* fix(tools): move playwright back to main dependencies
playwright was moved to the browser extra in c7e85aa9 as part of the GCU
refactor to use a browser extension. But web_scrape_tool still imports
playwright at module level and requires it unconditionally, so CI's
Test Tools job breaks with ModuleNotFoundError.
web_scrape_tool has no fallback without playwright — it's a hard
dependency, not optional. Put it back in main deps.
Fixes CI failure on Test Tools (ubuntu-latest).
* chore: remove dead test_highlights.py script
tools/test_highlights.py is orphaned from the GCU refactor in c7e85aa9:
- imports highlight_coordinate and highlight_element from gcu.browser.highlight,
but highlight.py was deleted in that refactor
- calls BrowserSession.start(), open_tab(), get_active_page(), stop() — none
of these methods exist on the current BrowserSession class
The script can't run at all, and it's tripping ruff's I001 import-order
check (fail on Lint CI after cache invalidation).
* test: fix browser/refs tests broken by GCU refactor
Tests were still testing the old Playwright-based API after c7e85aa9
moved GCU to an extension-bridge architecture.
test_refs.py (6 tests):
Refs system now produces CSS selectors like
[role="button"][aria-label="Submit"]:nth-of-type(1) for the bridge's
DOM matcher, instead of Playwright's role=button[name="Submit"] >> nth=0.
Updated expected values to match. Renamed test_escapes_quotes_in_name to
test_quoted_name_passes_through and added a comment noting that inner
quotes aren't currently escaped (follow-up concern).
test_browser_tools_comprehensive.py (4 tests):
- test_screenshot_full_page: browser_screenshot passes selector=None
when no selector is provided; update assertion.
- test_file_upload: browser_upload validates file paths exist on disk.
Create real tmp files and mock the CDP calls it makes.
- test_evaluate_with_bare_return: renamed to
test_evaluate_passes_script_through_to_bridge. IIFE wrapping lives
in bridge.evaluate, not in the browser_evaluate tool — mocking the
bridge bypasses the wrapping logic, so the tool just passes the
script through.
- test_evaluate_complex_script: browser_evaluate returns bridge's raw
result (no 'ok' wrapper); check for 'result' key instead.
test_browser_advanced_tools.py (deleted):
The whole file patched get_session and page.wait_for_function (the old
Playwright-based API). The bug it guarded against (user text interpolated
into a JS source string) is architecturally impossible in the new
bridge-based tools, which send text via structured RPC. Coverage for
browser_wait exists in test_browser_tools_comprehensive.py.
* test(core): fix event_loop tests broken by hive-v1 refactor
Several framework tests were left failing or hanging after the hive-v1
refactor landed. This un-breaks CI without touching production code.
- Worker auto-escalation: 8 tests were hanging because EventLoopNode
with event_bus treats non-queen/non-subagent nodes as workers and
auto-escalates to queen, then blocks on _await_user_input forever
(no queen in standalone tests). Opt out via is_subagent_mode=True.
- MockConversationStore: added clear() to match the production store
(storage/conversation_store.py), which event_loop_node.py:425 calls.
- Executor output semantics: result.output now only contains terminal-
node outputs; two handoff tests now read intermediate outputs from
result.session_state["data_buffer"].
- Restore filter: test_restore_from_checkpoint needs set_current_phase
so restore()'s phase_id filter matches.
- Removed two _build_context tests whose target method no longer exists
(replaced by standalone build_node_context()). Remaining execution_id
coverage is adequate in TestExecutionId + integration tests.
* style: ruff format + drop em dash in comment
* test(core): fix remaining framework tests broken by hive-v1 refactor
Rounds out the fix started in the previous commit. Full framework
suite now passes (1589 passed, 0 failed).
- conftest.py: force-bind framework.runner submodules (mcp_registry,
mcp_client, mcp_connection_manager) as attributes on the parent
package. Without this, pytest monkeypatch.setattr with dotted-string
paths fails because the attribute walker can't resolve the submodule
even though __init__.py imports from it. Affects ~25 MCP tests.
- test_queen_memory: _execute_tool() grew a required caller kwarg for
worker type-restrictions. Pass caller="queen" so path-traversal
checks run without caller restrictions interfering.
- test_session_manager_worker_handoff: _subscribe_worker_digest was
removed in the refactor, dropped the dead monkeypatches.
- test_skill_context_protection: NodeConversation now reads _run_id
in add_tool_result(), so the __new__-based test helper has to
initialise it.
- test_node_conversation: restore() now filters parts by run_id for
crash recovery. Renamed the stale test and flipped the assertion
to match the new filtering semantics.
- test_tool_registry: CONTEXT_PARAMS was updated (workspace_id out,
profile in). Switched the test's example stripped params.
* docs: drop circular PR reference in test_refs comment
Addresses CodeRabbit nitpick. The comment referenced the PR that was
adding the comment, which becomes a self-reference after merge.
litellm>=1.82.7 contains a malicious .pth file that auto-executes at
Python startup and exfiltrates env vars, SSH keys, cloud credentials,
and CI/CD secrets to an attacker-controlled domain.
Pin to last known-safe version (currently installed). Unpin once a
verified-clean upstream release is available.
Closes#6783
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add read-only GA4 Data API v1 tools: ga_run_report, ga_get_realtime,
ga_get_top_pages, and ga_get_traffic_sources. Includes credential spec,
unit tests, and README.
* feat(arxiv): implement search_papers and initial download_paper tools
* feat(arxiv): improve PDF download handling with temp files and validation (WIP)
Switch to NamedTemporaryFile for safer temp file handling
Force export.arxiv.org domain for PDF downloads
Add custom User-Agent header
Validate Content-Type to ensure PDF response
Improve error handling and cleanup logic
Add timeout to requests
Work in progress – download_paper still under refinement.
* feat(arxiv): replace NamedTemporaryFile with module-level TemporaryDirectory
Switch from NamedTemporaryFile(delete=False) to a shared _TEMP_DIR for
the lifetime of the server process. Scopes file lifetime to the session,
guarantees cleanup via atexit, and removes the need for manual file
handle management.
Expand README with full args/returns/error reference and implementation
notes explaining the temp storage design decision.
* test(arxiv): add comprehensive tests for search_papers and download_paper
fix(arxiv): return structured error instead of raising on invalid PDF content type
- Add full test coverage for search_papers (validation, success, id_list, errors)
- Add full test coverage for download_paper (success, network errors, invalid content, cleanup)
- Mock arxiv client and requests to isolate behavior
- Ensure partial files are cleaned up on failure
- Align download_paper behavior with tool contract (no exceptions, structured responses)
* style(tools): apply ruff formatting to arxiv tool and update lockfile
* feat(tools): add Excel tool for reading/writing .xlsx/.xlsm files
Add excel_tool module with 7 MCP tools:
- excel_read: Read data from Excel files with pagination
- excel_write: Create new Excel files
- excel_append: Append rows to existing Excel files
- excel_info: Get file metadata (sheets, columns, rows)
- excel_sheet_list: List sheet names in a file
- excel_sql: Query Excel with SQL (DuckDB), multi-sheet support
- excel_search: Search values across sheets with match options
Includes 56 tests, openpyxl optional dependency, and documentation.
Fixes#2675
* fix(tools): address excel review feedback and stabilize tests
Integrate a mail service to enable email notifications for budget alerts.
Closes#7.
New tools:
- send_email: general-purpose email sending with multi-provider support
- send_budget_alert_email: formatted budget alert notifications with
severity levels (INFO/WARNING/CRITICAL/EXCEEDED)
Architecture:
- Multi-provider pattern (matching web_search_tool), Resend as primary
- from_email resolved via explicit param or EMAIL_FROM env var
- Credential integration via CredentialManager with env var fallback
Also fixes: web_scrape_tool test mock missing content-type header
Resolved conflict in tools/pyproject.toml by keeping the expanded format
with sql dependency from main.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Timothy