Commit Graph

337 Commits

Author SHA1 Message Date
e67ae4e7a5 test(ai): expand unit and functional coverage for /ai feature
Unit tests (tests/unittests/test_ai_client.c): +50 cases on top of the
existing 50 — total 100. Covers:
  - chat response parser (ai_parse_response): OpenAI content + Perplexity
    text formats, escape decoding, empty/null/missing inputs, format-string
    safety, multiline content
  - error envelope parser (ai_parse_error_message): standard envelope,
    nested escapes, missing fields, null/empty
  - extended JSON escape: \b, \f, \r, all-specials, UTF-8 pass-through
  - provider autocomplete cycling with >=2 matches and wrap-around
  - session edge cases: NULL args, 100-message order preservation,
    set_model(NULL), ref/unref(NULL)
  - provider edge cases: get/remove with NULL, double-remove, survival
    via session ref after ai_remove_provider
  - settings: multi-key independence, missing key, cross-provider
    isolation
  - model parsing edges: data not array, empty data, "id" outside data,
    multiple models
  - prefs round-trip: set token -> shutdown -> init -> token reloaded
    from disk (uses load_preferences fixture)

Functional tests:
  - Tier A (test_ai.c): 15 cases for the /ai command surface that don't
    need HTTP. Covers /ai help, providers list, set provider/token,
    start with/without key/unknown provider, clear, remove, default
    provider/model, switch without window, bad subcommand.
  - Tier B (test_ai_http.c + ai_http_stub.{c,h,py}): 5 cases that
    exercise the libcurl path against a local Python HTTP stub. The
    stub serves canned bodies in five modes (ok, openai, 401, 500,
    models) so each chat/models/error path is hit end-to-end without
    network.

Infrastructure:
  - TEST_GROUPS bumped to 5 in proftest.c; AI tests live in their own
    Group 5 because mixing them with stabber-driven tests in Group 4
    poisoned stbbr_stop() teardown.
  - PROF_FUNC_TEST_AI macro in functionaltests.c registers AI tests
    with ai_init_test() which wraps init_prof_test with a prof_connect()
    so stabber sees a graceful disconnect at teardown.
  - dist_check_DATA ships ai_http_stub.py with the source tarball.

Source-level changes to enable testing:
  - src/ai/ai_client.{c,h}: dropped 'static' from _parse_ai_response
    (renamed ai_parse_response) and _parse_error_response (renamed
    ai_parse_error_message); declared under a "Parsing helpers (exposed
    for testing)" section. Same approach as ai_parse_models_from_json.

Results in Docker (cproof-debian image):
  - 595/595 unit tests pass
  - 20/20 AI functional tests pass (Group 5)
2026-05-11 16:21:45 +03:00
731b55fa19 Merge branch 'master' into feat/ai 2026-05-06 13:57:13 +00:00
3f36c303c2 feat(history): flat-file backend with bidirectional SQLite migration
A flat-file alternative to the SQLite chatlog backend with runtime
switching, full migration tooling, integrity verification, and a
synthetic load harness. SQLite remains the default; both backends share
one dispatch layer (db_backend_t vtable) so callers don't change.

Storage layout
- Per-contact append-only `flatlog/<account>/<contact>/history.log`
  under XDG_DATA_HOME, one line per message
- Single-line file header with embedded format-version marker
  (FLATFILE_FORMAT_VERSION); reader warns on missing or mismatched
  marker, writer and checker stay in sync via preprocessor
  stringification
- Deterministic key=value metadata (`id`, `aid`, `corrects`, `to`,
  `to_res`, `read`) plus escaped body \u2014 `\|`, `\]`, `\\`, `\n`, `\r`
  literals prevent log injection
- Sparse byte-offset index (FF_INDEX_STEP=500) per contact for
  O(log n) time-range lookups; rebuilt on inode / size / mtime
  change, extended in-place when the file just grew
- Per-contact GHashTable caches for archive_id presence and
  stanza_id \u2192 from_jid mapping (O(1) MAM dedup, O(1) LMC sender
  validation)

Hardening
- Path-traversal protection: JID directory name normalisation
  (`@` \u2192 `_at_`, slashes and `..` rejected at construction); every
  per-contact path is anchored under the account's flatlog/
  directory and validated before open
- Symlink-attack protection: every fopen / open uses O_NOFOLLOW; on
  ELOOP the operation aborts with an error rather than following
- Filesystem permissions: log files created with mode 0600,
  directories with mode 0700; both enforced at creation, verified
  on each open and reported on drift by `/history verify`
- Atomic crash-safe export: write to a temp file via mkstemp (mode
  0600, random suffix, no name collisions between concurrent
  exports), fsync, then rename \u2014 partial state never replaces the
  live file
- Concurrency: advisory flock(LOCK_EX) held for the duration of
  every write, including append from live messages and full rewrite
  from export, so two profanity processes can't interleave bytes
  on the same log
- DoS / abuse guards:
    * FF_MAX_LINE_LEN = 10 MB \u2014 lines longer than this are rejected
      at read with a warning; the parser will not allocate
      unbounded memory for a single record
    * FF_MAX_LMC_DEPTH = 100 \u2014 `corrects:` chain walk stops at this
      depth and emits a warning, preventing a malicious correction
      cycle from spinning the apply pass
    * FF_VERSION_SCAN_MAX = 16 \u2014 header version probe never reads
      past 16 leading comment lines, even on garbage input
    * Empty / inverted byte-range early-return in page-up read path
      so a malformed time filter cannot cause an unbounded scan
    * Zero-entry index guard so a file whose every line failed to
      parse cannot cause a NULL deref on later page-up
- LMC sender validation: an incoming correction whose sender does
  not match the original message's sender is rejected at write
  time and surfaced via cons_show_error; a cycle in the apply pass
  is broken via a visited-set
- jid_create_from_bare_and_resource treats NULL, empty string, and
  the literal "(null)" as no resource and returns a bare jid;
  similar normalisation for barejid eliminates the legacy
  "user@host/(null)" artefact that leaked into stored fulljids
  whenever g_strdup_printf("%s", NULL) ran inside create_fulljid

Commands
- `/history switch sqlite|flatfile` \u2014 runtime backend swap, closes
  the old backend and opens the new one without reconnecting
- `/history export [<jid>]` \u2014 SQLite -> flat-file, merging with any
  existing flatlog (dedup keyed on a SHA-256 hash mixing stanza_id,
  timestamp, from_jid, body \u2014 robust against id reuse by older
  clients)
- `/history import [<jid>]` \u2014 flat-file -> SQLite, same merge
  semantics, runs inside a single SQLite transaction with rollback
  on per-contact failure
- `/history verify [<jid>]` \u2014 integrity check; emits a structured
  list of issues (ERROR / WARNING / INFO) per file:
    * file-level: missing log, wrong permissions (\u2260 0600), UTF-8
      BOM present, CRLF line endings, empty file
    * line-level: invalid UTF-8 (with byte offset), embedded
      control characters, unparsable lines, timestamps out of
      order, duplicate `id:` and `aid:` (tracked separately so a
      stanza/archive id collision isn't double-reported)
    * cross-line: broken `corrects:` references whose target id is
      not present in the file
- `/history backend` \u2014 show currently active backend
- Active backend indicator `[sqlite]` / `[flatfile]` in the status
  bar next to the JID
- Roster-JID autocomplete for verify / export / import
- export and import open a SQLite handle on demand when the
  flatfile backend is currently active, so migration works
  regardless of which backend is live

Tests
- Unit: database_export (parser round-trip, escape/unescape, dedup
  key stability, JID normalisation), database_stress (14 cases
  exercising rapid writes, large messages, deep LMC chains, MAM
  dedup, concurrent contacts)
- Functional: history persistence across reconnects, export /
  import round-trip with content equality, MUC migration,
  timestamp normalisation across timezones
- Bench harness P1\u2013P5 (synthetic load: bulk insert, time-range
  read, page-up scroll, MAM ingest, mixed workload) and failure
  modes F1\u2013F17 (page-up cursor and forward-iteration symmetry,
  oversized lines, MAM dedup, LMC depth and cycles, BOM/CRLF,
  missing log, empty file, mtime+inode flip, broken corrects, etc.)
- All bench tests integrate with the existing make targets and
  emit CSV rows for baseline comparison

Author: jabber.developer2 <jabber.developer2@jabber.space>
Reviewed-by: jabber.developer <jabber.developer@jabber.space>
2026-05-05 19:26:07 +00:00
cff05ca802 ref(ai): move unfitting functions out of window.c; create aiwin.c 2026-04-30 18:01:24 +00:00
e43e8378b0 feat(ai): add AI client with multi-provider support and UI
Add an AI client module that integrates with OpenAI-compatible API
providers (OpenAI, Perplexity, and custom providers) to provide
AI-assisted responses within the profanity client.

The implementation includes:

- src/ai/ai_client.c/h: Core AI client with provider management,
  session handling, and async HTTP request handling via libcurl.
  Supports per-provider API keys stored in preferences, reference-
  counted sessions, and conversation history tracking.

- src/ui/window.c/window_list.c: New AI window type (ProfAiWin) for
  displaying AI conversations, with response streaming and error
  display capabilities.

- Command integration: New `/ai` command (cmd_defs.c, cmd_funcs.c)
  for creating sessions, sending prompts, and managing providers.
  Provider autocomplete support in cmd_ac.c.

- Preferences integration: API keys for providers are persisted in
  the preferences system (config/preferences.c).

- Unit tests: 472 lines of comprehensive tests covering provider
  management, session lifecycle, JSON escaping, and autocomplete
  (tests/unittests/test_ai_client.c).

Architecture decisions:
- Asynchronous design: HTTP requests run on a separate thread to
  avoid blocking the main UI loop. Callbacks are invoked on the main
  thread via direct function call (profanity uses ncurses, not GLib
  main loop).
- Reference counting: Both AIProvider and AISession use ref counting
  for safe shared ownership.
- Response size limit: 10MB cap on HTTP responses to prevent OOM.
2026-04-29 19:23:33 +00:00
f20a4da160 Add functional tests for /disco command (XEP-0030)
- Add 8 tests for disco info and disco items commands
- Fix XEP-0030 compliance bug: show message for empty disco#items results
- Tests cover: identity display, features, server/jid queries, error handling,
  items display, empty results, and connection requirement
2026-03-03 16:57:35 +01:00
663a959f9c test: add functional tests for autoping (XEP-0199)
- autoping_set_interval: verify /autoping set command
- autoping_set_zero_disables: verify disabling autoping
- autoping_timeout_set: verify /autoping timeout command
- autoping_timeout_zero_disables: verify disabling timeout
- autoping_sends_ping_after_interval: verify automatic ping IQ
- autoping_server_not_supporting_ping: verify error handling

Fast tests (command parsing) in Group 1, slow tests (timer-based) in Group 3.
2026-03-03 16:57:35 +01:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
f8826b7c79 ci: improve CI stability with parallel builds and Valgrind
Major changes:
Run 4 build configurations in parallel with Valgrind on Linux
Add test failure detection verification (meta-test)
Port allocation per build to prevent conflicts in parallel runs
Add --coverage-only flag for dedicated coverage builds
Code quality:

Add TEST_GROUPS constant, CMOCKA patterns, helper functions
Organize ci-build.sh into sections
2026-02-02 17:47:05 +01:00
85c817ee8c ci: speed up builds 4x with parallel tests, coverage, and ccache
Split functional tests into 4 parallel groups and add check-functional-parallel target (~3x faster CI runs).
Add branch-aware LCOV coverage reporting with new --enable-coverage option and lcov summary in CI pipeline.
Enable ccache via -C configure flag for faster recompilations.
Install lcov in all Docker images and use --depth 1 git clones + parallel make -j$(nproc) for quicker container builds.
Update CONTRIBUTING.md with instructions for parallel test groups and adding new ones.

All changes are tightly related CI/performance improvements developed in sequence. No external service uploads (e.g. Codecov skipped due to Gitea incompatibility).
2026-01-21 16:35:17 +01:00
889a6e2b63 build: enable functional tests unconditionally
- Remove conditional compilation for functional tests
- Always build with stabber/cmocka when available
- Simplify test configuration in Makefile.am
2026-01-07 11:46:40 +01:00
Steffen Jaeckel
988d3663d1 Introduce tests/prof_cmocka.h
As 9f2abc75 accidentally got the ordering of some of the includes wrong,
I decided to propose my initial solution again.

Additional to that, I've opened a MR against CMocka to solve this on
their side, since I believe that the current way this is done is not
sustainable [0].

[0] https://gitlab.com/cmocka/cmocka/-/merge_requests/91

Fixes: 9f2abc75 ("Fix tests with gcc15 (uintptr_t)")
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

CProof note: our new tests need to also be updated.
2025-09-10 14:11:03 +02:00
Steffen Jaeckel
36f183d6a4 Separate entries visually in my-prof.supp
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

(cherry picked from commit 3370f8a7f1)
2025-09-10 14:00:07 +02:00
f4405d114a Add unit tests for forced encryption check function 2025-08-27 16:48:27 +02:00
Steffen Jaeckel
9fc0326428 Add Valgrind to CI
* Also pass `$*` to `configure` when invoking `ci-build.sh`, so one can
  e.g. run `./ci-build.sh --without-xscreensaver`

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-11 12:15:09 +01:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
f67c76c032 Add make target my-prof.supp
This creates a "as personal as possible" Valgrind suppressions file.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Michael Vetter
88b26cfdb9 Undo gmainloop related changes
Revert "Merge pull request #1943 from H3rnand3zzz/gmainloop

This reverts commit 609fde0998, reversing
changes made to 2ec94064ed.

Revert "Merge pull request #1948 from H3rnand3zzz/fix/rl-less-refreshes"

This reverts commit 11762fd2b0, reversing
changes made to 609fde0998.

We have got several issues, that we don't quite see how to solve, with
the merge of the gmainloop PR.

* Slashguard is broken (#1955) (though #1956 could fix that)
* One person reported problems with copy paste selection via mouse
* Some input buffer seems not to be cleared correctly
  It happened that I was debugging profanity used `/connect` and typed
  the password. I then debugged so long that a time out occurred, so
  profanity disconnected. Then it printed "unknown command: $password".

There was something else that I forgot now.

Bottomline is: so far we didn't get it right so we will undo these
changes until someone proposes a working solution.

We got a slight performance increase (apparently noticable when
alt+mouse scrolling) but got too many issues with this change.
2024-02-19 17:41:06 +01:00
John Hernandez
080b0f825a Add stubs for inputwin to fix autotests 2023-12-28 18:18:40 +01:00
John Hernandez
95e06ad169 Add url support (downloading) to /plugins install
Additional changes include code refactoring.
2023-05-16 15:57:07 +02:00
Marouane L
f934c5b59f Add vCard support
Only nicknames, photos, birthdays, addresses, telephone numbers, emails,
JIDs, titles, roles, notes, and URLs are supported

Due to the synopsis array not having enough space, `/vcard photo
open-self` and `/vcard photo save-self` are not documented properly in
the synopsis section of the `/vcard` command, but they are documented in
the arguments section

Fixed memory leak in vcard autocomplete (thanks to debXwoody)
2022-10-18 23:24:30 +01:00
Michael Vetter
a40a0f5189 Split ox functions from gpg.c to ox.c 2022-06-29 09:17:15 +02:00
Michael Vetter
87bf85c40b add chatlog unittest 2022-06-28 20:46:35 +02:00
Michael Vetter
585f68f4f7 Split log.c into log.c and chatlog.c 2022-06-28 20:08:38 +02:00
Steffen Jaeckel
eae795f478 fix installation of manpages
fixup of 46b9428d92

[0] writes something about "... use ‘man*section*_MANS’ over ‘man_MANS’ ..."
in the context of "fast installation", so I tried that and it worked.

TBH I don't really understand why this fixes the problem.

[0] https://www.gnu.org/software/automake/manual/html_node/Man-Pages.html

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-03-30 18:26:10 +02:00
Steffen Jaeckel
7f1f9787cb add profanity-specific CAfile
The profanity-internal mechanism to allow connecting to a server isn't
easily portable to cURL. Therefor introduce a profanity-specific CAfile
which is managed individually and will be configured in libcurl calls.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-03-22 11:44:01 +01:00
MarcoPolo-PasTonMolo
3f78af2591 Move get_message_from_editor to appropriate file and change its keybinding 2022-03-03 12:56:03 +01:00
Michael Vetter
33106ecf9c build: remove otr3 support
All the distributions I checked have libotr 4.1.1 now.
2022-02-18 14:01:28 +01:00
a02c1175-5220-4e75-b7a1-18e20548305f
46b9428d92 use wildcard for man pages in Makefile.am 2021-12-22 07:44:27 +00:00
Michael Vetter
16df5d8255 Add makefile target for spell checking and all tests 2021-10-05 09:49:32 +02:00
Michael Vetter
7a319df6c8 Merge pull request #1375 from wstrm/feature/omemo-sendfile
Send and retrieve encrypted files when using OMEMO
2020-12-09 08:09:09 +01:00
Michael Vetter
01b90064af Install all profanity manpages
Regular profanity.1 and profanity-command.1 for each command.
2020-12-04 17:48:45 +01:00
William Wennerström
1d2c0a8836 Move unique_filename_from_url functions to common 2020-12-04 16:13:13 +01:00
William Wennerström
3a6597ee29 Refactor for threaded external executable for built-in download methods 2020-12-03 16:54:06 +01:00
William Wennerström
1bb6cecee6 Fix stubs and move some tests to http_common 2020-11-16 21:58:10 +01:00
William Wennerström
be62b446f7 Add stubs 2020-11-16 21:58:10 +01:00
William Wennerström
3d344cfeaa Move common http tool code to http_common 2020-11-16 21:58:09 +01:00
William Wennerström
73f313b921 Refactor OMEMO download into AESGCMDownload tool 2020-11-16 21:58:09 +01:00
William Wennerström
eebf54c859 Infer filename from content-disposition or URL
The Content-Disposition inferring is probably a bad idea security wise,
so I am going to remove it.
2020-11-16 21:58:09 +01:00
Michael Vetter
da513a924c functest: dont link against tcl
Regards https://github.com/profanity-im/profanity/issues/1354 point 3.
Since we dont use tcl and just libexpect I don't think we actually need
to link against it.
2020-10-22 16:14:48 +02:00
Michael Vetter
39315483a8 Remove /tiny command
boothj5 gave his okay too.

Fix https://github.com/profanity-im/profanity/issues/1370
2020-07-10 17:48:34 +02:00
Michael Vetter
66f9a6b721 Add clang-format file
People should run `make format` before doing a commit.
Fix https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:42:00 +02:00
Michael Vetter
87ddb8081e Tests: Add ox_announce_public_key stub 2020-07-06 15:03:13 +02:00
DebXWoody
5a17957253 OX: Announce public key on PEP
src/pgp/gpg.c:p_ox_gpg_readkey

Used to read a public key from a file. The function will return the fingerprint
of the file and the base64 encoded key.

src/xmpp/ox.[hc]

ox_announce_public_key(const char* const filename) can be called from the /ox
announce <filename> command. The key within the file will be pushed on PEP and
the Metadata node will be set.

Issue: #1331
2020-07-06 13:19:18 +02:00
Michael Vetter
ca3972b3ca Add bookmark_ignore to unittest sources 2020-05-24 13:57:18 +02:00
Michael Vetter
d03c953d4a PoC for bookmark ignore
```
~/.local/share/profanity % cat bookmark_ignore
[ignore]
profanity@rooms.dismail.de=
```

Regards https://github.com/profanity-im/profanity/issues/1115
2020-05-24 12:55:43 +02:00
Michael Vetter
062c7b1a89 db: add database unit test stub 2020-04-06 10:50:20 +02:00
Michael Vetter
8bfb175d03 Start SQLite db module
I plan to save all messages in an SQLite db.
For retrieving information it's nicer than having it in a text file.
We will have more info in there and easier to parse it.

This will also be good for later MAM
(https://github.com/profanity-im/profanity/issues/660).

Regular text files will still be an option for users so that they can
easily grep them and do whatever they like.

Internally Profanity will only use the SQLite db.
2020-04-06 10:50:20 +02:00
Michael Vetter
9ac72980d1 xep-0084: add test stub file 2019-12-18 15:44:59 +01:00
Michael Vetter
771dfab123 Start implementing XEP-0084
So far we just subscribe and get the IDs.
2019-12-18 10:17:10 +01:00