277            if page_playlists.is_empty() {
278                break;
279            }
280            playlists.extend(page_playlists);
281        }
282        Ok(playlists)
283    }
284
285    /// Fetch one playlist's clips in Suno order via `/api/playlist/{id}/`.
286    ///
287    /// The response's `playlist_clips[]` is already ordered and trashed members
288    /// are excluded by Suno, so the order is preserved exactly and no
289    /// downloadability filter is applied: a playlist may legitimately contain any
290    /// clip. Each entry's `clip` object is mapped (falling back to the entry
291    /// itself), and only clips with a non-empty id are kept.
292    ///
293    /// The returned `bool` is a completeness signal for deletion authority: the
294    /// endpoint reports `num_total_results` (the playlist's full member count)
295    /// alongside `playlist_clips[]`, so `true` means every member came back on
296    /// this single page (`returned == num_total_results`). A short page (a
297    /// paginated or partially-listed playlist) returns `false`, so a Mirror
298    /// playlist area under `library = "off"` is never treated as authoritative
299    /// unless its whole member set was seen (D5).
300    pub async fn get_playlist_clips(
301        &mut self,
302        http: &impl Http,
303        id: &str,
304    ) -> Result<(Vec<Clip>, bool)> {
305        let path = format!("{PLAYLIST_PATH}{id}/");
306        let body = self.api_get_retrying(http, &path).await?;
307        parse_playlist_clips(&body)
308    }
309
310    /// Read the authenticated account's billing information.
311    pub async fn get_billing_info(&mut self, http: &impl Http) -> Result<BillingInfo> {
312        let body = self.api_get_retrying(http, BILLING_INFO_PATH).await?;
313        parse_billing_info(&body)
314    }
315
316    /// List a clip's already-separated stems (free, read-only).
317    ///
318    /// Uses the live stems shape: first `GET /api/clip/{id}/stems/pages` for the
319    /// page count (`{"pages": N}`), then `GET /api/clip/{id}/stems?page=P` for
320    /// each `P` in `0..N` (the pages are 0-indexed), whose body is
321    /// `{"stems": [<clip>, ...]}` where each stem is a full clip object. Every
322    /// request rides the shared limiter and retry. This endpoint only reads: it
323    /// never spends credits and never triggers separation, so it is safe on the
324    /// bulk mirror path. The caller must only invoke it when the clip's
325    /// `has_stem` is true.
326    ///
327    /// Returns the collected stems paired with a `complete` flag that is `true`
328    /// only when the listing was fully and authoritatively enumerated: the page
329    /// count came back and every one of its pages drained, AFTER at least one
330    /// stem was seen. This encodes the deletion-safety invariant: an empty
331    /// listing (`pages == 0`, or a `400`/`404` on the page-count endpoint, which
332    /// Suno returns for a clip with zero stems), a transport failure, or a
333    /// partial drain (a page error mid-enumeration surfaces as `Err`) all yield a
334    /// non-authoritative result, so the caller KEEPS any existing local stems and
335    /// never reads the absence as "no stems". A clip that declares more than
336    /// [`MAX_PAGES`] pages is likewise a truncated listing and never authoritative.
337    /// A stem is only ever removed from an authoritative (`complete`) listing that
338    /// omits it, or when its owning clip's audio is deleted.
339    pub async fn list_stems(
340        &mut self,
341        http: &impl Http,
342        clip_id: &str,
343    ) -> Result<(Vec<Stem>, bool)> {
344        let declared = self.stem_page_count(http, clip_id).await?;
345        // Zero pages (or no page count) is Suno's "this clip has no stems"
346        // answer: indeterminate for deletion, never an authoritative empty.
347        if declared == 0 {
348            return Ok((Vec::new(), false));
349        }
350        let pages = declared.min(MAX_PAGES);
351        let mut stems: Vec<Stem> = Vec::new();
352        for page in 0..pages {
353            // Pages are 0-indexed (0..N-1); note the path has no trailing slash
354            // before the query, distinguishing it from `.../stems/pages`.
355            let path = format!("/api/clip/{clip_id}/stems?page={page}");
356            // A page error mid-enumeration is indeterminate, not a clean end:
357            // surface it so the caller keeps existing stems rather than reading a
358            // partial drain as authoritative and removing stems.
359            let body = self.api_get_retrying(http, &path).await?;
360            stems.extend(parse_stems_page(&body));
361        }
362        dedupe_stems(&mut stems);
363        // Authoritative only when the whole declared page set actually drained
364        // and it held stems: an all-empty listing is never "no stems", and a
365        // clip declaring more than the `MAX_PAGES` cap is a truncated listing,
366        // never authoritative, so its un-fetched stems are kept (mirroring the
367        // feed's `list_clips` cap handling).
368        let complete = !stems.is_empty() && declared <= MAX_PAGES;
369        Ok((stems, complete))
370    }
371
372    /// Read the stems page count for a clip from `GET /api/clip/{id}/stems/pages`
373    /// (`{"pages": N}`).
374    ///
375    /// A clip with no stems answers `400`/`404` here; both mean "no stems" and
376    /// map to `0` (indeterminate, never an authoritative empty set), while any
377    /// other error (a transient `5xx`, a transport failure) propagates so the
378    /// caller treats the stems as unknown and keeps them.
379    async fn stem_page_count(&mut self, http: &impl Http, clip_id: &str) -> Result<u32> {
380        let path = format!("/api/clip/{clip_id}/stems/pages");
381        match self.api_get_retrying(http, &path).await {
382            Ok(body) => Ok(parse_stem_page_count(&body)),
383            Err(err) if is_invalid_page_error(&err) => Ok(0),
384            Err(Error::NotFound(_)) => Ok(0),
385            Err(err) => Err(err),
386        }
387    }
388
389    /// Try the dedicated clip endpoint, returning `None` when it is missing or
390    /// returns a body that does not yield the requested clip.
391    async fn try_get_clip(&mut self, http: &impl Http, id: &str) -> Result<Option<Clip>> {
392        let path = format!("/api/clip/{id}");
393        match self.api_get_retrying(http, &path).await {
394            Ok(body) => Ok(parse_clip(&body).filter(|clip| clip.id == id)),
395            Err(Error::NotFound(_)) => Ok(None),
396            Err(err) => Err(err),
397        }
398    }
399
400    /// Locate a clip by scanning the library feed.
401    async fn find_in_feed(&mut self, http: &impl Http, id: &str) -> Result<Clip> {
402        let (clips, _complete) = self.list_clips(http, false, None).await?;
403        clips
404            .into_iter()
405            .find(|clip| clip.id == id)
406            .ok_or_else(|| Error::Api(format!("clip {id} not found in the library")))
407    }
408
409    /// Perform an authenticated GET, refreshing the JWT once on a 401/403.
410    async fn api_get(&mut self, http: &impl Http, path: &str) -> Result<Vec<u8>> {
411        self.api_request(http, Method::Get, path, Vec::new()).await
412    }
413
414    /// A retrying GET: [`api_send_retrying`](Self::api_send_retrying) with no body.
415    async fn api_get_retrying(&mut self, http: &impl Http, path: &str) -> Result<Vec<u8>> {
416        self.api_send_retrying(http, Method::Get, path, Vec::new())
417            .await
418    }
419
420    /// Like [`api_request`](Self::api_request) but rides through Suno's rate
421    /// limiter, pacing each request to the adaptive rate and backing off through
422    /// the [`Clock`] on a `429` (honouring `Retry-After` when present, defaulting
423    /// to 5s and capped at 60s) or a transient connection failure, up to
424    /// [`API_MAX_RETRIES`] times. Each attempt reconstructs the full request
425    /// (method, path, and body), so a throttled feed page re-POSTs the same
426    /// cursor rather than skipping ahead.
427    ///
428    /// Pacing lives here, at the single per-request layer, rather than in any
429    /// paged walk, so it composes with whatever listing calls it: a page or a
430    /// cursor walk pace identically. The [`AdaptiveLimiter`] paces reactively:
431    /// an unthrottled walk waits nowhere, and only after the first `429` does it
432    /// space out requests, widening that pace as the rate is halved again.
433    ///
434    /// The WAV render flow deliberately keeps to the plain [`api_get`](Self::api_get):
435    /// the executor owns that retry so its budget and poll interval stay in one
436    /// place. Library, playlist, and lineage reads use this so a full-library
437    /// walk is not aborted by a single throttled page.
438    async fn api_send_retrying(
439        &mut self,
440        http: &impl Http,
441        method: Method,
442        path: &str,
443        body: Vec<u8>,
444    ) -> Result<Vec<u8>> {
445        let pace = self.limiter.pace();
446        if !pace.is_zero() {
447            self.clock.sleep(pace).await;
448        }
449        let mut retries = 0;
450        loop {
451            match self.api_request(http, method, path, body.clone()).await {
452                Ok(response) => return Ok(response),
453                Err(Error::RateLimited { retry_after }) if retries < API_MAX_RETRIES => {
454                    self.clock.sleep(retry_after_delay(retry_after)).await;
455                    retries += 1;
456                }
457                Err(Error::Connection(_)) if retries < API_MAX_RETRIES => {
458                    self.clock.sleep(backoff_delay(retries, None)).await;
459                    retries += 1;
460                }
461                Err(err) => return Err(err),
462            }
463        }
464    }
465
466    /// Perform an authenticated request, refreshing the JWT once on a 401/403.
467    ///
468    /// `body` is sent only by the adapter when non-empty, so a GET or a bodyless
469    /// POST reaches the network unchanged.
470    async fn api_request(
471        &mut self,
472        http: &impl Http,
473        method: Method,
474        path: &str,
475        body: Vec<u8>,
476    ) -> Result<Vec<u8>> {
477        // Crate-wide POST allow-list. Every mutating Suno API request funnels
478        // through here, so refusing any POST to a path outside the known-safe
479        // set means a destructive or credit-spending endpoint can never be sent,
480        // even by a future edit that forgets the invariant. GETs are free and
481        // unrestricted; only POSTs are gated.
482        if method == Method::Post && !post_path_allowed(path) {
483            return Err(Error::Refused(format!(
484                "POST to {path} is not on the allow-list"
485            )));
486        }
487        let url = format!("{SUNO_API_BASE_URL}{path}");
488        let mut auth_refreshed = false;
489        loop {
490            let jwt = self.auth.ensure_jwt(http).await?;
491            let mut request = match method {
492                Method::Get => HttpRequest::get(url.clone()),
493                Method::Post => HttpRequest::post(url.clone(), body.clone()),
494            };
495            request
496                .headers
497                .push(("Authorization".to_string(), format!("Bearer {jwt}")));
498            let response = http
499                .send(request)
500                .await
501                .map_err(|err| Error::Connection(err.to_string()))?;
502            match response.status {
503                200..=299 => {
504                    self.limiter.on_success();
505                    return Ok(response.body);
506                }
507                401 | 403 if !auth_refreshed => {
508                    self.auth.invalidate_jwt();
509                    auth_refreshed = true;
510                }
511                401 | 403 => {
512                    return Err(Error::Auth(format!(
513                        "Suno API auth failed with status {}",
514                        response.status
515                    )));
516                }
517                429 => {
518                    self.limiter.on_rate_limit();
519                    return Err(Error::RateLimited {
520                        retry_after: retry_after(&response),
521                    });
522                }
523                404 => {
524                    return Err(Error::NotFound(format!("Suno API returned 404: {path}")));
525                }
526                status => {
527                    let preview: String = String::from_utf8_lossy(&response.body)
528                        .chars()
529                        .take(200)
530                        .collect();
531                    return Err(Error::Api(format!("Suno API returned {status}: {preview}")));
532                }
533            }
534        }
535    }
536}
537
538/// Unwrap a `{ "clip": {...} }` wrapper to the inner clip object, or return
539/// `value` unchanged when it carries no object `clip` key (it is already bare).
540fn unwrap_clip(value: &Value) -> &Value {
541    value
542        .get("clip")
543        .filter(|clip| clip.is_object())
544        .unwrap_or(value)
545}
546
547/// Whether a Suno API path may be the target of a POST (the crate-wide POST
548/// allow-list). Membership is deliberately narrow so a mutating request is only
549/// ever sent to a vetted endpoint:
550///
551/// - [`FEED_V3_PATH`] — the cursor-paginated library listing (a POST by design).
552/// - `…/convert_wav/` — the per-clip server-side lossless WAV render.
553///
554/// A GET is never gated (reads are free and non-mutating). Any credit-spending
555/// generation endpoint is deliberately absent here.
556fn post_path_allowed(path: &str) -> bool {
557    if path == FEED_V3_PATH {
558        return true;
559    }
560    // The per-clip WAV render: /api/gen/{id}/convert_wav/ with a single id.
561    if let Some(rest) = path.strip_prefix("/api/gen/")
562        && let Some(id) = rest.strip_suffix("/convert_wav/")
563    {
564        return is_single_id_segment(id);
565    }
566    false
567}
568
569/// Whether `segment` is a single, non-empty path id segment: no slash, no query,
570/// and no `..` traversal, so an allow-list match can never be smuggled past by a
571/// crafted path.
572fn is_single_id_segment(segment: &str) -> bool {
573    !segment.is_empty()
574        && !segment.contains('/')
575        && !segment.contains('?')
576        && !segment.contains("..")
577}
578
579/// Whether an error is Suno's "this clip has no stems" answer on the stems
580/// page-count endpoint: a `400` (it returns `400 "Invalid page number"` for a
581/// clip with zero stems). Distinguished from a transient `5xx` (also
582/// [`Error::Api`]) so a server error is never mistaken for "no stems".
583fn is_invalid_page_error(err: &Error) -> bool {
584    matches!(err, Error::Api(msg) if msg.contains("returned 400") || msg.contains("Invalid page"))
585}
586
587/// Parse the stems page count from `GET /api/clip/{id}/stems/pages`
588/// (`{"pages": N}`).
589///
590/// A missing, non-numeric, or negative `pages` reads as `0` (no stems), so a
591/// malformed body is treated as indeterminate rather than guessing a count.
592fn parse_stem_page_count(body: &[u8]) -> u32 {
593    serde_json::from_slice::<Value>(body)
594        .ok()
595        .and_then(|data| data.get("pages").and_then(Value::as_u64))
596        .and_then(|pages| u32::try_from(pages).ok())
597        .unwrap_or(0)
598}
599
600/// Parse one page of the stems listing (`{"stems": [<clip>, ...]}`) into
601/// [`Stem`]s.
602///
603/// Each stem is a full clip object, so it is mapped with [`Clip::from_json`]:
604/// the id is the stem clip id, the label is the trailing parenthetical of its
605/// title, and the download URL is its public CDN MP3. Only stems carrying both a
606/// non-empty id and URL are kept — a stem with no id cannot be WAV-rendered, and
607/// one with no URL cannot be mirrored. Malformed JSON yields no stems (never a
608/// panic), so a bad body is treated as an empty, non-authoritative page.
609fn parse_stems_page(body: &[u8]) -> Vec<Stem> {
610    let Ok(data) = serde_json::from_slice::<Value>(body) else {
611        return Vec::new();
612    };
613    let items = if let Some(array) = data.as_array() {
614        array.as_slice()
615    } else {
616        data.get("stems")
617            .and_then(Value::as_array)
618            .map(Vec::as_slice)
619            .unwrap_or(&[])
620    };
621    items
622        .iter()
623        .map(parse_stem)
624        .filter(|stem| !stem.id.is_empty() && !stem.url.is_empty())
625        .collect()
626}
627
628/// Map one raw stem clip element to a [`Stem`]: its clip id, the trailing
629/// parenthetical of its title as the label, and its public CDN MP3 URL.
630fn parse_stem(raw: &Value) -> Stem {
631    let clip = Clip::from_json(raw);
632    Stem {
633        id: clip.id.clone(),
634        label: stem_label_from_title(&clip.title),
635        url: clip.mp3_url(),
636    }
637}
638
639/// The stem label carried in a stem clip's title: the text inside its trailing
640/// parenthetical (`"My Song (Backing Vocals)"` -> `Backing Vocals`). Returns an
641/// empty string when the title has no closing parenthetical, so the caller falls
642/// back to the stem id for naming.
643fn stem_label_from_title(title: &str) -> String {
644    let trimmed = title.trim_end();
645    let Some(before_close) = trimmed.strip_suffix(')') else {
646        return String::new();
647    };
648    match before_close.rfind('(') {
649        Some(open) => before_close[open + 1..].trim().to_string(),
650        None => String::new(),
651    }
652}
653
654/// Drop stems that repeat across pages, keeping the first occurrence of each
655/// download URL so a paged listing counts a stem once.
656fn dedupe_stems(stems: &mut Vec<Stem>) {
657    let mut seen = BTreeSet::new();
658    stems.retain(|stem| seen.insert(stem.url.clone()));
659}
660
661/// Parse a single-clip response body, accepting either a bare clip object or a
662/// `{"clip": {...}}` wrapper. Returns `None` when no clip id is present.
663fn parse_clip(body: &[u8]) -> Option<Clip> {
664    let data: Value = serde_json::from_slice(body).ok()?;
665    let raw = unwrap_clip(&data);
666    let has_id = raw
667        .get("id")
668        .and_then(Value::as_str)
669        .is_some_and(|id| !id.is_empty());
670    has_id.then(|| Clip::from_json(raw))
671}
672
673/// Parse `/api/billing/info/` into the remaining credits we report in `doctor`.
674fn parse_billing_info(body: &[u8]) -> Result<BillingInfo> {
675    let data: Value = serde_json::from_slice(body)
676        .map_err(|err| Error::Api(format!("invalid billing JSON: {err}")))?;
677    let total_credits_left = data
678        .get("total_credits_left")
679        .and_then(json_u64)
680        .ok_or_else(|| Error::Api("invalid billing JSON: missing total_credits_left".into()))?;
681    Ok(BillingInfo { total_credits_left })
682}
683
684/// Read a numeric field that Suno may encode either as a JSON number or a
685/// decimal string.
686fn json_u64(value: &Value) -> Option<u64> {
687    match value {
688        Value::Number(number) => number.as_u64(),
689        Value::String(text) => text.parse().ok(),
690        _ => None,
691    }
692}
693
694/// Build the JSON body for a `POST /api/feed/v3` page.
695///
696/// `filters.trashed` is the string `"False"` so the feed excludes trashed clips
697/// exactly as the old v2 listing did; a `liked` walk adds `filters.liked =
698/// "True"` (v3 ignores an `is_liked` key). The `cursor` is omitted on the first
699/// page and set to the previous page's `next_cursor` thereafter.
700fn feed_v3_body(liked: bool, cursor: Option<&str>) -> Vec<u8> {
701    let mut filters = serde_json::Map::new();
702    filters.insert("trashed".to_string(), Value::String("False".to_string()));
703    if liked {
704        filters.insert("liked".to_string(), Value::String("True".to_string()));
705    }
706    let mut body = serde_json::Map::new();
707    body.insert("limit".to_string(), Value::from(FEED_PAGE_SIZE));
708    body.insert("filters".to_string(), Value::Object(filters));
709    if let Some(cursor) = cursor {
710        body.insert("cursor".to_string(), Value::String(cursor.to_string()));
711    }
712    serde_json::to_vec(&Value::Object(body)).unwrap_or_default()
713}
714
715/// Parse a v3 feed page into the kept clips, the raw `has_more`, and the
716/// `next_cursor`.
717///
718/// `has_more` is [`None`] when the key is missing or not a bool, so the caller
719/// can refuse to treat an unrecognised page as a fully drained feed. An empty
720/// `next_cursor` string maps to [`None`] so it is never re-sent as a cursor.
721fn parse_feed_v3(body: &[u8]) -> Result<(Vec<Clip>, Option<bool>, Option<String>)> {
722    let data: Value = serde_json::from_slice(body)
723        .map_err(|err| Error::Api(format!("invalid feed JSON: {err}")))?;
724    let Some(object) = data.as_object() else {
725        return Ok((Vec::new(), None, None));
726    };
727    let clips = object
728        .get("clips")
729        .and_then(Value::as_array)
730        .map(|raw| {
731            raw.iter()
732                .map(Clip::from_json)
733                .filter(is_downloadable)
734                .collect()
735        })
736        .unwrap_or_default();
737    let has_more = object.get("has_more").and_then(Value::as_bool);
738    let next_cursor = object
739        .get("next_cursor")
740        .and_then(Value::as_str)
741        .filter(|cursor| !cursor.is_empty())
742        .map(str::to_string);
743    Ok((clips, has_more, next_cursor))
744}
745
746/// Parse a `/api/playlist/me` page into playlists, dropping entries with no id.
747fn parse_playlists(body: &[u8]) -> Result<Vec<Playlist>> {
748    let data: Value = serde_json::from_slice(body)
749        .map_err(|err| Error::Api(format!("invalid playlist JSON: {err}")))?;
750    Ok(data
751        .get("playlists")
752        .and_then(Value::as_array)
753        .map(|raw| raw.iter().filter_map(parse_playlist_item).collect())
754        .unwrap_or_default())
755}
756
757/// Map one raw `/api/playlist/me` entry, or `None` when it carries no id.
758///
759/// `num_total_results` is the playlist's member count; a missing name defaults
760/// to `Untitled` (matching the clip mapping) so the file name is never empty.
761fn parse_playlist_item(raw: &Value) -> Option<Playlist> {
762    let id = raw
763        .get("id")
764        .and_then(Value::as_str)
765        .filter(|id| !id.is_empty())?
766        .to_string();
767    let name = match raw.get("name") {
768        Some(Value::String(name)) if !name.is_empty() => name.clone(),
769        _ => "Untitled".to_string(),
770    };
771    let num_clips = raw
772        .get("num_total_results")
773        .and_then(Value::as_u64)
774        .unwrap_or(0);
775    Some(Playlist {
776        id,
777        name,
778        num_clips,
779    })
780}
781
782/// Parse a `/api/playlist/{id}/` body into its ordered member clips plus a
783/// completeness flag.
784///
785/// Each `playlist_clips[]` entry wraps the clip under `clip`; the wrapper is
786/// unwrapped (falling back to the entry itself), order is preserved exactly, and
787/// only clips with a non-empty id survive. No downloadability filter is applied:
788/// a playlist may hold any clip, and members absent from the local library are
789/// reconciled as comment lines by the caller, not dropped here. The scoped-sync
790/// path applies [`is_downloadable`](crate::is_downloadable) itself when it fetches
791/// members as download candidates.
792///
793/// The completeness flag is `true` when the number of raw `playlist_clips[]`
794/// entries equals the response's `num_total_results`, i.e. the whole member set
795/// arrived on this single page. It gates a Mirror playlist area's deletion
796/// authority (D5): a short or paginated page cannot be authoritative for
797/// deletion, so it returns `false`.
798fn parse_playlist_clips(body: &[u8]) -> Result<(Vec<Clip>, bool)> {
799    let data: Value = serde_json::from_slice(body)
800        .map_err(|err| Error::Api(format!("invalid playlist JSON: {err}")))?;
801    let raw = data.get("playlist_clips").and_then(Value::as_array);
802    let raw_len = raw.map(|a| a.len()).unwrap_or(0);
803    let clips: Vec<Clip> = raw
804        .map(|raw| {
805            raw.iter()
806                .map(|entry| Clip::from_json(unwrap_clip(entry)))
807                .filter(|clip| !clip.id.is_empty())
808                .collect()
809        })
810        .unwrap_or_default();
811    // Completeness compares the raw entry count (before the empty-id filter)
812    // against the reported total: a full single page has them equal. A missing
813    // or malformed total is never treated as complete, so a page whose size
814    // cannot be verified fails safe toward "not authoritative" and a Mirror area
815    // can never delete from it.
816    let complete = data
817        .get("num_total_results")
818        .and_then(Value::as_u64)
819        .is_some_and(|total| raw_len as u64 == total);
820    Ok((clips, complete))
821}
822
823#[cfg(test)]
824mod tests {
825    use super::*;
826    use crate::testutil::{MockHttp, RecordingClock, Reply, Rule, ScriptedHttp};
827    use std::time::Duration;
828
829    fn feed_body() -> String {
830        serde_json::json!({
831            "has_more": false,
832            "clips": [
833                {
834                    "id": "a", "title": "Song A", "status": "complete",
835                    "audio_url": "https://cdn1.suno.ai/a.mp3",
836                    "metadata": {"tags": "rock", "duration": 120.5, "type": "gen"}
837                },
838                {"id": "b", "title": "Infill", "status": "complete", "metadata": {"task": "infill"}},
839                {"id": "c", "title": "Streaming", "status": "streaming", "metadata": {}},
840                {
841                    "id": "d", "title": "Context", "status": "complete",
842                    "metadata": {"type": "rendered_context_window"}
843                }
844            ]
845        })
846        .to_string()
847    }
848
849    #[test]
850    fn parse_feed_v3_filters_and_reads_pagination() {
851        let (clips, has_more, next_cursor) = parse_feed_v3(feed_body().as_bytes()).unwrap();
852        assert_eq!(has_more, Some(false));
853        assert_eq!(next_cursor, None);
854        assert_eq!(clips.len(), 1);
855        assert_eq!(clips[0].id, "a");
856        assert_eq!(clips[0].tags, "rock");
857        assert!((clips[0].duration - 120.5).abs() < f64::EPSILON);
858    }
859
860    #[test]
861    fn feed_v3_body_carries_filters_and_optional_cursor() {
862        let first: Value = serde_json::from_slice(&feed_v3_body(false, None)).unwrap();
863        assert_eq!(first["filters"]["trashed"], "False");
864        assert!(first.get("cursor").is_none());
865        assert!(first["filters"].get("liked").is_none());
866
867        let liked: Value = serde_json::from_slice(&feed_v3_body(true, Some("cur42"))).unwrap();
868        assert_eq!(liked["filters"]["liked"], "True");
869        assert_eq!(liked["cursor"], "cur42");
870    }
871
872    #[test]
873    fn audiopipe_url_is_rewritten_to_cdn() {
874        let raw =
875            serde_json::json!({"id": "x", "audio_url": "https://audiopipe.suno.ai/?item_id=x"});
876        assert_eq!(
877            Clip::from_json(&raw).audio_url,
878            "https://cdn1.suno.ai/x.mp3"
879        );
880    }
881
882    #[test]
883    fn list_clips_authenticates_then_reads_the_feed() {
884        let client_body = serde_json::json!({
885            "response": {
886                "last_active_session_id": "s",
887                "sessions": [{"id": "s", "user": {"id": "u", "username": "h"}}]
888            }
889        })
890        .to_string();
891        let http = MockHttp::new(vec![
892            Rule::new(
893                "/v1/client/sessions/",
894                200,
895                r#"{"jwt": "a.b.c"}"#.to_string(),
896            ),
897            Rule::new("/v1/client", 200, client_body),
898            Rule::new("/api/feed/v3", 200, feed_body()),
899        ]);
900
901        let mut auth = ClerkAuth::new("eyJtoken");
902        pollster::block_on(auth.authenticate(&http)).unwrap();
903        let mut client = SunoClient::new(auth, RecordingClock::new());
904        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
905        assert_eq!(clips.len(), 1);
906        assert_eq!(clips[0].id, "a");
907        assert!(complete);
908    }
909
910    #[test]
911    fn list_clips_reports_incomplete_when_paging_is_capped() {
912        let mut rules = auth_rules();
913        rules.push(Rule::new(
914            "/api/feed/v3",
915            200,
916            serde_json::json!({
917                "has_more": true,
918                "next_cursor": "cur1",
919                "clips": [{
920                    "id": "a", "title": "Song A", "status": "complete",
921                    "audio_url": "https://cdn1.suno.ai/a.mp3",
922                    "metadata": {"type": "gen"}
923                }]
924            })
925            .to_string(),
926        ));
927        let http = MockHttp::new(rules);
928        let mut client = authed_client(&http);
929
930        let (_clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
931        assert!(!complete);
932    }
933
934    fn auth_rules() -> Vec<Rule> {
935        let client_body = serde_json::json!({
936            "response": {
937                "last_active_session_id": "s",
938                "sessions": [{"id": "s", "user": {"id": "u", "username": "h"}}]
939            }
940        })
941        .to_string();
942        vec![
943            Rule::new(
944                "/v1/client/sessions/",
945                200,
946                r#"{"jwt": "a.b.c"}"#.to_string(),
947            ),
948            Rule::new("/v1/client", 200, client_body),
949        ]
950    }
951
952    fn authed_client(http: &MockHttp) -> SunoClient<RecordingClock> {
953        let mut auth = ClerkAuth::new("eyJtoken");
954        pollster::block_on(auth.authenticate(http)).unwrap();
955        SunoClient::new(auth, RecordingClock::new())
956    }
957
958    #[test]
959    fn get_billing_info_reads_remaining_credits() {
960        let mut rules = auth_rules();
961        rules.push(Rule::new(
962            BILLING_INFO_PATH,
963            200,
964            r#"{"total_credits_left":500,"monthly_limit":1000,"monthly_usage":500}"#.to_string(),
965        ));
966        let http = MockHttp::new(rules);
967        let mut client = authed_client(&http);
968
969        let billing = pollster::block_on(client.get_billing_info(&http)).unwrap();
970        assert_eq!(billing.total_credits_left, 500);
971    }
972
973    #[test]
974    fn get_billing_info_rejects_missing_balance() {
975        let mut rules = auth_rules();
976        rules.push(Rule::new(
977            BILLING_INFO_PATH,
978            200,
979            r#"{"monthly_usage":12}"#.to_string(),
980        ));
981        let http = MockHttp::new(rules);
982        let mut client = authed_client(&http);
983
984        let err = pollster::block_on(client.get_billing_info(&http)).unwrap_err();
985        assert!(err.to_string().contains("total_credits_left"));
986    }
987
988    #[test]
989    fn aligned_lyrics_reads_words_and_lines() {
990        let mut rules = auth_rules();
991        let body = serde_json::json!({
992            "aligned_words": [
993                {"word": "hi", "success": true, "start_s": 0.5, "end_s": 0.9, "p_align": 0.99}
994            ],
995            "aligned_lyrics": [
996                {"text": "hi", "start_s": 0.5, "end_s": 0.9, "section": "Verse 1",
997                 "words": [{"text": "hi", "start_s": 0.5, "end_s": 0.9}]}
998            ],
999            "hoot_cer": 0.2, "is_streamed": false
1000        })
1001        .to_string();
1002        rules.push(Rule::new("/aligned_lyrics/v2/", 200, body));
1003        let http = MockHttp::new(rules);
1004        let mut client = authed_client(&http);
1005
1006        let aligned = pollster::block_on(client.aligned_lyrics(&http, "clip-1")).unwrap();
1007        assert_eq!(aligned.words.len(), 1);
1008        assert_eq!(aligned.lines.len(), 1);
1009        assert_eq!(aligned.lines[0].section, "Verse 1");
1010        assert!(!aligned.is_empty());
1011    }
1012
1013    #[test]
1014    fn aligned_lyrics_empty_arrays_map_to_empty() {
1015        let mut rules = auth_rules();
1016        rules.push(Rule::new(
1017            "/aligned_lyrics/v2/",
1018            200,
1019            r#"{"aligned_words":[],"aligned_lyrics":[],"hoot_cer":1.0}"#.to_string(),
1020        ));
1021        let http = MockHttp::new(rules);
1022        let mut client = authed_client(&http);
1023
1024        let aligned = pollster::block_on(client.aligned_lyrics(&http, "instr")).unwrap();
1025        assert!(aligned.is_empty());
1026    }
1027
1028    #[test]
1029    fn aligned_lyrics_maps_404_to_empty() {
1030        let mut rules = auth_rules();
1031        rules.push(Rule::new(
1032            "/aligned_lyrics/v2/",
1033            404,
1034            "not found".to_string(),
1035        ));
1036        let http = MockHttp::new(rules);
1037        let mut client = authed_client(&http);
1038
1039        let aligned = pollster::block_on(client.aligned_lyrics(&http, "missing")).unwrap();
1040        assert!(aligned.is_empty());
1041    }
1042
1043    fn scripted_client(http: &ScriptedHttp, clock: RecordingClock) -> SunoClient<RecordingClock> {
1044        let mut auth = ClerkAuth::new("eyJtoken");
1045        pollster::block_on(auth.authenticate(http)).unwrap();
1046        SunoClient::new(auth, clock)
1047    }
1048
1049    fn one_clip_page(id: &str, next_cursor: Option<&str>) -> String {
1050        let mut page = serde_json::json!({
1051            "has_more": next_cursor.is_some(),
1052            "clips": [{
1053                "id": id, "title": "Song", "status": "complete",
1054                "audio_url": format!("https://cdn1.suno.ai/{id}.mp3"),
1055                "metadata": {"type": "gen"}
1056            }]
1057        });
1058        if let Some(cursor) = next_cursor {
1059            page["next_cursor"] = serde_json::json!(cursor);
1060        }
1061        page.to_string()
1062    }
1063
1064    #[test]
1065    fn list_clips_retries_a_rate_limited_page() {
1066        let http = ScriptedHttp::new().with_auth().route_seq(
1067            "/api/feed/v3",
1068            vec![Reply::status(429), Reply::json(&feed_body())],
1069        );
1070        let clock = RecordingClock::new();
1071        let mut client = scripted_client(&http, clock.clone());
1072
1073        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1074        assert_eq!(clips.len(), 1);
1075        assert!(complete);
1076        // The throttled page was retried once, waiting the default post-429 wait.
1077        assert_eq!(http.count("/api/feed/v3"), 2);
1078        assert_eq!(clock.sleeps(), vec![Duration::from_secs(5)]);
1079    }
1080
1081    #[test]
1082    fn list_clips_honours_retry_after_on_a_throttled_page() {
1083        let http = ScriptedHttp::new().with_auth().route_seq(
1084            "/api/feed/v3",
1085            vec![
1086                Reply::status(429).with_retry_after(7),
1087                Reply::json(&feed_body()),
1088            ],
1089        );
1090        let clock = RecordingClock::new();
1091        let mut client = scripted_client(&http, clock.clone());
1092
1093        let (clips, _complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1094        assert_eq!(clips.len(), 1);
1095        // The server's Retry-After is honoured directly as the post-429 wait.
1096        assert_eq!(clock.sleeps(), vec![Duration::from_secs(7)]);
1097    }
1098
1099    #[test]
1100    fn list_clips_re_posts_the_same_cursor_after_a_throttled_page() {
1101        // A 429 mid-walk must re-POST the *same* cursor, not skip a page.
1102        let http = ScriptedHttp::new().with_auth().route_seq(
1103            "/api/feed/v3",
1104            vec![
1105                Reply::json(&one_clip_page("a", Some("cur1"))),
1106                Reply::status(429),
1107                Reply::json(&one_clip_page("b", None)),
1108            ],
1109        );
1110        let clock = RecordingClock::new();
1111        let mut client = scripted_client(&http, clock.clone());
1112
1113        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1114        assert!(complete);
1115        assert_eq!(clips.len(), 2);
1116        let bodies = http.bodies();
1117        let feed_bodies: Vec<&String> = bodies.iter().filter(|b| b.contains("filters")).collect();
1118        assert_eq!(feed_bodies.len(), 3, "page 1, the 429 retry, then page 2");
1119        // The retry (body 2) carries the SAME cursor as the throttled call (body 2 == the
1120        // second feed POST), i.e. the cursor from page 1's next_cursor.
1121        let retried: Value = serde_json::from_str(feed_bodies[1]).unwrap();
1122        let after_retry: Value = serde_json::from_str(feed_bodies[2]).unwrap();
1123        assert_eq!(retried["cursor"], "cur1");
1124        assert_eq!(after_retry["cursor"], "cur1");
1125    }
1126
1127    #[test]
1128    fn list_clips_threads_the_cursor_across_pages() {
1129        let http = ScriptedHttp::new().with_auth().route_seq(
1130            "/api/feed/v3",
1131            vec![
1132                Reply::json(&one_clip_page("a", Some("cur1"))),
1133                Reply::json(&one_clip_page("b", None)),
1134            ],
1135        );
1136        let clock = RecordingClock::new();
1137        let mut client = scripted_client(&http, clock.clone());
1138
1139        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1140        assert!(complete);
1141        assert_eq!(clips.len(), 2);
1142        let bodies = http.bodies();
1143        let feed_bodies: Vec<&String> = bodies.iter().filter(|b| b.contains("filters")).collect();
1144        assert_eq!(feed_bodies.len(), 2);
1145        let page1: Value = serde_json::from_str(feed_bodies[0]).unwrap();
1146        let page2: Value = serde_json::from_str(feed_bodies[1]).unwrap();
1147        // Page 1 omits the cursor; page 2 carries exactly page 1's next_cursor.
1148        assert!(page1.get("cursor").is_none());
1149        assert_eq!(page2["cursor"], "cur1");
1150    }
1151
1152    #[test]
1153    fn list_clips_stops_incomplete_when_has_more_but_no_cursor() {
1154        // has_more == true with no usable next_cursor: a truncated feed. The walk
1155        // must stop, report incomplete, and never re-POST a null cursor.
1156        let page = serde_json::json!({
1157            "has_more": true,
1158            "clips": [{
1159                "id": "a", "title": "Song", "status": "complete",
1160                "audio_url": "https://cdn1.suno.ai/a.mp3", "metadata": {"type": "gen"}
1161            }]
1162        })
1163        .to_string();
1164        let http = ScriptedHttp::new()
1165            .with_auth()
1166            .route("/api/feed/v3", Reply::json(&page));
1167        let clock = RecordingClock::new();
1168        let mut client = scripted_client(&http, clock.clone());
1169
1170        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1171        assert!(!complete);
1172        assert_eq!(clips.len(), 1);
1173        assert_eq!(http.count("/api/feed/v3"), 1, "no re-POST of a null cursor");
1174    }
1175
1176    #[test]
1177    fn list_clips_is_incomplete_when_has_more_is_missing() {
1178        // A page with no has_more key must not be read as a fully drained feed.
1179        let page = serde_json::json!({
1180            "clips": [{
1181                "id": "a", "title": "Song", "status": "complete",
1182                "audio_url": "https://cdn1.suno.ai/a.mp3", "metadata": {"type": "gen"}
1183            }]
1184        })
1185        .to_string();
1186        let http = ScriptedHttp::new()
1187            .with_auth()
1188            .route("/api/feed/v3", Reply::json(&page));
1189        let clock = RecordingClock::new();
1190        let mut client = scripted_client(&http, clock.clone());
1191
1192        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1193        assert!(!complete);
1194        assert_eq!(clips.len(), 1);
1195        assert_eq!(http.count("/api/feed/v3"), 1);
1196    }
1197
1198    #[test]
1199    fn list_clips_propagates_an_error_mid_walk_and_never_completes() {
1200        let http = ScriptedHttp::new().with_auth().route_seq(
1201            "/api/feed/v3",
1202            vec![
1203                Reply::json(&one_clip_page("a", Some("cur1"))),
1204                Reply::status(500),
1205            ],
1206        );
1207        let clock = RecordingClock::new();
1208        let mut client = scripted_client(&http, clock.clone());
1209
1210        let result = pollster::block_on(client.list_clips(&http, false, None));
1211        assert!(matches!(result, Err(Error::Api(_))));
1212    }
1213
1214    #[test]
1215    fn list_clips_is_complete_on_an_empty_drained_feed() {
1216        // An empty but fully drained feed is authoritative (complete = true);
1217        // deletion is separately gated by there being a mirror source.
1218        let page = serde_json::json!({"has_more": false, "clips": []}).to_string();
1219        let http = ScriptedHttp::new()
1220            .with_auth()
1221            .route("/api/feed/v3", Reply::json(&page));
1222        let clock = RecordingClock::new();
1223        let mut client = scripted_client(&http, clock.clone());
1224
1225        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1226        assert!(complete);
1227        assert!(clips.is_empty());
1228    }
1229
1230    #[test]
1231    fn list_clips_liked_scope_sends_the_liked_filter() {
1232        let http = ScriptedHttp::new()
1233            .with_auth()
1234            .route("/api/feed/v3", Reply::json(&feed_body()));
1235        let clock = RecordingClock::new();
1236        let mut client = scripted_client(&http, clock.clone());
1237
1238        let _ = pollster::block_on(client.list_clips(&http, true, None)).unwrap();
1239        let bodies = http.bodies();
1240        let feed_body = bodies.iter().find(|b| b.contains("filters")).unwrap();
1241        let value: Value = serde_json::from_str(feed_body).unwrap();
1242        assert_eq!(value["filters"]["liked"], "True");
1243        assert_eq!(value["filters"]["trashed"], "False");
1244    }
1245
1246    #[test]
1247    fn list_clips_does_not_pace_an_unthrottled_walk() {
1248        let http = ScriptedHttp::new().with_auth().route_seq(
1249            "/api/feed/v3",
1250            vec![
1251                Reply::json(&one_clip_page("a", Some("cur1"))),
1252                Reply::json(&one_clip_page("e", None)),
1253            ],
1254        );
1255        let clock = RecordingClock::new();
1256        let mut client = scripted_client(&http, clock.clone());
1257
1258        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1259        assert!(complete);
1260        assert_eq!(clips.len(), 2);
1261        assert_eq!(http.count("/api/feed/v3"), 2);
1262        // Pacing is reactive: with no 429 the whole walk waits nowhere.
1263        assert!(clock.sleeps().is_empty());
1264    }
1265
1266    #[test]
1267    fn list_clips_slows_its_pace_after_a_throttled_page() {
1268        let http = ScriptedHttp::new().with_auth().route_seq(
1269            "/api/feed/v3",
1270            vec![
1271                Reply::status(429),
1272                Reply::json(&one_clip_page("a", Some("cur1"))),
1273                Reply::json(&one_clip_page("e", None)),
1274            ],
1275        );
1276        let clock = RecordingClock::new();
1277        let mut client = scripted_client(&http, clock.clone());
1278
1279        let (clips, complete) = pollster::block_on(client.list_clips(&http, false, None)).unwrap();
1280        assert!(complete);
1281        assert_eq!(clips.len(), 2);
1282        // The 429 halved the rate, so the default post-429 wait is followed by a
1283        // doubled inter-page pace (500ms to 1s) for the next page.
1284        assert_eq!(
1285            clock.sleeps(),
1286            vec![Duration::from_secs(5), Duration::from_secs(1)]
1287        );
1288    }
1289
1290    #[test]
1291    fn list_clips_gives_up_after_max_retries() {
1292        let http = ScriptedHttp::new()
1293            .with_auth()
1294            .route("/api/feed/v3", Reply::status(429));
1295        let clock = RecordingClock::new();
1296        let mut client = scripted_client(&http, clock.clone());
1297
1298        let result = pollster::block_on(client.list_clips(&http, false, None));
1299        assert!(matches!(result, Err(Error::RateLimited { .. })));
1300        let budget = crate::consts::API_MAX_RETRIES as usize;
1301        assert_eq!(clock.sleeps().len(), budget);
1302        assert_eq!(http.count("/api/feed/v3"), budget + 1);
1303    }
1304
1305    #[test]
1306    fn parse_clip_accepts_bare_and_wrapped_shapes() {
1307        let bare = serde_json::json!({"id": "z", "title": "Zed"}).to_string();
1308        assert_eq!(parse_clip(bare.as_bytes()).unwrap().id, "z");
1309
1310        let wrapped = serde_json::json!({"clip": {"id": "w", "title": "Wai"}}).to_string();
1311        assert_eq!(parse_clip(wrapped.as_bytes()).unwrap().id, "w");
1312
1313        let missing = serde_json::json!({"detail": "not found"}).to_string();
1314        assert!(parse_clip(missing.as_bytes()).is_none());
1315    }
1316
1317    #[test]
1318    fn get_clip_uses_the_dedicated_endpoint() {
1319        let clip_body = serde_json::json!({
1320            "id": "z", "title": "Zed", "status": "complete",
1321            "audio_url": "https://cdn1.suno.ai/z.mp3",
1322            "metadata": {"tags": "jazz", "duration": 99.0, "type": "gen"}
1323        })
1324        .to_string();
1325        let mut rules = auth_rules();
1326        rules.push(Rule::new("/api/clip/", 200, clip_body));
1327        let http = MockHttp::new(rules);
1328        let mut client = authed_client(&http);
1329
1330        let clip = pollster::block_on(client.get_clip(&http, "z")).unwrap();
1331        assert_eq!(clip.id, "z");
1332        assert_eq!(clip.title, "Zed");
1333        assert_eq!(clip.tags, "jazz");
1334    }
1335
1336    #[test]
1337    fn get_clip_falls_back_to_the_feed_when_endpoint_missing() {
1338        let mut rules = auth_rules();
1339        rules.push(Rule::new(
1340            "/api/clip/",
1341            404,
1342            r#"{"detail": "not found"}"#.to_string(),
1343        ));
1344        rules.push(Rule::new("/api/feed/v3", 200, feed_body()));
1345        let http = MockHttp::new(rules);
1346        let mut client = authed_client(&http);
1347
1348        let clip = pollster::block_on(client.get_clip(&http, "a")).unwrap();
1349        assert_eq!(clip.id, "a");
1350        assert_eq!(clip.tags, "rock");
1351    }
1352
1353    #[test]
1354    fn request_wav_accepts_a_2xx_status() {
1355        let mut rules = auth_rules();
1356        rules.push(Rule::new("/convert_wav/", 201, "{}".to_string()));
1357        let http = MockHttp::new(rules);
1358        let mut client = authed_client(&http);
1359
1360        assert!(pollster::block_on(client.request_wav(&http, "z")).is_ok());
1361    }
1362
1363    #[test]
1364    fn wav_url_reads_the_ready_url() {
1365        let mut rules = auth_rules();
1366        rules.push(Rule::new(
1367            "/wav_file/",
1368            200,
1369            r#"{"wav_file_url": "https://cdn1.suno.ai/z.wav"}"#.to_string(),
1370        ));
1371        let http = MockHttp::new(rules);
1372        let mut client = authed_client(&http);
1373
1374        let url = pollster::block_on(client.wav_url(&http, "z")).unwrap();
1375        assert_eq!(url.as_deref(), Some("https://cdn1.suno.ai/z.wav"));
1376    }
1377
1378    #[test]
1379    fn wav_url_is_none_until_the_render_is_ready() {
1380        let mut rules = auth_rules();
1381        rules.push(Rule::new("/wav_file/", 200, "{}".to_string()));
1382        let http = MockHttp::new(rules);
1383        let mut client = authed_client(&http);
1384
1385        let url = pollster::block_on(client.wav_url(&http, "z")).unwrap();
1386        assert_eq!(url, None);
1387    }
1388
1389    #[test]
1390    fn get_clips_by_ids_fetches_each_id_and_keeps_artefacts() {
1391        // The per-id gap-fill path must not apply the listing's downloadability
1392        // filter: an infill ancestor and an upload root both survive, fetched one
1393        // `/api/clip/{id}` at a time.
1394        let p1 = serde_json::json!({
1395            "id": "p1", "title": "Infill Ancestor", "status": "complete",
1396            "metadata": {"type": "gen", "task": "infill"}
1397        })
1398        .to_string();
1399        let p2 = serde_json::json!({
1400            "id": "p2", "title": "Uploaded Root", "status": "complete",
1401            "metadata": {"type": "upload"}
1402        })
1403        .to_string();
1404        let mut rules = auth_rules();
1405        rules.push(Rule::new("/api/clip/p1", 200, p1));
1406        rules.push(Rule::new("/api/clip/p2", 200, p2));
1407        let http = MockHttp::new(rules);
1408        let mut client = authed_client(&http);
1409
1410        let clips = pollster::block_on(client.get_clips_by_ids(&http, &["p1", "p2"])).unwrap();
1411        assert_eq!(
1412            clips.len(),
1413            2,
1414            "infill and upload ancestors must not be filtered"
1415        );
1416        assert_eq!(clips[0].id, "p1");
1417        assert_eq!(clips[1].id, "p2");
1418    }
1419
1420    #[test]
1421    fn get_clips_by_ids_returns_a_trashed_clip() {
1422        // A trashed ancestor must still be retrievable by id (the v2 `?ids=`
1423        // capability that per-id `/api/clip/{id}` replaces).
1424        let trashed = serde_json::json!({
1425            "id": "t1", "title": "Trashed Ancestor", "status": "complete",
1426            "is_trashed": true, "metadata": {"type": "gen"}
1427        })
1428        .to_string();
1429        let mut rules = auth_rules();
1430        rules.push(Rule::new("/api/clip/t1", 200, trashed));
1431        let http = MockHttp::new(rules);
1432        let mut client = authed_client(&http);
1433
1434        let clips = pollster::block_on(client.get_clips_by_ids(&http, &["t1"])).unwrap();
1435        assert_eq!(clips.len(), 1);
1436        assert_eq!(clips[0].id, "t1");
1437        assert!(clips[0].is_trashed);
1438    }
1439
1440    #[test]
1441    fn get_clips_by_ids_skips_a_not_found_id_and_dedupes() {
1442        let only = serde_json::json!({
1443            "id": "only", "title": "Bare", "status": "complete", "metadata": {"type": "gen"}
1444        })
1445        .to_string();
1446        let http = ScriptedHttp::new()
1447            .with_auth()
1448            .route("/api/clip/gone", Reply::status(404))
1449            .route("/api/clip/only", Reply::json(&only));
1450        let mut client = scripted_client(&http, RecordingClock::new());
1451
1452        let clips =
1453            pollster::block_on(client.get_clips_by_ids(&http, &["only", "gone", "only"])).unwrap();
1454        assert_eq!(clips.len(), 1, "the 404 id is skipped");
1455        assert_eq!(clips[0].id, "only");
1456        // "only" is fetched once despite appearing twice; "gone" is attempted once.
1457        assert_eq!(http.count("/api/clip/only"), 1);
1458        assert_eq!(http.count("/api/clip/gone"), 1);
1459    }
1460
1461    #[test]
1462    fn get_clip_parent_reads_the_parent_clip() {
1463        let parent = serde_json::json!({
1464            "id": "par", "title": "Ancestor", "status": "complete",
1465            "metadata": {"type": "gen"}
1466        })
1467        .to_string();
1468        let mut rules = auth_rules();
1469        rules.push(Rule::new("/api/clips/parent?clip_id=child", 200, parent));
1470        let http = MockHttp::new(rules);
1471        let mut client = authed_client(&http);
1472
1473        let clip = pollster::block_on(client.get_clip_parent(&http, "child")).unwrap();
1474        assert_eq!(clip.unwrap().id, "par");
1475    }
1476
1477    #[test]
1478    fn get_clip_parent_is_none_for_a_root() {
1479        let mut rules = auth_rules();
1480        rules.push(Rule::new(
1481            "/api/clips/parent",
1482            404,
1483            r#"{"detail": "no parent"}"#.to_string(),
1484        ));
1485        let http = MockHttp::new(rules);
1486        let mut client = authed_client(&http);
1487
1488        let clip = pollster::block_on(client.get_clip_parent(&http, "root")).unwrap();
1489        assert!(clip.is_none());
1490    }
1491
1492    #[test]
1493    fn get_clip_parent_propagates_server_errors_instead_of_reporting_no_parent() {
1494        // A transient 5xx must never be mistaken for "this clip is a root":
1495        // folding it into Ok(None) would fabricate a wrong external root and let
1496        // a blip rewrite lineage (HARDENING H3). Only a real 404 means no parent.
1497        for status in [500u16, 503] {
1498            let mut rules = auth_rules();
1499            rules.push(Rule::new(
1500                "/api/clips/parent",
1501                status,
1502                r#"{"detail": "server error"}"#.to_string(),
1503            ));
1504            let http = MockHttp::new(rules);
1505            let mut client = authed_client(&http);
1506
1507            let result = pollster::block_on(client.get_clip_parent(&http, "child"));
1508            assert!(
1509                matches!(result, Err(Error::Api(_))),
1510                "status {status} must propagate as an error, not Ok(None)"
1511            );
1512        }
1513    }
1514
1515    #[test]
1516    fn get_playlists_maps_entries_and_skips_missing_ids() {
1517        let page1 = serde_json::json!({
1518            "playlists": [
1519                {"id": "pl1", "name": "Road Trip", "num_total_results": 12},
1520                {"id": "", "name": "No Id", "num_total_results": 3},
1521                {"name": "Also No Id"}
1522            ]
1523        })
1524        .to_string();
1525        let mut rules = auth_rules();
1526        // Page 1 returns entries; page 2 is empty, ending pagination.
1527        rules.push(Rule::new("/api/playlist/me?page=1", 200, page1));
1528        rules.push(Rule::new(
1529            "/api/playlist/me?page=2",
1530            200,
1531            r#"{"playlists": []}"#.to_string(),
1532        ));
1533        let http = MockHttp::new(rules);
1534        let mut client = authed_client(&http);
1535
1536        let playlists = pollster::block_on(client.get_playlists(&http)).unwrap();
1537        assert_eq!(playlists.len(), 1, "entries without an id are dropped");
1538        assert_eq!(
1539            playlists[0],
1540            Playlist {
1541                id: "pl1".to_owned(),
1542                name: "Road Trip".to_owned(),
1543                num_clips: 12,
1544            }
1545        );
1546    }
1547
1548    #[test]
1549    fn get_playlists_defaults_a_missing_name_to_untitled() {
1550        let page1 = serde_json::json!({
1551            "playlists": [{"id": "pl9", "num_total_results": 1}]
1552        })
1553        .to_string();
1554        let mut rules = auth_rules();
1555        rules.push(Rule::new("/api/playlist/me?page=1", 200, page1));
1556        rules.push(Rule::new(
1557            "/api/playlist/me?page=2",
1558            200,
1559            r#"{"playlists": []}"#.to_string(),
1560        ));
1561        let http = MockHttp::new(rules);
1562        let mut client = authed_client(&http);
1563
1564        let playlists = pollster::block_on(client.get_playlists(&http)).unwrap();
1565        assert_eq!(playlists[0].name, "Untitled");
1566    }
1567
1568    #[test]
1569    fn get_playlist_clips_preserves_order_and_unwraps_clip() {
1570        // Members arrive wrapped under `clip`, in playlist order, already
1571        // non-trashed. Order is preserved and no downloadability filter is applied.
1572        let body = serde_json::json!({
1573            "num_total_results": 2,
1574            "playlist_clips": [
1575                {"clip": {
1576                    "id": "second", "title": "Second", "status": "complete",
1577                    "metadata": {"duration": 60.0, "type": "gen"}
1578                }},
1579                {"clip": {
1580                    "id": "first", "title": "First", "status": "complete",
1581                    "metadata": {"duration": 30.0, "task": "infill", "type": "gen"}
1582                }}
1583            ]
1584        })
1585        .to_string();
1586        let mut rules = auth_rules();
1587        rules.push(Rule::new("/api/playlist/pl1/", 200, body));
1588        let http = MockHttp::new(rules);
1589        let mut client = authed_client(&http);
1590
1591        let (clips, complete) =
1592            pollster::block_on(client.get_playlist_clips(&http, "pl1")).unwrap();
1593        assert_eq!(clips.len(), 2, "an infill member is not filtered out");
1594        assert_eq!(clips[0].id, "second");
1595        assert_eq!(clips[1].id, "first");
1596        assert!(
1597            complete,
1598            "returned == num_total_results is fully enumerated"
1599        );
1600    }
1601
1602    #[test]
1603    fn get_playlist_clips_short_page_is_not_complete() {
1604        // A page with fewer entries than num_total_results is not authoritative.
1605        let body = serde_json::json!({
1606            "num_total_results": 5,
1607            "playlist_clips": [
1608                {"clip": {
1609                    "id": "only", "title": "Only", "status": "complete",
1610                    "metadata": {"duration": 60.0, "type": "gen"}
1611                }}
1612            ]
1613        })
1614        .to_string();
1615        let mut rules = auth_rules();
1616        rules.push(Rule::new("/api/playlist/pl1/", 200, body));
1617        let http = MockHttp::new(rules);
1618        let mut client = authed_client(&http);
1619
1620        let (clips, complete) =
1621            pollster::block_on(client.get_playlist_clips(&http, "pl1")).unwrap();
1622        assert_eq!(clips.len(), 1);
1623        assert!(!complete, "a short page is not fully enumerated");
1624    }
1625
1626    #[test]
1627    fn get_playlist_clips_is_empty_for_a_playlist_with_no_members() {
1628        let mut rules = auth_rules();
1629        rules.push(Rule::new(
1630            "/api/playlist/empty/",
1631            200,
1632            r#"{"num_total_results": 0, "playlist_clips": []}"#.to_string(),
1633        ));
1634        let http = MockHttp::new(rules);
1635        let mut client = authed_client(&http);
1636
1637        let (clips, complete) =
1638            pollster::block_on(client.get_playlist_clips(&http, "empty")).unwrap();
1639        assert!(clips.is_empty());
1640        assert!(
1641            complete,
1642            "an empty playlist reporting zero total is complete"
1643        );
1644    }
1645
1646    #[test]
1647    fn get_playlist_clips_missing_total_is_not_complete() {
1648        // A body without num_total_results cannot be verified as whole, so it is
1649        // never authoritative -- an empty or malformed page must not let a Mirror
1650        // area delete from it (D5).
1651        let mut rules = auth_rules();
1652        rules.push(Rule::new(
1653            "/api/playlist/pl1/",
1654            200,
1655            r#"{"playlist_clips": []}"#.to_string(),
1656        ));
1657        let http = MockHttp::new(rules);
1658        let mut client = authed_client(&http);
1659
1660        let (clips, complete) =
1661            pollster::block_on(client.get_playlist_clips(&http, "pl1")).unwrap();
1662        assert!(clips.is_empty());
1663        assert!(!complete, "a missing total is never fully enumerated");
1664    }
1665
1666    /// A stems page body: each stem is a full clip object whose title carries
1667    /// the label in a trailing parenthetical, as the live endpoint returns.
1668    fn stem_page(stems: &[(&str, &str, &str)]) -> String {
1669        let entries: Vec<Value> = stems
1670            .iter()
1671            .map(|(id, label, url)| {
1672                serde_json::json!({
1673                    "id": id,
1674                    "title": format!("My Song ({label})"),
1675                    "status": "complete",
1676                    "audio_url": url,
1677                })
1678            })
1679            .collect();
1680        serde_json::json!({ "stems": entries }).to_string()
1681    }
1682
1683    /// The page-count body for `GET /api/clip/{id}/stems/pages`.
1684    fn stem_pages(pages: u32) -> String {
1685        serde_json::json!({ "pages": pages }).to_string()
1686    }
1687
1688    #[test]
1689    fn list_stems_drains_all_declared_pages_and_is_authoritative() {
1690        // Two 0-indexed pages, both drained: the stems concatenate in order and
1691        // the listing is authoritative (it declared its pages and held stems).
1692        let http = ScriptedHttp::new()
1693            .with_auth()
1694            .route("stems/pages", Reply::json(&stem_pages(2)))
1695            .route(
1696                "stems?page=0",
1697                Reply::json(&stem_page(&[
1698                    ("s1", "Vocals", "https://cdn1.suno.ai/s1.mp3"),
1699                    ("s2", "Drums", "https://cdn1.suno.ai/s2.mp3"),
1700                ])),
1701            )
1702            .route(
1703                "stems?page=1",
1704                Reply::json(&stem_page(&[("s3", "Bass", "https://cdn1.suno.ai/s3.mp3")])),
1705            );
1706        let mut client = scripted_client(&http, RecordingClock::new());
1707
1708        let (stems, complete) = pollster::block_on(client.list_stems(&http, "clip1")).unwrap();
1709        assert_eq!(stems.len(), 3);
1710        assert_eq!(stems[0].id, "s1");
1711        assert_eq!(stems[0].label, "Vocals");
1712        assert_eq!(stems[0].url, "https://cdn1.suno.ai/s1.mp3");
1713        assert_eq!(stems[2].label, "Bass");
1714        assert!(
1715            complete,
1716            "a fully drained listing that returned stems is authoritative"
1717        );
1718    }
1719
1720    #[test]
1721    fn list_stems_zero_pages_is_indeterminate_never_empty() {
1722        // A clip with no stems answers `{"pages": 0}`. That must NOT be read as an
1723        // authoritative empty set, or it could delete local stems.
1724        let http = ScriptedHttp::new()
1725            .with_auth()
1726            .route("stems/pages", Reply::json(&stem_pages(0)));
1727        let mut client = scripted_client(&http, RecordingClock::new());
1728
1729        let (stems, complete) = pollster::block_on(client.list_stems(&http, "clip1")).unwrap();
1730        assert!(stems.is_empty());
1731        assert!(
1732            !complete,
1733            "an empty listing is indeterminate, so existing stems are kept"
1734        );
1735    }
1736
1737    #[test]
1738    fn list_stems_missing_page_count_is_indeterminate() {
1739        // A `400`/`404` on the page-count endpoint (Suno's "no stems" answer) is
1740        // indeterminate, never an authoritative empty set.
1741        for status in [400u16, 404] {
1742            let http = ScriptedHttp::new()
1743                .with_auth()
1744                .route("stems/pages", Reply::status(status));
1745            let mut client = scripted_client(&http, RecordingClock::new());
1746            let (stems, complete) = pollster::block_on(client.list_stems(&http, "clip1")).unwrap();
1747            assert!(stems.is_empty(), "status {status}");
1748            assert!(!complete, "status {status} is indeterminate, not empty");
1749        }
1750    }
1751
1752    #[test]
1753    fn list_stems_page_error_mid_enumeration_propagates() {
1754        // A transient 5xx on a page mid-drain is indeterminate, not an end: it
1755        // surfaces as an error rather than a (partial) authoritative set, so the
1756        // caller keeps existing stems.
1757        let http = ScriptedHttp::new()
1758            .with_auth()
1759            .route("stems/pages", Reply::json(&stem_pages(2)))
1760            .route(
1761                "stems?page=0",
1762                Reply::json(&stem_page(&[(
1763                    "s1",
1764                    "Vocals",
1765                    "https://cdn1.suno.ai/s1.mp3",
1766                )])),
1767            )
1768            .route("stems?page=1", Reply::status(500));
1769        let mut client = scripted_client(&http, RecordingClock::new());
1770
1771        let result = pollster::block_on(client.list_stems(&http, "clip1"));
1772        assert!(result.is_err(), "a 5xx page is not a clean drain");
1773    }
1774
1775    #[test]
1776    fn list_stems_over_max_pages_is_truncated_never_authoritative() {
1777        // A clip that declares more pages than the `MAX_PAGES` cap can only be
1778        // drained partially, so even though the fetched pages hold stems the
1779        // listing is TRUNCATED and must not be authoritative: its un-fetched
1780        // stems on pages beyond the cap would otherwise be delete-reconciled.
1781        let http = ScriptedHttp::new()
1782            .with_auth()
1783            .route("stems/pages", Reply::json(&stem_pages(MAX_PAGES + 1)))
1784            .route(
1785                "stems?page=",
1786                Reply::json(&stem_page(&[(
1787                    "s1",
1788                    "Vocals",
1789                    "https://cdn1.suno.ai/s1.mp3",
1790                )])),
1791            );
1792        let mut client = scripted_client(&http, RecordingClock::new());
1793
1794        let (stems, complete) = pollster::block_on(client.list_stems(&http, "clip1")).unwrap();
1795        assert!(!stems.is_empty(), "the fetched pages still yield stems");
1796        assert!(
1797            !complete,
1798            "a listing declaring more than MAX_PAGES is truncated, never authoritative"
1799        );
1800    }
1801
1802    #[test]
1803    fn parse_stems_page_maps_full_clips_and_skips_idless() {
1804        // A stem is a full clip: id, label from the title parenthetical, and the
1805        // public CDN MP3 url.
1806        let page = stem_page(&[("x", "Backing Vocals", "https://cdn1.suno.ai/x.mp3")]);
1807        let stems = parse_stems_page(page.as_bytes());
1808        assert_eq!(stems.len(), 1);
1809        assert_eq!(stems[0].id, "x");
1810        assert_eq!(stems[0].label, "Backing Vocals");
1811        assert_eq!(stems[0].url, "https://cdn1.suno.ai/x.mp3");
1812        // An entry with no id cannot be keyed or WAV-rendered and is dropped.
1813        let no_id = br#"{"stems": [{"title": "Ghost (Vocals)", "audio_url": "https://cdn1.suno.ai/g.mp3"}]}"#;
1814        assert!(parse_stems_page(no_id).is_empty());
1815        // A stem with an id but no audio_url still resolves a deterministic CDN
1816        // url from its id, so it remains downloadable.
1817        let no_url = br#"{"stems": [{"id": "y", "title": "Song (Bass)"}]}"#;
1818        let recovered = parse_stems_page(no_url);
1819        assert_eq!(recovered.len(), 1);
1820        assert_eq!(recovered[0].url, "https://cdn1.suno.ai/y.mp3");
1821        // Malformed JSON never panics; it yields no stems.
1822        assert!(parse_stems_page(b"not json").is_empty());
1823    }
1824
1825    #[test]
1826    fn parse_stem_page_count_reads_pages_field() {
1827        assert_eq!(parse_stem_page_count(br#"{"pages": 12}"#), 12);
1828        assert_eq!(parse_stem_page_count(br#"{"pages": 0}"#), 0);
1829        // Missing, negative, or non-numeric pages read as 0 (indeterminate).
1830        assert_eq!(parse_stem_page_count(br#"{}"#), 0);
1831        assert_eq!(parse_stem_page_count(br#"{"pages": -1}"#), 0);
1832        assert_eq!(parse_stem_page_count(b"not json"), 0);
1833    }
1834
1835    #[test]
1836    fn stem_label_from_title_extracts_trailing_parenthetical() {
1837        assert_eq!(stem_label_from_title("My Song (Vocals)"), "Vocals");
1838        assert_eq!(
1839            stem_label_from_title("A (b) Song (Backing Vocals)"),
1840            "Backing Vocals"
1841        );
1842        assert_eq!(stem_label_from_title("My Song (Drums) "), "Drums");
1843        // No parenthetical: empty, so the caller falls back to the stem id.
1844        assert_eq!(stem_label_from_title("My Song"), "");
1845        assert_eq!(stem_label_from_title(""), "");
1846    }
1847
1848    #[test]
1849    fn post_allow_list_permits_only_feed_and_wav_render() {
1850        assert!(post_path_allowed(FEED_V3_PATH));
1851        assert!(post_path_allowed("/api/gen/abc123/convert_wav/"));
1852        // No generation endpoint is on the list.
1853        assert!(!post_path_allowed("/api/gen/abc123/stem_task"));
1854        assert!(!post_path_allowed("/api/gen/abc123/separate"));
1855        // Path traversal or extra segments can't smuggle a match.
1856        assert!(!post_path_allowed("/api/gen/a/../evil/convert_wav/"));
1857        assert!(!post_path_allowed("/api/gen/a/b/convert_wav/"));
1858        // The stems endpoints are GET-only and never on the POST allow-list.
1859        assert!(!post_path_allowed("/api/clip/x/stems/pages"));
1860        assert!(!post_path_allowed("/api/clip/x/stems?page=0"));
1861    }
1862
1863    #[test]
1864    fn api_request_refuses_a_post_off_the_allow_list() {
1865        // The single POST chokepoint rejects an off-list POST before the wire, so
1866        // a credit-spending endpoint can never be reached by accident.
1867        let http = MockHttp::new(auth_rules());
1868        let mut client = authed_client(&http);
1869        let err = pollster::block_on(client.api_request(
1870            &http,
1871            Method::Post,
1872            "/api/gen/x/stem_task",
1873            b"{}".to_vec(),
1874        ))
1875        .unwrap_err();
1876        assert!(matches!(err, Error::Refused(_)));
1877    }
1878}