- tests/e2e/test_e2e_secgate_legacy_flags.py: 18 tests across 8 server
config fixtures proving both arms (allow/deny) of each flag against a
running ComfyUI legacy server, batch composite gating, transitive-pip
non-consultation, and denial-copy contract. Zero-install discipline:
the designated do-not-install sample for direct git-URL rows, a
synthetic nonexistent URL for batch unknown-URL rows.
- tests/e2e/test_e2e_pip_url_form.py: 4 tests proving the pip gate is
argument-content-agnostic with a URL-form pip spec — deny arm (403,
no install-scripts reservation, denial log names the flag) and
real-install arm (200 + reservation, executed at next restart, the
package importable in the isolated E2E venv, then fully self-cleaned).
Uses the owned purpose-built fixture
git+https://github.com/ltdrdata/pip-test1-do-not-install (public,
zero-dep, pure Python, seconds-fast) instead of an external
third-party repo, keeping the test's lifetime under our control.
