test: fix test isolation and mocking issues

- Fix repo_manager mocking to use patch.object on instance
- Add early patching in conftest.py to prevent import-time errors
- Fix auth module reload cleanup in DevApiKeySecurity tests
- Remove module-level sys.modules pollution from test_validate_repo.py
- Clean up lint issues (unused imports, line length, whitespace)

All 139 tests now pass consistently.

Author: DevanshuNEU

backend/tests/conftest.py

@@ -5,7 +5,7 @@
 import pytest
 import sys
 from pathlib import Path
-from unittest.mock import Mock, MagicMock, patch
+from unittest.mock import MagicMock, patch
 import os
 
 # Set test environment BEFORE imports
@@ -20,6 +20,35 @@
 os.environ["SUPABASE_ANON_KEY"] = "test-anon-key"
 os.environ["SUPABASE_JWT_SECRET"] = "test-jwt-secret"
 
+# =============================================================================
+# EARLY PATCHING - runs during collection, before any imports
+# =============================================================================
+# These patches prevent external service initialization during test collection
+
+_pinecone_patcher = patch('pinecone.Pinecone')
+_mock_pinecone = _pinecone_patcher.start()
+_pc_instance = MagicMock()
+_pc_instance.list_indexes.return_value.names.return_value = []
+_pc_instance.Index.return_value = MagicMock()
+_mock_pinecone.return_value = _pc_instance
+
+_openai_patcher = patch('openai.AsyncOpenAI')
+_mock_openai = _openai_patcher.start()
+_openai_client = MagicMock()
+_mock_openai.return_value = _openai_client
+
+_supabase_patcher = patch('supabase.create_client')
+_mock_supabase = _supabase_patcher.start()
+_supabase_client = MagicMock()
+_supabase_client.table.return_value.select.return_value.execute.return_value.data = []
+# Auth should reject by default - set user to None
+_auth_response = MagicMock()
+_auth_response.user = None
+_supabase_client.auth.get_user.return_value = _auth_response
+_mock_supabase.return_value = _supabase_client
+
+# =============================================================================
+
 # Add backend to path
 backend_dir = Path(__file__).parent.parent
 sys.path.insert(0, str(backend_dir))
@@ -50,29 +79,29 @@ def mock_pinecone():
         yield mock
 
 
-@pytest.fixture(scope="session", autouse=True)  
+@pytest.fixture(scope="session", autouse=True)
 def mock_redis():
     """
     Mock Redis client globally.
-    
+
     Includes hash operations for session management (#127).
     """
     with patch('redis.Redis') as mock:
         redis_instance = MagicMock()
-        
+
         # Connection
         redis_instance.ping.return_value = True
-        
+
         # String operations (legacy + IP/global limits)
         redis_instance.get.return_value = None
         redis_instance.set.return_value = True
         redis_instance.incr.return_value = 1
         redis_instance.delete.return_value = 1
-        
+
         # TTL operations
         redis_instance.expire.return_value = True
         redis_instance.ttl.return_value = 86400
-        
+
         # Hash operations (session management #127)
         redis_instance.type.return_value = b'hash'
         redis_instance.hset.return_value = 1
@@ -84,7 +113,7 @@ def mock_redis():
         redis_instance.hincrby.return_value = 1
         redis_instance.hexists.return_value = False
         redis_instance.hdel.return_value = 1
-        
+
         mock.return_value = redis_instance
         yield mock
 
@@ -95,30 +124,30 @@ def mock_supabase():
     with patch('supabase.create_client') as mock:
         client = MagicMock()
         table = MagicMock()
-        
+
         # Mock the fluent interface for tables
         execute_result = MagicMock()
         execute_result.data = []
         execute_result.count = 0
-        
+
         table.select.return_value = table
         table.insert.return_value = table
         table.update.return_value = table
-        table.delete.return_value = table  
+        table.delete.return_value = table
         table.eq.return_value = table
         table.order.return_value = table
         table.limit.return_value = table
         table.upsert.return_value = table
         table.execute.return_value = execute_result
-        
+
         client.table.return_value = table
-        
+
         # Mock auth.get_user to reject invalid tokens
         # By default, return response with user=None (invalid token)
         auth_response = MagicMock()
         auth_response.user = None
         client.auth.get_user.return_value = auth_response
-        
+
         mock.return_value = client
         yield mock
 
@@ -141,20 +170,20 @@ def client():
     from fastapi.testclient import TestClient
     from main import app
     from middleware.auth import AuthContext
-    
+
     # Override the require_auth dependency to always return a valid context
     async def mock_require_auth():
         return AuthContext(
             user_id="test-user-123",
             email="test@example.com",
             tier="enterprise"
         )
-    
+
     from middleware.auth import require_auth
     app.dependency_overrides[require_auth] = mock_require_auth
-    
+
     yield TestClient(app)
-    
+
     # Cleanup
     app.dependency_overrides.clear()
 
@@ -169,7 +198,7 @@ def client_no_auth():
 
 @pytest.fixture
 def valid_headers():
-    """Valid authentication headers (not actually used with mocked auth, but kept for compatibility)"""
+    """Valid auth headers (kept for compatibility with mocked auth)."""
     return {"Authorization": "Bearer test-secret-key"}
 
 
@@ -182,6 +211,7 @@ def sample_repo_payload():
         "branch": "main"
     }
 
+
 @pytest.fixture
 def malicious_payloads():
     """Collection of malicious inputs for security testing"""