Merge pull request #167 from flocko-motion/development

Main Deployment

Author: janosbrodbeck

.vscode/launch.json

@@ -76,15 +76,29 @@
             ]
         },
         {
-            "name": "Debug TestGamePlaythrough",
+            "name": "Debug TestGamePlaythrough Mistral",
             "type": "go",
             "request": "launch",
             "mode": "test",
             "program": "${workspaceFolder}/testing",
             "cwd": "${workspaceFolder}/testing",
             "args": [
                 "-test.run",
-                "TestGameEngineTestSuite/TestGamePlaythrough",
+                "TestGameEngineTestSuite/TestGamePlaythroughMistral",
+                "-test.v"
+            ],
+            "buildFlags": "-tags=ai_tests"
+        },
+        {
+            "name": "Debug TestGamePlaythrough OpenAI",
+            "type": "go",
+            "request": "launch",
+            "mode": "test",
+            "program": "${workspaceFolder}/testing",
+            "cwd": "${workspaceFolder}/testing",
+            "args": [
+                "-test.run",
+                "TestGameEngineTestSuite/TestGamePlaythroughOpenai",
                 "-test.v"
             ],
             "buildFlags": "-tags=ai_tests"

run-test.sh

@@ -1,37 +1,50 @@
 #!/bin/bash
 
-# Simple test runner - Docker lifecycle is managed by test suites
+# Integration test runner - Docker lifecycle is managed by test suites
 # Each test suite automatically starts/stops its own Docker environment
 #
+# Requires: gotestsum (go install gotest.tools/gotestsum@latest)
+#
 # Usage:
-#   ./run-test.sh           # Run all tests including AI tests
-#   ./run-test.sh --no-ai   # Run tests excluding AI tests (for CI/CD)
+#   ./run-test.sh                    # Clean summary (default)
+#   ./run-test.sh --verbose          # Full verbose output
+#   ./run-test.sh -v                 # Full verbose output (short)
+#   ./run-test.sh --no-ai            # Exclude AI tests
+#   ./run-test.sh --no-ai --verbose  # Exclude AI tests, verbose
 
 cd "$(dirname "$0")"
 
-set -e
+GOTESTSUM="go run gotest.tools/gotestsum@latest"
 
 # Parse arguments
 BUILD_TAGS=""
-if [[ "$1" == "--no-ai" ]]; then
-    echo "🧪 Running integration tests (excluding AI tests)..."
-    BUILD_TAGS=""
-else
+VERBOSE=false
+for arg in "$@"; do
+    case "$arg" in
+        --no-ai)   ;;  # default behavior, no-op
+        --verbose|-v) VERBOSE=true ;;
+        --ai)      BUILD_TAGS="-tags ai_tests" ;;
+    esac
+done
+
+if [[ -n "$BUILD_TAGS" ]]; then
     echo "🧪 Running integration tests (including AI tests)..."
-    BUILD_TAGS="-tags ai_tests"
+else
+    echo "🧪 Running integration tests (excluding AI tests)..."
 fi
 echo ""
 
 cd testing
-go test -v $BUILD_TAGS ./...
-TEST_EXIT_CODE=$?
-cd ..
 
-echo ""
-if [ $TEST_EXIT_CODE -eq 0 ]; then
-    echo "✅ All tests passed!"
+# Pick format: CI gets collapsible groups, terminal gets compact output
+if [[ -n "$CI" ]]; then
+    FORMAT="github-actions"
+elif $VERBOSE; then
+    FORMAT="standard-verbose"
 else
-    echo "❌ Tests failed with exit code $TEST_EXIT_CODE"
+    FORMAT="testname"
 fi
 
-exit $TEST_EXIT_CODE
+$GOTESTSUM --format "$FORMAT" -- -v $BUILD_TAGS ./...
+
+exit $?

server/api/httpx/response.go

@@ -106,7 +106,7 @@ func ErrorCodeToStatus(code string) int {
 		return http.StatusForbidden
 	case obj.ErrCodeNotFound:
 		return http.StatusNotFound
-	case obj.ErrCodeConflict, obj.ErrCodeDuplicateName:
+	case obj.ErrCodeConflict, obj.ErrCodeDuplicateName, obj.ErrCodeLastHead:
 		return http.StatusConflict
 	case obj.ErrCodeServerError:
 		return http.StatusInternalServerError

server/api/routes/games_private_share.go

@@ -110,8 +110,21 @@ func EnablePrivateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Update the game with private share config
-	g.PrivateSponsoredApiKeyShareID = req.SponsorKeyShareID
+	// Create a game-scoped share from the user's personal share.
+	// This is needed so the guest play flow can resolve the API key with uuid.Nil.
+	gameScopedShareID, err := db.CreatePrivateShareSponsorship(r.Context(), user.ID, gameID, *req.SponsorKeyShareID)
+	if err != nil {
+		log.Warn("failed to create private share sponsorship", "game_id", gameID, "error", err)
+		if appErr, ok := err.(*obj.AppError); ok {
+			httpx.WriteAppError(w, appErr)
+			return
+		}
+		httpx.WriteError(w, http.StatusInternalServerError, "Failed to set up private share: "+err.Error())
+		return
+	}
+
+	// Update the game with the game-scoped share ID and session limit
+	g.PrivateSponsoredApiKeyShareID = gameScopedShareID
 	g.PrivateShareRemaining = req.MaxSessions
 
 	if err := db.UpdateGame(r.Context(), user.ID, g); err != nil {
@@ -179,6 +192,13 @@ func RevokePrivateShare(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	// Delete the game-scoped share created by EnablePrivateShare
+	if g.PrivateSponsoredApiKeyShareID != nil {
+		if err := db.DeletePrivateShareSponsorship(r.Context(), *g.PrivateSponsoredApiKeyShareID); err != nil {
+			log.Warn("failed to delete private share sponsorship", "game_id", gameID, "share_id", *g.PrivateSponsoredApiKeyShareID, "error", err)
+		}
+	}
+
 	// Clear all private share fields — hash is removed, a new one will be generated on next enable
 	g.PrivateShareHash = nil
 	g.PrivateSponsoredApiKeyShareID = nil

server/api/routes/sessions.go

@@ -168,6 +168,7 @@ func PostSessionAction(w http.ResponseWriter, r *http.Request) {
 		httpx.WriteError(w, http.StatusNotFound, "Session not found")
 		return
 	}
+	log.Debug("[TRACE] session loaded from DB for action", "session_id", session.ID, "ai_session", session.AiSession, "platform", session.AiPlatform)
 
 	// Get current status fields from the latest message in the session
 	var currentStatus []obj.StatusField
@@ -184,18 +185,11 @@ func PostSessionAction(w http.ResponseWriter, r *http.Request) {
 		StatusFields:  currentStatus,
 	}
 
-	// Re-resolve API key fresh (sponsorship may have been removed since session was created)
-	if httpErr := game.ResolveSessionApiKey(r.Context(), session); httpErr != nil {
-		log.Debug("failed to resolve API key for session action", "session_id", session.ID, "error", httpErr.Message)
-		httpx.WriteHTTPError(w, httpErr)
-		return
-	}
-
-	// Execute the action and get streaming response
+	// Re-resolve API key and execute action with fallback retry logic
 	log.Debug("executing session action", "session_id", session.ID, "message_length", len(req.Message))
-	response, httpErr := game.DoSessionAction(r.Context(), session, action)
+	response, httpErr := game.DoSessionActionWithFallback(r.Context(), session, action)
 	if httpErr != nil {
-		log.Debug("session action failed", "session_id", session.ID, "error", httpErr.Message)
+		log.Warn("session action failed", "session_id", session.ID, "error", httpErr.Message)
 		httpx.WriteHTTPError(w, httpErr)
 		return
 	}

server/api/routes/system_settings.go

@@ -21,6 +21,14 @@ import (
 //	@Failure		500	{object}	httpx.ErrorResponse
 //	@Router			/system/settings [get]
 func GetSystemSettings(w http.ResponseWriter, r *http.Request) {
+	user := httpx.UserFromRequest(r)
+
+	// Require admin
+	if user.Role == nil || user.Role.Role != obj.RoleAdmin {
+		httpx.WriteError(w, http.StatusForbidden, "Forbidden: admin access required")
+		return
+	}
+
 	settings, err := db.GetSystemSettings(r.Context())
 	if err != nil {
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to get system settings: "+err.Error())

server/api/routes/users.go

@@ -46,13 +46,32 @@ type UsersJwtResponse struct {
 //	@Security		BearerAuth
 //	@Router			/users [get]
 func GetUsers(w http.ResponseWriter, r *http.Request) {
-	users, err := db.GetAllUsers(r.Context())
-	if err != nil {
-		httpx.WriteError(w, http.StatusInternalServerError, "Failed to get users: "+err.Error())
+	user := httpx.UserFromRequest(r)
+
+	// Admin sees all users
+	if user.Role != nil && user.Role.Role == obj.RoleAdmin {
+		users, err := db.GetAllUsers(r.Context())
+		if err != nil {
+			httpx.WriteError(w, http.StatusInternalServerError, "Failed to get users: "+err.Error())
+			return
+		}
+		httpx.WriteJSON(w, http.StatusOK, users)
 		return
 	}
 
-	httpx.WriteJSON(w, http.StatusOK, users)
+	// Head/staff sees members of their institution
+	if user.Role != nil && (user.Role.Role == obj.RoleHead || user.Role.Role == obj.RoleStaff) && user.Role.Institution != nil {
+		members, err := db.GetInstitutionMembers(r.Context(), user.Role.Institution.ID, user.ID)
+		if err != nil {
+			httpx.WriteError(w, http.StatusInternalServerError, "Failed to get users: "+err.Error())
+			return
+		}
+		httpx.WriteJSON(w, http.StatusOK, members)
+		return
+	}
+
+	// Everyone else (individual, participant) gets 403
+	httpx.WriteAppError(w, obj.ErrForbidden("only admins or institution heads/staff can list users"))
 }
 
 // GetCurrentUser godoc
@@ -159,15 +178,23 @@ func UpdateUserLanguage(w http.ResponseWriter, r *http.Request) {
 //	@Security		BearerAuth
 //	@Router			/users/{id} [get]
 func GetUserByID(w http.ResponseWriter, r *http.Request) {
-	userID, err := httpx.PathParamUUID(r, "id")
+	currentUser := httpx.UserFromRequest(r)
+
+	targetID, err := httpx.PathParamUUID(r, "id")
 	if err != nil {
 		httpx.WriteError(w, http.StatusBadRequest, "Invalid user ID")
 		return
 	}
 
-	log.Debug("getting user by ID", "user_id", userID)
+	log.Debug("getting user by ID", "user_id", targetID, "requested_by", currentUser.ID)
 
-	user, err := db.GetUserByID(r.Context(), userID)
+	// Permission check: own profile, admin, or head/staff for org members
+	if err := db.CanReadUser(r.Context(), currentUser.ID, targetID); err != nil {
+		httpx.WriteError(w, http.StatusForbidden, "Not authorized to read this user")
+		return
+	}
+
+	user, err := db.GetUserByID(r.Context(), targetID)
 	if err != nil {
 		httpx.WriteError(w, http.StatusNotFound, "User not found")
 		return
@@ -438,6 +465,8 @@ func DeleteUser(w http.ResponseWriter, r *http.Request) {
 				status = http.StatusForbidden
 			case obj.ErrCodeUnauthorized:
 				status = http.StatusUnauthorized
+			case obj.ErrCodeLastHead:
+				status = http.StatusConflict
 			}
 			httpx.WriteError(w, status, appErr.Error())
 		} else {

server/api/routes/workshops.go

@@ -26,6 +26,8 @@ type UpdateWorkshopRequest struct {
 	AiQualityTier              *string `json:"aiQualityTier,omitempty"`
 	ShowPublicGames            bool    `json:"showPublicGames"`
 	ShowOtherParticipantsGames bool    `json:"showOtherParticipantsGames"`
+	DesignEditingEnabled       bool    `json:"designEditingEnabled"`
+	IsPaused                   bool    `json:"isPaused"`
 }
 
 // CreateWorkshop godoc
@@ -213,6 +215,8 @@ func UpdateWorkshop(w http.ResponseWriter, r *http.Request) {
 		AiQualityTier:              req.AiQualityTier,
 		ShowPublicGames:            req.ShowPublicGames,
 		ShowOtherParticipantsGames: req.ShowOtherParticipantsGames,
+		DesignEditingEnabled:       req.DesignEditingEnabled,
+		IsPaused:                   req.IsPaused,
 	}
 
 	workshop, err := db.UpdateWorkshop(r.Context(), id, user.ID, params)

server/db/api_key_shares.go

@@ -125,6 +125,11 @@ func DeleteApiKey(ctx context.Context, userID uuid.UUID, shareID uuid.UUID) erro
 		return obj.ErrServerError("failed to clear user default api key references")
 	}
 
+	// Clear workshop default_api_key_share_id references before deleting shares
+	if err := queries().ClearWorkshopDefaultApiKeyShareByApiKeyID(ctx, key.ID); err != nil {
+		return obj.ErrServerError("failed to clear workshop default api key references")
+	}
+
 	// Clean up private share guest data before clearing references
 	privateGames, _ := queries().GetGamesWithPrivateShareByApiKeyID(ctx, key.ID)
 	for _, g := range privateGames {
@@ -316,7 +321,8 @@ func createApiKeyShareInternal(ctx context.Context, userID uuid.UUID, apiKeyID u
 	return &result.ID, nil
 }
 
-// DeleteApiKeyShare deletes a single share. Owner can delete any share, others can only delete their own.
+// DeleteApiKeyShare deletes a single share.
+// Allowed by: key owner, share target user, or head/staff of the institution the share targets.
 func DeleteApiKeyShare(ctx context.Context, userID uuid.UUID, shareID uuid.UUID) error {
 	share, err := queries().GetApiKeyShareByID(ctx, shareID)
 	if err != nil {
@@ -331,10 +337,27 @@ func DeleteApiKeyShare(ctx context.Context, userID uuid.UUID, shareID uuid.UUID)
 	isOwner := key.UserID == userID
 	isOwnShare := share.UserID.Valid && share.UserID.UUID == userID
 
-	if !isOwner && !isOwnShare {
+	// Head/staff of the target institution can remove org-scoped shares from colleagues
+	isOrgMember := false
+	if share.InstitutionID.Valid {
+		user, lookupErr := GetUserByID(ctx, userID)
+		if lookupErr == nil && user.Role != nil && user.Role.Institution != nil &&
+			user.Role.Institution.ID == share.InstitutionID.UUID &&
+			(user.Role.Role == obj.RoleHead || user.Role.Role == obj.RoleStaff) {
+			isOrgMember = true
+		}
+	}
+
+	if !isOwner && !isOwnShare && !isOrgMember {
 		return obj.ErrForbidden("not authorized to delete this share")
 	}
 
+	// Clear workshop default_api_key_share_id if it references this share
+	_ = queries().ClearWorkshopDefaultApiKeyShareByShareID(ctx, uuid.NullUUID{UUID: shareID, Valid: true})
+
+	// Clear game sponsor references if they reference this share
+	_ = queries().ClearGameSponsoredApiKeyByShareID(ctx, uuid.NullUUID{UUID: shareID, Valid: true})
+
 	return queries().DeleteApiKeyShare(ctx, shareID)
 }