4runr-os 2.10.65 → 2.10.67

package/apps/gateway/src/__tests__/sentinel-events.test.ts

@@ -1,95 +1,95 @@
-/**
- * Sentinel Redis event payload tests (N3)
- */
-
-import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
-import {
-  buildAuditLogEvent,
-  buildKillEvent,
-  buildPolicyViolationEvent,
-} from '../adapters/redis-sentinel-publisher.js';
-import {
-  resetMetrics,
-  sentinelKillsTotal,
-  sentinelPolicyViolationsTotal,
-} from '../metrics/index.js';
-
-describe('Sentinel Redis events (N3)', () => {
-  beforeEach(() => {
-    resetMetrics();
-  });
-
-  afterEach(() => {
-    resetMetrics();
-  });
-
-  describe('event payloads', () => {
-    it('buildPolicyViolationEvent includes deny action and policy fields', () => {
-      const event = buildPolicyViolationEvent('run-1', {
-        policy: 'timeout',
-        reason: 'Run exceeded maximum duration',
-        threshold: 60_000,
-        actual: 120_000,
-        action: 'deny',
-      });
-
-      expect(event.type).toBe('policy.violation');
-      expect(event.runId).toBe('run-1');
-      expect(event.data).toMatchObject({
-        policy: 'timeout',
-        action: 'deny',
-        threshold: 60_000,
-        actual: 120_000,
-      });
-    });
-
-    it('buildKillEvent includes stable output and trigger', () => {
-      const event = buildKillEvent('run-2', 'policy_violation:idle', 'policy');
-
-      expect(event.type).toBe('kill');
-      expect(event.data).toMatchObject({
-        reason: 'policy_violation:idle',
-        trigger: 'policy',
-        source: 'sentinel',
-        policy: 'idle',
-        output: {
-          error: 'Run terminated by Sentinel',
-          source: 'sentinel',
-          action: 'deny',
-          reason: 'policy_violation:idle',
-          policy: 'idle',
-        },
-      });
-    });
-
-    it('buildAuditLogEvent wraps kill audit records', () => {
-      const event = buildAuditLogEvent('run-3', 'kill', {
-        reason: 'manual_cancellation',
-        trigger: 'manual',
-      });
-
-      expect(event.type).toBe('audit.log');
-      expect(event.data.action).toBe('kill');
-      expect(event.data.reason).toBe('manual_cancellation');
-    });
-  });
-
-  describe('Prometheus counters', () => {
-    it('sentinelPolicyViolationsTotal labels by policy', async () => {
-      sentinelPolicyViolationsTotal.inc({ policy: 'token_cap' });
-
-      const metrics = await sentinelPolicyViolationsTotal.get();
-      const row = metrics.values.find((v) => v.labels.policy === 'token_cap');
-      expect(row?.value).toBe(1);
-    });
-
-    it('sentinelKillsTotal labels by trigger', async () => {
-      sentinelKillsTotal.inc({ trigger: 'manual' });
-      sentinelKillsTotal.inc({ trigger: 'policy' });
-
-      const metrics = await sentinelKillsTotal.get();
-      expect(metrics.values.find((v) => v.labels.trigger === 'manual')?.value).toBe(1);
-      expect(metrics.values.find((v) => v.labels.trigger === 'policy')?.value).toBe(1);
-    });
-  });
-});
+/**
+ * Sentinel Redis event payload tests (N3)
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import {
+  buildAuditLogEvent,
+  buildKillEvent,
+  buildPolicyViolationEvent,
+} from '../adapters/redis-sentinel-publisher.js';
+import {
+  resetMetrics,
+  sentinelKillsTotal,
+  sentinelPolicyViolationsTotal,
+} from '../metrics/index.js';
+
+describe('Sentinel Redis events (N3)', () => {
+  beforeEach(() => {
+    resetMetrics();
+  });
+
+  afterEach(() => {
+    resetMetrics();
+  });
+
+  describe('event payloads', () => {
+    it('buildPolicyViolationEvent includes deny action and policy fields', () => {
+      const event = buildPolicyViolationEvent('run-1', {
+        policy: 'timeout',
+        reason: 'Run exceeded maximum duration',
+        threshold: 60_000,
+        actual: 120_000,
+        action: 'deny',
+      });
+
+      expect(event.type).toBe('policy.violation');
+      expect(event.runId).toBe('run-1');
+      expect(event.data).toMatchObject({
+        policy: 'timeout',
+        action: 'deny',
+        threshold: 60_000,
+        actual: 120_000,
+      });
+    });
+
+    it('buildKillEvent includes stable output and trigger', () => {
+      const event = buildKillEvent('run-2', 'policy_violation:idle', 'policy');
+
+      expect(event.type).toBe('kill');
+      expect(event.data).toMatchObject({
+        reason: 'policy_violation:idle',
+        trigger: 'policy',
+        source: 'sentinel',
+        policy: 'idle',
+        output: {
+          error: 'Run terminated by Sentinel',
+          source: 'sentinel',
+          action: 'deny',
+          reason: 'policy_violation:idle',
+          policy: 'idle',
+        },
+      });
+    });
+
+    it('buildAuditLogEvent wraps kill audit records', () => {
+      const event = buildAuditLogEvent('run-3', 'kill', {
+        reason: 'manual_cancellation',
+        trigger: 'manual',
+      });
+
+      expect(event.type).toBe('audit.log');
+      expect(event.data.action).toBe('kill');
+      expect(event.data.reason).toBe('manual_cancellation');
+    });
+  });
+
+  describe('Prometheus counters', () => {
+    it('sentinelPolicyViolationsTotal labels by policy', async () => {
+      sentinelPolicyViolationsTotal.inc({ policy: 'token_cap' });
+
+      const metrics = await sentinelPolicyViolationsTotal.get();
+      const row = metrics.values.find((v) => v.labels.policy === 'token_cap');
+      expect(row?.value).toBe(1);
+    });
+
+    it('sentinelKillsTotal labels by trigger', async () => {
+      sentinelKillsTotal.inc({ trigger: 'manual' });
+      sentinelKillsTotal.inc({ trigger: 'policy' });
+
+      const metrics = await sentinelKillsTotal.get();
+      expect(metrics.values.find((v) => v.labels.trigger === 'manual')?.value).toBe(1);
+      expect(metrics.values.find((v) => v.labels.trigger === 'policy')?.value).toBe(1);
+    });
+  });
+});

package/apps/gateway/src/__tests__/sentinel-execute-watch.test.ts

@@ -1,45 +1,45 @@
-import { describe, it, expect, jest, afterEach } from '@jest/globals';
-import { resetPolicyViolationPublisher } from '@4runr/sentinel';
-import { executeWithSentinelWatch, SENTINEL_KILL_CHECK_INTERVAL_MS } from '../queue/sentinel-execute-watch.js';
-import { formatSentinelKillError } from '../security/sentinel-run-failure.js';
-
-describe('executeWithSentinelWatch', () => {
-  afterEach(() => {
-    resetPolicyViolationPublisher();
-  });
-
-  it('uses 250ms poll interval during execute', () => {
-    expect(SENTINEL_KILL_CHECK_INTERVAL_MS).toBe(250);
-  });
-
-  it('rejects when Sentinel marks run killed during execute', async () => {
-    let calls = 0;
-    const getRunStatus = jest.fn(() => {
-      calls += 1;
-      if (calls >= 2) {
-        return { status: 'killed', killReason: 'policy_violation:timeout' };
-      }
-      return { status: 'running' };
-    });
-
-    await expect(
-      executeWithSentinelWatch(
-        'run-1',
-        () => new Promise((resolve) => setTimeout(() => resolve('done'), 2500)),
-        getRunStatus
-      )
-    ).rejects.toThrow(formatSentinelKillError('policy_violation:timeout'));
-  });
-
-  it('returns execute result when run stays running', async () => {
-    const getRunStatus = jest.fn(() => ({ status: 'running' }));
-
-    const result = await executeWithSentinelWatch(
-      'run-2',
-      async () => 'ok',
-      getRunStatus
-    );
-
-    expect(result).toBe('ok');
-  });
-});
+import { describe, it, expect, jest, afterEach } from '@jest/globals';
+import { resetPolicyViolationPublisher } from '@4runr/sentinel';
+import { executeWithSentinelWatch, SENTINEL_KILL_CHECK_INTERVAL_MS } from '../queue/sentinel-execute-watch.js';
+import { formatSentinelKillError } from '../security/sentinel-run-failure.js';
+
+describe('executeWithSentinelWatch', () => {
+  afterEach(() => {
+    resetPolicyViolationPublisher();
+  });
+
+  it('uses 250ms poll interval during execute', () => {
+    expect(SENTINEL_KILL_CHECK_INTERVAL_MS).toBe(250);
+  });
+
+  it('rejects when Sentinel marks run killed during execute', async () => {
+    let calls = 0;
+    const getRunStatus = jest.fn(() => {
+      calls += 1;
+      if (calls >= 2) {
+        return { status: 'killed', killReason: 'policy_violation:timeout' };
+      }
+      return { status: 'running' };
+    });
+
+    await expect(
+      executeWithSentinelWatch(
+        'run-1',
+        () => new Promise((resolve) => setTimeout(() => resolve('done'), 2500)),
+        getRunStatus
+      )
+    ).rejects.toThrow(formatSentinelKillError('policy_violation:timeout'));
+  });
+
+  it('returns execute result when run stays running', async () => {
+    const getRunStatus = jest.fn(() => ({ status: 'running' }));
+
+    const result = await executeWithSentinelWatch(
+      'run-2',
+      async () => 'ok',
+      getRunStatus
+    );
+
+    expect(result).toBe('ok');
+  });
+});

package/apps/gateway/src/__tests__/sentinel-policies.test.ts

@@ -1,90 +1,90 @@
-/**
- * Sentinel policy evaluation — deny (kill) failure modes (N2)
- */
-
-import { describe, it, expect } from '@jest/globals';
-import { policyManager } from '@4runr/sentinel';
-import type { RunState, SentinelConfig } from '@4runr/sentinel';
-
-const baseConfig: SentinelConfig = {
-  enabled: true,
-  runMaxDurationMs: 60_000,
-  runMaxTokens: 1000,
-  runIdleMs: 30_000,
-  loopWindow: 15,
-  loopMax: 5,
-  runMaxCost: 1.0,
-};
-
-function runningState(overrides: Partial<RunState> = {}): RunState {
-  const now = Date.now();
-  return {
-    runId: 'run-test',
-    createdAt: now - 5000,
-    startedAt: now - 5000,
-    tokenCount: 0,
-    status: 'running',
-    events: [],
-    ...overrides,
-  };
-}
-
-describe('Sentinel policies (N2 deny modes)', () => {
-  it('timeout policy returns violation when duration exceeded', () => {
-    const runState = runningState({
-      startedAt: Date.now() - 120_000,
-    });
-    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
-    expect(violations.some(v => v.policy === 'timeout')).toBe(true);
-  });
-
-  it('token_cap policy returns violation when over limit', () => {
-    const runState = runningState({ tokenCount: 2000 });
-    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
-    expect(violations.some(v => v.policy === 'token_cap')).toBe(true);
-  });
-
-  it('idle policy returns violation when no tokens after idle threshold', () => {
-    const runState = runningState({
-      startedAt: Date.now() - 60_000,
-      lastTokenAt: undefined,
-    });
-    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
-    expect(violations.some(v => v.policy === 'idle')).toBe(true);
-  });
-
-  it('cost policy returns violation when cost exceeds cap', () => {
-    const runState = runningState({ cost: 2.5 });
-    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
-    expect(violations.some(v => v.policy === 'cost')).toBe(true);
-  });
-
-  it('returns no violations for healthy running state', () => {
-    const runState = runningState({
-      startedAt: Date.now() - 1000,
-      lastTokenAt: Date.now() - 500,
-      tokenCount: 100,
-      cost: 0.01,
-    });
-    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
-    expect(violations).toHaveLength(0);
-  });
-
-  it('loop_detection policy returns violation for repetitive token pattern', () => {
-    const now = Date.now();
-    const tokenEvents = Array.from({ length: 10 }, (_, i) => ({
-      type: 'token' as const,
-      runId: 'run-test',
-      at: now - (10 - i) * 1000,
-      tokens: 42,
-    }));
-    const runState = runningState({
-      startedAt: now - 20_000,
-      lastTokenAt: now - 1000,
-      tokenCount: 420,
-      events: tokenEvents,
-    });
-    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
-    expect(violations.some(v => v.policy === 'loop_detection')).toBe(true);
-  });
-});
+/**
+ * Sentinel policy evaluation — deny (kill) failure modes (N2)
+ */
+
+import { describe, it, expect } from '@jest/globals';
+import { policyManager } from '@4runr/sentinel';
+import type { RunState, SentinelConfig } from '@4runr/sentinel';
+
+const baseConfig: SentinelConfig = {
+  enabled: true,
+  runMaxDurationMs: 60_000,
+  runMaxTokens: 1000,
+  runIdleMs: 30_000,
+  loopWindow: 15,
+  loopMax: 5,
+  runMaxCost: 1.0,
+};
+
+function runningState(overrides: Partial<RunState> = {}): RunState {
+  const now = Date.now();
+  return {
+    runId: 'run-test',
+    createdAt: now - 5000,
+    startedAt: now - 5000,
+    tokenCount: 0,
+    status: 'running',
+    events: [],
+    ...overrides,
+  };
+}
+
+describe('Sentinel policies (N2 deny modes)', () => {
+  it('timeout policy returns violation when duration exceeded', () => {
+    const runState = runningState({
+      startedAt: Date.now() - 120_000,
+    });
+    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
+    expect(violations.some(v => v.policy === 'timeout')).toBe(true);
+  });
+
+  it('token_cap policy returns violation when over limit', () => {
+    const runState = runningState({ tokenCount: 2000 });
+    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
+    expect(violations.some(v => v.policy === 'token_cap')).toBe(true);
+  });
+
+  it('idle policy returns violation when no tokens after idle threshold', () => {
+    const runState = runningState({
+      startedAt: Date.now() - 60_000,
+      lastTokenAt: undefined,
+    });
+    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
+    expect(violations.some(v => v.policy === 'idle')).toBe(true);
+  });
+
+  it('cost policy returns violation when cost exceeds cap', () => {
+    const runState = runningState({ cost: 2.5 });
+    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
+    expect(violations.some(v => v.policy === 'cost')).toBe(true);
+  });
+
+  it('returns no violations for healthy running state', () => {
+    const runState = runningState({
+      startedAt: Date.now() - 1000,
+      lastTokenAt: Date.now() - 500,
+      tokenCount: 100,
+      cost: 0.01,
+    });
+    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
+    expect(violations).toHaveLength(0);
+  });
+
+  it('loop_detection policy returns violation for repetitive token pattern', () => {
+    const now = Date.now();
+    const tokenEvents = Array.from({ length: 10 }, (_, i) => ({
+      type: 'token' as const,
+      runId: 'run-test',
+      at: now - (10 - i) * 1000,
+      tokens: 42,
+    }));
+    const runState = runningState({
+      startedAt: now - 20_000,
+      lastTokenAt: now - 1000,
+      tokenCount: 420,
+      events: tokenEvents,
+    });
+    const violations = policyManager.evaluatePolicies('run-test', runState, baseConfig);
+    expect(violations.some(v => v.policy === 'loop_detection')).toBe(true);
+  });
+});

package/apps/gateway/src/__tests__/sentinel-publish-kill.test.ts

@@ -1,30 +1,30 @@
-/**
- * publishSentinelRunKill drives metrics (N3)
- */
-
-import { describe, it, expect, beforeEach, jest } from '@jest/globals';
-import { publishSentinelRunKill } from '../adapters/redis-sentinel-publisher.js';
-import { resetMetrics, sentinelKillsTotal } from '../metrics/index.js';
-
-const mockPublish = jest.fn<() => Promise<number>>().mockResolvedValue(1);
-
-jest.mock('../db/redis.js', () => ({
-  getRedisClient: jest.fn(() => Promise.resolve({ publish: mockPublish })),
-}));
-
-describe('publishSentinelRunKill', () => {
-  beforeEach(() => {
-    resetMetrics();
-    mockPublish.mockClear();
-  });
-
-  it('increments sentinelKillsTotal and publishes kill + audit channels', async () => {
-    await publishSentinelRunKill('run-9', 'manual_cancellation');
-
-    expect(mockPublish).toHaveBeenCalledTimes(2);
-
-    const metrics = await sentinelKillsTotal.get();
-    const manual = metrics.values.find((v) => v.labels.trigger === 'manual');
-    expect(manual?.value).toBe(1);
-  });
-});
+/**
+ * publishSentinelRunKill drives metrics (N3)
+ */
+
+import { describe, it, expect, beforeEach, jest } from '@jest/globals';
+import { publishSentinelRunKill } from '../adapters/redis-sentinel-publisher.js';
+import { resetMetrics, sentinelKillsTotal } from '../metrics/index.js';
+
+const mockPublish = jest.fn<() => Promise<number>>().mockResolvedValue(1);
+
+jest.mock('../db/redis.js', () => ({
+  getRedisClient: jest.fn(() => Promise.resolve({ publish: mockPublish })),
+}));
+
+describe('publishSentinelRunKill', () => {
+  beforeEach(() => {
+    resetMetrics();
+    mockPublish.mockClear();
+  });
+
+  it('increments sentinelKillsTotal and publishes kill + audit channels', async () => {
+    await publishSentinelRunKill('run-9', 'manual_cancellation');
+
+    expect(mockPublish).toHaveBeenCalledTimes(2);
+
+    const metrics = await sentinelKillsTotal.get();
+    const manual = metrics.values.find((v) => v.labels.trigger === 'manual');
+    expect(manual?.value).toBe(1);
+  });
+});