feat: implement robustness guards

tests/unit/api-config/provider-card-tutorial-modal.test.ts

@@ -107,6 +107,20 @@ function createState(tutorial: ProviderTutorial): UseProviderCardStateResult {
   }
 }
 
+function ProviderCardShellWithBody(
+  props: Omit<React.ComponentProps<typeof ProviderCardShell>, 'children'>,
+): React.ReactElement {
+  const ProviderCardShellComponent =
+    ProviderCardShell as unknown as React.ComponentType<
+      React.PropsWithChildren<Omit<React.ComponentProps<typeof ProviderCardShell>, 'children'>>
+    >
+  return createElement(
+    ProviderCardShellComponent,
+    props,
+    createElement('div', null, 'provider-body'),
+  )
+}
+
 describe('ProviderCardShell tutorial modal', () => {
   afterEach(() => {
     vi.clearAllMocks()
@@ -145,7 +159,7 @@ describe('ProviderCardShell tutorial modal', () => {
 
     const html = renderToStaticMarkup(
       createElement(
-        ProviderCardShell,
+        ProviderCardShellWithBody,
         {
           provider: {
             id: 'ark',
@@ -156,7 +170,6 @@ describe('ProviderCardShell tutorial modal', () => {
           t,
           state,
         },
-        createElement('div', null, 'provider-body'),
       ),
     )
 

tests/unit/guards/api-route-contract-guard.test.ts

@@ -0,0 +1,53 @@
+import { describe, expect, it } from 'vitest'
+import {
+  API_HANDLER_ALLOWLIST,
+  PUBLIC_ROUTE_ALLOWLIST,
+  inspectRouteContract,
+} from '../../../scripts/guards/api-route-contract-guard.mjs'
+
+describe('api route contract guard', () => {
+  it('allows explicit public and framework-managed exceptions', () => {
+    expect(API_HANDLER_ALLOWLIST.has('src/app/api/auth/[...nextauth]/route.ts')).toBe(true)
+    expect(PUBLIC_ROUTE_ALLOWLIST.has('src/app/api/system/boot-id/route.ts')).toBe(true)
+    expect(
+      inspectRouteContract(
+        'src/app/api/system/boot-id/route.ts',
+        'export async function GET() { return Response.json({ bootId: "x" }) }',
+      ),
+    ).toEqual([])
+  })
+
+  it('passes protected routes that use apiHandler and explicit auth', () => {
+    const content = `
+      import { requireUserAuth } from '@/lib/api-auth'
+      import { apiHandler } from '@/lib/api-errors'
+      export const GET = apiHandler(async () => {
+        await requireUserAuth()
+        return Response.json({ ok: true })
+      })
+    `
+
+    expect(inspectRouteContract('src/app/api/user/secure/route.ts', content)).toEqual([])
+  })
+
+  it('flags protected routes that skip apiHandler or auth', () => {
+    const missingApiHandler = `
+      import { requireUserAuth } from '@/lib/api-auth'
+      export async function GET() {
+        await requireUserAuth()
+        return Response.json({ ok: true })
+      }
+    `
+    const missingAuth = `
+      import { apiHandler } from '@/lib/api-errors'
+      export const GET = apiHandler(async () => Response.json({ ok: true }))
+    `
+
+    expect(inspectRouteContract('src/app/api/user/secure/route.ts', missingApiHandler)).toEqual([
+      'src/app/api/user/secure/route.ts missing apiHandler wrapper',
+    ])
+    expect(inspectRouteContract('src/app/api/user/secure/route.ts', missingAuth)).toEqual([
+      'src/app/api/user/secure/route.ts missing requireUserAuth/requireProjectAuth/requireProjectAuthLight',
+    ])
+  })
+})

tests/unit/guards/image-reference-normalization-guard.test.ts

@@ -0,0 +1,53 @@
+import { describe, expect, it } from 'vitest'
+import {
+  NORMALIZATION_HELPER_ALLOWLIST,
+  inspectImageReferenceNormalization,
+} from '../../../scripts/guards/image-reference-normalization-guard.mjs'
+
+describe('image reference normalization guard', () => {
+  it('allows shared helper exceptions explicitly', () => {
+    expect(NORMALIZATION_HELPER_ALLOWLIST.has('src/lib/workers/handlers/image-task-handler-shared.ts')).toBe(true)
+    expect(
+      inspectImageReferenceNormalization(
+        'src/lib/workers/handlers/image-task-handler-shared.ts',
+        'resolveImageSourceFromGeneration(job, { options: params.options })\nreferenceImages?: string[]',
+      ),
+    ).toEqual([])
+  })
+
+  it('passes handlers that normalize reference images before generation', () => {
+    const content = `
+      import { normalizeReferenceImagesForGeneration } from '@/lib/media/outbound-image'
+      async function run() {
+        const normalizedRefs = await normalizeReferenceImagesForGeneration(refs)
+        return await resolveImageSourceFromGeneration(job, {
+          options: {
+            referenceImages: normalizedRefs,
+          },
+        })
+      }
+    `
+
+    expect(
+      inspectImageReferenceNormalization('src/lib/workers/handlers/panel-image-task-handler.ts', content),
+    ).toEqual([])
+  })
+
+  it('flags handlers that send referenceImages without normalization markers', () => {
+    const content = `
+      async function run() {
+        return await resolveImageSourceFromGeneration(job, {
+          options: {
+            referenceImages: refs,
+          },
+        })
+      }
+    `
+
+    expect(
+      inspectImageReferenceNormalization('src/lib/workers/handlers/bad-handler.ts', content),
+    ).toEqual([
+      'src/lib/workers/handlers/bad-handler.ts uses resolveImageSourceFromGeneration with referenceImages but does not reference normalizeReferenceImagesForGeneration/normalizeToBase64ForGeneration/generateLabeledImageToCos',
+    ])
+  })
+})

tests/unit/guards/task-submit-compensation-guard.test.ts

@@ -0,0 +1,43 @@
+import { describe, expect, it } from 'vitest'
+import { inspectTaskSubmitCompensation } from '../../../scripts/guards/task-submit-compensation-guard.mjs'
+
+describe('task submit compensation guard', () => {
+  it('passes routes that create data before submitTask and define rollback handling', () => {
+    const content = `
+      async function rollbackCreatedRecord() {}
+      export const POST = apiHandler(async () => {
+        await prisma.panel.create({ data: {} })
+        try {
+          return await submitTask({})
+        } catch (error) {
+          await rollbackCreatedRecord()
+          throw error
+        }
+      })
+    `
+
+    expect(
+      inspectTaskSubmitCompensation('src/app/api/novel-promotion/[projectId]/panel-variant/route.ts', content),
+    ).toEqual([])
+  })
+
+  it('ignores routes that do not combine create and submitTask', () => {
+    expect(inspectTaskSubmitCompensation('src/app/api/user/api-config/route.ts', 'await submitTask({})')).toEqual([])
+    expect(inspectTaskSubmitCompensation('src/app/api/projects/route.ts', 'await prisma.project.create({ data: {} })')).toEqual([])
+  })
+
+  it('flags routes that create data before submitTask without compensation marker', () => {
+    const content = `
+      export const POST = apiHandler(async () => {
+        await prisma.panel.create({ data: {} })
+        return await submitTask({})
+      })
+    `
+
+    expect(
+      inspectTaskSubmitCompensation('src/app/api/example/route.ts', content),
+    ).toEqual([
+      'src/app/api/example/route.ts creates data before submitTask without explicit rollback/compensation marker',
+    ])
+  })
+})

tests/unit/worker/panel-variant-task-handler.test.ts

@@ -21,8 +21,16 @@ const sharedMock = vi.hoisted(() => ({
   collectPanelReferenceImages: vi.fn(async () => ['https://signed.example/ref-character.png']),
   resolveNovelData: vi.fn(async () => ({
     videoRatio: '16:9',
-    characters: [{ name: 'Hero', introduction: '主角' }],
-    locations: [{ name: 'Old Town' }],
+    characters: [{
+      name: 'Hero',
+      introduction: '主角',
+      appearances: [{
+        changeReason: 'default',
+        imageUrls: JSON.stringify(['cos/hero-default.png']),
+        imageUrl: 'cos/hero-default.png',
+      }],
+    }],
+    locations: [{ name: 'Old Town', images: [] }],
   })),
 }))
 
@@ -30,6 +38,10 @@ const outboundMock = vi.hoisted(() => ({
   normalizeReferenceImagesForGeneration: vi.fn(async (refs: string[]) => refs.map((item) => `normalized:${item}`)),
 }))
 
+const promptMock = vi.hoisted(() => ({
+  buildPrompt: vi.fn(() => 'panel-variant-prompt'),
+}))
+
 vi.mock('@/lib/prisma', () => ({ prisma: prismaMock }))
 vi.mock('@/lib/workers/utils', () => utilsMock)
 vi.mock('@/lib/media/outbound-image', () => outboundMock)
@@ -46,7 +58,7 @@ vi.mock('@/lib/workers/handlers/image-task-handler-shared', async () => {
 })
 vi.mock('@/lib/prompt-i18n', () => ({
   PROMPT_IDS: { NP_AGENT_SHOT_VARIANT_GENERATE: 'np_agent_shot_variant_generate' },
-  buildPrompt: vi.fn(() => 'panel-variant-prompt'),
+  buildPrompt: promptMock.buildPrompt,
 }))
 
 import { handlePanelVariantTask } from '@/lib/workers/handlers/panel-variant-task-handler'
@@ -123,7 +135,7 @@ describe('worker panel-variant-task-handler behavior', () => {
           aspectRatio: '16:9',
           referenceImages: [
             'normalized:https://signed.example/cos/panel-source.png',
-            'normalized:https://signed.example/ref-character.png',
+            'normalized:https://signed.example/cos/hero-default.png',
           ],
         }),
       }),
@@ -140,4 +152,30 @@ describe('worker panel-variant-task-handler behavior', () => {
       imageUrl: 'cos/panel-variant-new.png',
     })
   })
+
+  it('respects reference asset toggles when character/location assets are disabled', async () => {
+    const payload = {
+      newPanelId: 'panel-new',
+      sourcePanelId: 'panel-source',
+      includeCharacterAssets: false,
+      includeLocationAsset: false,
+      variant: {
+        title: '禁用资产版本',
+        description: '只参考原镜头',
+        video_prompt: '只参考原镜头',
+      },
+    }
+
+    await handlePanelVariantTask(buildJob(payload))
+
+    expect(outboundMock.normalizeReferenceImagesForGeneration).toHaveBeenCalledWith([
+      'https://signed.example/cos/panel-source.png',
+    ])
+    expect(promptMock.buildPrompt).toHaveBeenCalledWith(expect.objectContaining({
+      variables: expect.objectContaining({
+        character_assets: '未使用角色参考图',
+        location_asset: '未使用场景参考图',
+      }),
+    }))
+  })
 })