# python-editor

Browser-based Python editing: **FastAPI** serves static assets, stores workspace files, and optional **API key auth**. **Pyodide** runs your scripts and **Jedi** (inside Pyodide) powers completions — no server-side Python execution or Jedi.

## Run

```bash
cp .env.example .env   # optional: set WORKSPACE_ROOT, EDITOR_API_KEY, etc.
pipenv install
pipenv run dev
```

Configuration is read from **`.env`** at the repo root (see `.env.example`). Values there are applied when the app loads unless the variable is already set in your shell. [Pipenv](https://pipenv.pypa.io/) also loads `.env` for `pipenv run` commands.

Tests (includes **pytest** and **selenium** in dev dependencies):

```bash
pipenv run test
pipenv run test-integration   # Playwright; optional
```

### Selenium

Selenium talks to a **real browser** against a **running server** (not the in-process `TestClient`).

1. Install **Google Chrome** or Chromium on the machine (Selenium 4 uses [Selenium Manager](https://www.selenium.dev/documentation/selenium_manager/) to resolve a matching driver).
2. In one terminal, start the app (default `http://127.0.0.1:8080`):

   ```bash
   pipenv run dev
   ```

3. In another terminal:

   ```bash
   pipenv run test-selenium
   ```

   If the app listens elsewhere, set **`SELENIUM_BASE_URL`** (e.g. `http://127.0.0.1:9000`) before running.

   Or run only Selenium-marked tests:

   ```bash
   cd src && PYTHONPATH=. pipenv run pytest ../tests -m selenium -v
   ```

If nothing is listening, the smoke test **skips** with a short message instead of failing.

Open [http://localhost:8080](http://localhost:8080).

**User accounts** — Set `AUTH_ENABLED=true` in `.env` to require sign-in for workspace APIs. Users live in a SQLite file (`AUTH_DATABASE_PATH`, default `./data/editor.db`). Use `/register` (if `AUTH_REGISTER_OPEN=true`) or `BOOTSTRAP_ADMIN_USERNAME` / `BOOTSTRAP_ADMIN_PASSWORD` for the first superuser. Superusers can **GET/POST/DELETE `/api/users`** to list, create, or remove accounts.

**API key** — If `EDITOR_API_KEY` is set, requests may use `Authorization: Bearer …` instead of a session (useful for automation). When `AUTH_ENABLED=true`, a valid session *or* API key is accepted.

The home page can store the API key in `sessionStorage` when you are not using cookie login, or use `?api_key=` on `/editor`.

## Layout

- `src/` — FastAPI app and static UI (`src/static/`)
- `workspace/` — default tree: `code/` (editable), `lib/` (read-only via API)