Files
KohakuHub/scripts/dev
narugo1992 c53c08058d feat(seed): plant deterministic API tokens and SSH keys with usable keypairs
The dev seed (``make reset-and-seed``) and the test baseline now plant a
known set of API tokens and SSH keys per-user. Three real ed25519 keypairs
ship in source, private half included, so local SSH smoke tests against a
freshly seeded backend can sign with the matching key without generating
one.

Dev seed (``scripts/dev/seed_demo_data.py``)
- 6 named tokens spread across mai_lin / leo_park / sara_chen / ivy_ops,
  with last_used set to a mix of "recent", "180+ days stale" and
  "never used" so admin Credentials filters have something to bite on.
- 3 SSH keys: mai_lin holds two distinct keypairs (Workstation +
  Archived MBP), leo_park holds the secondary keypair. The schema's
  global UNIQUE on ``fingerprint`` is what forces three keypairs for two
  users, hence the third generated keypair.
- Helpers are idempotent: re-running the seed without a reset is a
  no-op for already-planted tokens / keys.
- ``SEED_VERSION`` bumped from ``v4`` → ``v5`` so existing dev databases
  are flagged as ``incomplete`` and the operator is told to run
  ``make reset-local-data``.
- Manifest at ``hub-meta/dev/demo-seed-manifest.json`` now lists every
  planted token plaintext and SSH private key — those are explicitly
  test fixtures, never production credentials.

Test baseline (``test/kohakuhub/support/seed.py``)
- Mirrors the same plants for the test users (owner, member, outsider)
  via the same keypair PEMs, so anything written against
  ``SEED_TOKENS`` / ``SEED_SSH_KEYS`` carries over to dev manually.
- Tokens go in via direct DB insert (the public API never re-emits a
  fixed plaintext); SSH keys go through ``POST /api/user/keys`` so the
  fingerprint computed by the production code is the canonical one.

Tests (``test/kohakuhub/api/admin/routers/test_credentials.py``)
- 8 new cases assert against the seeded baseline:
  - every seed plant surfaces in the admin list,
  - planted plaintexts authenticate as real Bearer tokens,
  - SSH fingerprints match the constants in ``seed_credentials``,
  - per-user isolation holds,
  - ``unused_for_days`` filters actually pick stale rows,
  - revoking a seeded token immediately kills its Bearer auth.
- ``test_ssh_keys.py``'s "no keys yet" assumption is replaced with a
  baseline-aware count check so it coexists with the planted keys.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 15:24:02 +08:00
..