# Backend tests End-to-end smoke tests that exercise a **deployed** CheckAI backend (HF Space or local uvicorn). They fetch real Apple Music preview URLs via the keyless iTunes Search API, then hit every endpoint. ## Setup ```bash cd backend/tests pip install requests ``` Set the Space URL + key as env vars (never commit them): ```bash export DETECTOR_API_URL='https://michal-giza-audio-detector-backend.hf.space' export DETECTOR_API_KEY='...' ``` ## Scripts ### `fetch_apple_previews.py` Pulls real 30-second preview URLs from iTunes Search. Useful for sanity- checking that our `ALLOWED_DOMAINS` still matches what Apple serves. ```bash python3 fetch_apple_previews.py # curated default set python3 fetch_apple_previews.py "blinding lights" # single search python3 fetch_apple_previews.py --json --limit 3 # JSON, 3 results per query ``` ### `smoke_test.py` End-to-end suite. Runs every test by default, or pick a subset: ```bash # everything python3 smoke_test.py # just health + URL analysis python3 smoke_test.py --only health,url # pick the track python3 smoke_test.py --query "hotel california eagles" ``` Exit code `0` on all-pass, `1` on any failure — wire it into CI when ready. ## What it covers | Group | Tests | |------------|-------| | `health` | `GET /health` returns 200, model loaded, `GET /queue/status` | | `url` | `POST /analyze` with a real Apple Music preview, asserts verdict shape, sanity-checks HUMAN classification | | `upload` | `POST /analyze/upload` with a synthetic silent WAV — exercises the upload path + duration validation | | `stream` | `POST /analyze/stream` over SSE, verifies `processing` → `result` event sequence | | `security` | Missing/invalid API key → 403, non-allowlisted domain → 400, http:// → 400, SSRF (127.0.0.1) → 400, bad content-type → 400 | | `ratelimit`| Fires 7 requests fast, expects at least one `429` | ## Manual AI-track test (recommended before launch) The iTunes Search API only serves real-artist releases, so it can't automatically supply a known-AI positive sample. To test the AI detection side end-to-end: 1. Generate a clip on **Suno** or **Udio** (30s is plenty). 2. Download it as MP3/M4A. 3. Upload via: ```bash curl -X POST \ -H "X-Api-Key: $DETECTOR_API_KEY" \ -F "file=@suno-track.mp3;type=audio/mpeg" \ "$DETECTOR_API_URL/analyze/upload" | python3 -m json.tool ``` Expected: `is_ai: true`, `confidence` > 0.6, `wav2vec2_score` high. Keep a small `fixtures/` folder of 5–10 known-AI + 5–10 known-human clips outside git (`.gitignore` it) to establish a real accuracy baseline before we consider any audio preprocessing changes.