@almightygpt/core 0.10.0 → 0.10.1

package/src/auth/__tests__/validator.test.ts

@@ -0,0 +1,241 @@
+/**
+ * Validator tests with mocked fetch.
+ *
+ * Covers Codex's v0.8 security review demand:
+ *   "Add a regression test that failed validation never logs or returns
+ *    a URL containing the key."
+ *
+ * Plus the broader contract:
+ *   - happy path → ok: true with model
+ *   - timeout → ok: false with friendly message
+ *   - non-OK response → normalized error with statusCode, never raw body
+ *   - submitted key NEVER appears in error / model field for ANY provider
+ */
+
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { validateKey } from "../validator.js";
+
+const fetchMock = vi.fn();
+vi.stubGlobal("fetch", fetchMock);
+
+// Keys with recognizable patterns so we can grep for them in any output.
+const KEYS = {
+  openai: "sk-test-openai-CANARY-VALUE-12345",
+  anthropic: "sk-ant-test-anthropic-CANARY-VALUE-67890",
+  google: "AIza-test-google-CANARY-VALUE-abcde",
+} as const;
+
+function jsonResponse(status: number, body: object | string): Response {
+  return new Response(typeof body === "string" ? body : JSON.stringify(body), {
+    status,
+    headers: { "content-type": "application/json" },
+  });
+}
+
+beforeEach(() => {
+  fetchMock.mockReset();
+});
+
+describe("validator — OpenAI", () => {
+  it("happy path returns ok with model name from response", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(200, { model: "gpt-4o-2024-08-06", choices: [] }),
+    );
+    const r = await validateKey("openai", KEYS.openai);
+    expect(r.ok).toBe(true);
+    expect(r.model).toBe("gpt-4o-2024-08-06");
+    expect(r.latencyMs).toBeGreaterThanOrEqual(0);
+  });
+
+  it("posts to /v1/chat/completions with the key as Bearer header (NOT in URL)", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(200, { model: "gpt-4o" }),
+    );
+    await validateKey("openai", KEYS.openai);
+    const [url, init] = fetchMock.mock.calls[0]!;
+    expect(String(url)).toBe("https://api.openai.com/v1/chat/completions");
+    expect(String(url)).not.toContain(KEYS.openai);
+    expect((init as RequestInit).headers).toMatchObject({
+      authorization: `Bearer ${KEYS.openai}`,
+    });
+  });
+
+  it("non-OK response returns normalized error with statusCode and no raw body in error", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(401, {
+        error: {
+          message: "Incorrect API key provided",
+          type: "invalid_request_error",
+          code: "invalid_api_key",
+        },
+      }),
+    );
+    const r = await validateKey("openai", KEYS.openai);
+    expect(r.ok).toBe(false);
+    expect(r.statusCode).toBe(401);
+    expect(r.error).toContain("Incorrect API key provided");
+    // The error string should be short — not the raw JSON body.
+    expect(r.error!.length).toBeLessThan(200);
+    // rawBody is preserved separately for explicit debug use.
+    expect(r.rawBody).toBeDefined();
+  });
+});
+
+describe("validator — Anthropic", () => {
+  it("happy path returns ok with model from response", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(200, { model: "claude-sonnet-4-6", content: [] }),
+    );
+    const r = await validateKey("anthropic", KEYS.anthropic);
+    expect(r.ok).toBe(true);
+    expect(r.model).toBe("claude-sonnet-4-6");
+  });
+
+  it("posts to /v1/messages with x-api-key header (NOT in URL)", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(200, { model: "claude-sonnet-4-6" }),
+    );
+    await validateKey("anthropic", KEYS.anthropic);
+    const [url, init] = fetchMock.mock.calls[0]!;
+    expect(String(url)).toBe("https://api.anthropic.com/v1/messages");
+    expect(String(url)).not.toContain(KEYS.anthropic);
+    expect((init as RequestInit).headers).toMatchObject({
+      "x-api-key": KEYS.anthropic,
+    });
+  });
+
+  it("non-OK response returns normalized error with parsed message", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(400, {
+        type: "error",
+        error: {
+          type: "authentication_error",
+          message: "invalid x-api-key",
+        },
+      }),
+    );
+    const r = await validateKey("anthropic", KEYS.anthropic);
+    expect(r.ok).toBe(false);
+    expect(r.statusCode).toBe(400);
+    expect(r.error).toContain("invalid x-api-key");
+  });
+});
+
+describe("validator — Google", () => {
+  it("happy path returns ok with the configured model name", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(200, { candidates: [{ content: { parts: [] } }] }),
+    );
+    const r = await validateKey("google", KEYS.google);
+    expect(r.ok).toBe(true);
+    expect(r.model).toBe("gemini-2.5-flash");
+  });
+
+  it("CODEX V0.8 P1: uses x-goog-api-key header — NEVER puts the key in the URL", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(200, { candidates: [] }),
+    );
+    await validateKey("google", KEYS.google);
+    const [url, init] = fetchMock.mock.calls[0]!;
+    // This is the regression-test Codex specifically requested.
+    expect(String(url)).not.toContain(KEYS.google);
+    expect(String(url)).not.toContain("?key=");
+    // And the key MUST be in the header instead.
+    expect((init as RequestInit).headers).toMatchObject({
+      "x-goog-api-key": KEYS.google,
+    });
+  });
+
+  it("non-OK response returns normalized error with statusCode", async () => {
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(403, {
+        error: {
+          code: 403,
+          message: "API key not valid",
+          status: "PERMISSION_DENIED",
+        },
+      }),
+    );
+    const r = await validateKey("google", KEYS.google);
+    expect(r.ok).toBe(false);
+    expect(r.statusCode).toBe(403);
+    expect(r.error).toContain("API key not valid");
+  });
+});
+
+describe("validator — KEY-LEAK REGRESSION (Codex v0.8 P2 #6)", () => {
+  /**
+   * The submitted key must never appear in `error` or `model` for
+   * ANY provider, in ANY failure path. Tests every provider × every
+   * failure mode we care about.
+   */
+  const failureModes: Array<{ status: number; body: object | string }> = [
+    { status: 400, body: { error: { message: "bad request" } } },
+    { status: 401, body: { error: { message: "unauthorized" } } },
+    { status: 403, body: { error: { message: "forbidden" } } },
+    { status: 429, body: { error: { message: "rate limited" } } },
+    { status: 500, body: "Internal Server Error (plain text body)" },
+    {
+      status: 200,
+      body: "malformed-not-json{{{",
+    },
+  ];
+
+  for (const provider of ["openai", "anthropic", "google"] as const) {
+    for (const mode of failureModes) {
+      it(`${provider} ${mode.status}: error message never contains the submitted key verbatim`, async () => {
+        fetchMock.mockResolvedValueOnce(
+          jsonResponse(mode.status, mode.body),
+        );
+        const key = KEYS[provider];
+        const r = await validateKey(provider, key);
+        // Check every string-shaped field we expose to users.
+        for (const field of [r.error, r.model] as Array<string | undefined>) {
+          if (field) {
+            expect(field).not.toContain(key);
+          }
+        }
+      });
+    }
+  }
+
+  it("if a provider echoes the key in its error body, the normalized error MUST NOT include the key", async () => {
+    // Worst-case: provider literally echoes the key in the response.
+    // Could happen with poorly-written upstream tooling.
+    fetchMock.mockResolvedValueOnce(
+      jsonResponse(400, {
+        error: {
+          message: `key ${KEYS.openai} is malformed`,
+        },
+      }),
+    );
+    const r = await validateKey("openai", KEYS.openai);
+    expect(r.ok).toBe(false);
+    // The normalized error MUST redact the key.
+    expect(r.error).not.toContain(KEYS.openai);
+    expect(r.error).toContain("<redacted-key>");
+  });
+});
+
+describe("validator — network failure handling", () => {
+  it("network throw returns ok:false with friendly message (not stack trace)", async () => {
+    fetchMock.mockRejectedValueOnce(
+      new TypeError("fetch failed: ECONNREFUSED"),
+    );
+    const r = await validateKey("openai", KEYS.openai);
+    expect(r.ok).toBe(false);
+    expect(r.error).toBeDefined();
+    expect(r.error).not.toContain(KEYS.openai);
+    // friendlyNetworkError should produce a short message
+    expect(r.error!.length).toBeLessThan(150);
+  });
+
+  it("abort (timeout) returns ok:false with friendly message", async () => {
+    fetchMock.mockRejectedValueOnce(
+      Object.assign(new Error("aborted"), { name: "AbortError" }),
+    );
+    const r = await validateKey("openai", KEYS.openai);
+    expect(r.ok).toBe(false);
+    expect(r.error).toMatch(/timed out|abort/i);
+  });
+});

package/src/auth/validator.ts

@@ -107,7 +107,7 @@ async function validateOpenAI(key: string): Promise<ValidationResult> {
       return {
         ok: false,
         statusCode: res.status,
-        error: normalizeOpenAIError(res.status, rawBody),
+        error: normalizeOpenAIError(res.status, rawBody, key),
         rawBody,
       };
     }
@@ -142,7 +142,7 @@ async function validateAnthropic(key: string): Promise<ValidationResult> {
       return {
         ok: false,
         statusCode: res.status,
-        error: normalizeAnthropicError(res.status, rawBody),
+        error: normalizeAnthropicError(res.status, rawBody, key),
         rawBody,
       };
     }
@@ -193,28 +193,36 @@ async function validateGoogle(key: string): Promise<ValidationResult> {
 // Never echo the raw key back even by accident (defense in depth: we
 // also redact anything that looks like the submitted key).
 
-function normalizeOpenAIError(status: number, rawBody: string): string {
+function normalizeOpenAIError(
+  status: number,
+  rawBody: string,
+  submittedKey: string,
+): string {
   // OpenAI shape: { "error": { "message": "...", "type": "...", "code": "..." } }
   try {
     const parsed = JSON.parse(rawBody) as {
       error?: { message?: string; type?: string; code?: string };
     };
     const msg = parsed.error?.message;
-    if (msg) return `[${status}] OpenAI: ${truncate(msg, 200)}`;
+    if (msg) return `[${status}] OpenAI: ${truncate(redactKey(msg, submittedKey), 200)}`;
   } catch {
     /* fall through */
   }
   return statusOnlyMessage("OpenAI", status);
 }
 
-function normalizeAnthropicError(status: number, rawBody: string): string {
+function normalizeAnthropicError(
+  status: number,
+  rawBody: string,
+  submittedKey: string,
+): string {
   // Anthropic shape: { "type": "error", "error": { "type": "...", "message": "..." } }
   try {
     const parsed = JSON.parse(rawBody) as {
       error?: { type?: string; message?: string };
     };
     const msg = parsed.error?.message;
-    if (msg) return `[${status}] Anthropic: ${truncate(msg, 200)}`;
+    if (msg) return `[${status}] Anthropic: ${truncate(redactKey(msg, submittedKey), 200)}`;
   } catch {
     /* fall through */
   }
@@ -231,20 +239,25 @@ function normalizeGoogleError(
     const parsed = JSON.parse(rawBody) as {
       error?: { code?: number; message?: string; status?: string };
     };
-    let msg = parsed.error?.message ?? "";
-    // Belt-and-braces redaction: Google sometimes echoes the key in
-    // error messages (e.g. "API key not valid. Pass a valid API key.")
-    // — we don't ship the actual key value if it ever ends up here.
-    if (submittedKey && msg.includes(submittedKey)) {
-      msg = msg.replace(submittedKey, "<redacted-key>");
-    }
-    if (msg) return `[${status}] Google: ${truncate(msg, 200)}`;
+    const msg = parsed.error?.message ?? "";
+    if (msg) return `[${status}] Google: ${truncate(redactKey(msg, submittedKey), 200)}`;
   } catch {
     /* fall through */
   }
   return statusOnlyMessage("Google", status);
 }
 
+/**
+ * Belt-and-braces: if a provider echoes the submitted key in its
+ * error body, redact before surfacing to the user. Codex's v0.8 P2 #6
+ * found this gap (originally Google-only); now applied to all three
+ * providers via this shared helper.
+ */
+function redactKey(msg: string, key: string): string {
+  if (!key || !msg.includes(key)) return msg;
+  return msg.split(key).join("<redacted-key>");
+}
+
 function statusOnlyMessage(provider: string, status: number): string {
   if (status === 401 || status === 403) {
     return `[${status}] ${provider} rejected the key (unauthorized).`;

package/src/index.ts

@@ -13,7 +13,7 @@
  *   - budget/     ✅ task #14 BudgetTracker + BudgetExceededError
  */
 
-export const VERSION = "0.10.0";
+export const VERSION = "0.10.1";
 
 // MCP server (v0.9.0+) — exposes AlmightyGPT's review surface as MCP tools.
 export { startMcpServer } from "./mcp/server.js";