@build-astron-co/nimbus 0.2.0

package/src/__tests__/serve.test.ts

@@ -0,0 +1,275 @@
+/**
+ * Tests for nimbus serve — Headless API
+ *
+ * Covers:
+ *   - OpenAPI specification structure and completeness
+ *   - HTTP Basic Auth middleware behavior (allow/deny/skip)
+ *
+ * Integration tests that start the actual HTTP server are intentionally
+ * excluded here; they belong in the e2e test suite to avoid port conflicts
+ * in parallel test runs.
+ */
+
+import { describe, it, expect } from 'bun:test';
+import { getOpenAPISpec } from '../cli/openapi-spec';
+import { createAuthMiddleware } from '../cli/serve-auth';
+
+// ---------------------------------------------------------------------------
+// OpenAPI Spec
+// ---------------------------------------------------------------------------
+
+describe('OpenAPI Spec', () => {
+  const spec = getOpenAPISpec();
+
+  it('should return a valid OpenAPI 3.1 document', () => {
+    expect(spec.openapi).toBe('3.1.0');
+    expect((spec as any).info.title).toBe('Nimbus API');
+    expect((spec as any).info.version).toBe('0.2.0');
+  });
+
+  it('should define all required endpoint paths', () => {
+    const paths = spec.paths as Record<string, unknown>;
+    expect(paths['/api/health']).toBeDefined();
+    expect(paths['/api/chat']).toBeDefined();
+    expect(paths['/api/run']).toBeDefined();
+    expect(paths['/api/sessions']).toBeDefined();
+    expect(paths['/api/session/{id}']).toBeDefined();
+  });
+
+  it('should define GET and POST for session/:id', () => {
+    const paths = spec.paths as any;
+    const sessionPath = paths['/api/session/{id}'];
+    expect(sessionPath.get).toBeDefined();
+    expect(sessionPath.get.operationId).toBe('getSession');
+    expect(sessionPath.post).toBeDefined();
+    expect(sessionPath.post.operationId).toBe('continueSession');
+  });
+
+  it('should define the chat endpoint with SSE response and required message field', () => {
+    const paths = spec.paths as any;
+    const chatPost = paths['/api/chat'].post;
+    expect(chatPost.operationId).toBe('chat');
+    expect(chatPost.requestBody.required).toBe(true);
+
+    const schema = chatPost.requestBody.content['application/json'].schema;
+    expect(schema.required).toContain('message');
+    expect(schema.properties.message.type).toBe('string');
+    expect(schema.properties.sessionId).toBeDefined();
+    expect(schema.properties.model).toBeDefined();
+    expect(schema.properties.mode.enum).toEqual(['plan', 'build', 'deploy']);
+  });
+
+  it('should define the run endpoint with JSON response schema', () => {
+    const paths = spec.paths as any;
+    const runPost = paths['/api/run'].post;
+    expect(runPost.operationId).toBe('run');
+    expect(runPost.requestBody.required).toBe(true);
+
+    const requestSchema = runPost.requestBody.content['application/json'].schema;
+    expect(requestSchema.required).toContain('prompt');
+
+    const responseSchema = runPost.responses['200'].content['application/json'].schema;
+    expect(responseSchema.properties.sessionId).toBeDefined();
+    expect(responseSchema.properties.response).toBeDefined();
+    expect(responseSchema.properties.turns).toBeDefined();
+    expect(responseSchema.properties.cost).toBeDefined();
+    expect(responseSchema.properties.usage).toBeDefined();
+  });
+
+  it('should define the sessions list endpoint', () => {
+    const paths = spec.paths as any;
+    const sessionsGet = paths['/api/sessions'].get;
+    expect(sessionsGet.operationId).toBe('listSessions');
+
+    const responseSchema = sessionsGet.responses['200'].content['application/json'].schema;
+    expect(responseSchema.properties.sessions.type).toBe('array');
+  });
+
+  it('should define the health endpoint with expected properties', () => {
+    const paths = spec.paths as any;
+    const healthGet = paths['/api/health'].get;
+    expect(healthGet.operationId).toBe('getHealth');
+
+    const schema = healthGet.responses['200'].content['application/json'].schema;
+    expect(schema.properties.status.enum).toEqual(['ok']);
+    expect(schema.properties.uptime.type).toBe('number');
+    expect(schema.properties.db.type).toBe('boolean');
+    expect(schema.properties.llm.type).toBe('boolean');
+  });
+
+  it('should define Session schema in components', () => {
+    const components = spec.components as any;
+    const sessionSchema = components.schemas.Session;
+    expect(sessionSchema).toBeDefined();
+    expect(sessionSchema.type).toBe('object');
+    expect(sessionSchema.properties.id).toBeDefined();
+    expect(sessionSchema.properties.name).toBeDefined();
+    expect(sessionSchema.properties.status.enum).toContain('active');
+    expect(sessionSchema.properties.status.enum).toContain('suspended');
+    expect(sessionSchema.properties.status.enum).toContain('completed');
+    expect(sessionSchema.properties.mode.enum).toContain('plan');
+    expect(sessionSchema.properties.mode.enum).toContain('build');
+    expect(sessionSchema.properties.mode.enum).toContain('deploy');
+  });
+
+  it('should define Usage schema in components', () => {
+    const components = spec.components as any;
+    const usageSchema = components.schemas.Usage;
+    expect(usageSchema).toBeDefined();
+    expect(usageSchema.properties.promptTokens.type).toBe('integer');
+    expect(usageSchema.properties.completionTokens.type).toBe('integer');
+    expect(usageSchema.properties.totalTokens.type).toBe('integer');
+  });
+
+  it('should define Error schema in components', () => {
+    const components = spec.components as any;
+    const errorSchema = components.schemas.Error;
+    expect(errorSchema).toBeDefined();
+    expect(errorSchema.properties.error.type).toBe('string');
+    expect(errorSchema.required).toContain('error');
+  });
+
+  it('should define basicAuth security scheme', () => {
+    const components = spec.components as any;
+    expect(components.securitySchemes.basicAuth).toBeDefined();
+    expect(components.securitySchemes.basicAuth.type).toBe('http');
+    expect(components.securitySchemes.basicAuth.scheme).toBe('basic');
+  });
+
+  it('should include server definitions', () => {
+    const servers = spec.servers as any[];
+    expect(servers.length).toBeGreaterThan(0);
+    expect(servers[0].url).toBe('http://localhost:4200');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Auth Middleware
+// ---------------------------------------------------------------------------
+
+describe('Auth Middleware', () => {
+  const middleware = createAuthMiddleware({
+    username: 'admin',
+    password: 'secret',
+  });
+
+  /**
+   * Helper to invoke the middleware with a given URL and optional headers.
+   */
+  function invokeMiddleware(
+    url: string,
+    method = 'POST',
+    headers: Record<string, string> = {}
+  ): { result: { error: string } | undefined; set: any } {
+    const request = new Request(url, { method, headers });
+    const set: any = {};
+    const result = middleware({ request, set });
+    return { result, set };
+  }
+
+  // -- Public endpoints bypass auth --
+
+  it('should skip auth for GET /api/health', () => {
+    const { result } = invokeMiddleware('http://localhost:4200/api/health', 'GET');
+    expect(result).toBeUndefined();
+  });
+
+  it('should skip auth for GET /api/openapi.json', () => {
+    const { result } = invokeMiddleware('http://localhost:4200/api/openapi.json', 'GET');
+    expect(result).toBeUndefined();
+  });
+
+  it('should skip auth for CORS OPTIONS preflight', () => {
+    const { result } = invokeMiddleware('http://localhost:4200/api/chat', 'OPTIONS');
+    expect(result).toBeUndefined();
+  });
+
+  // -- Protected endpoints require auth --
+
+  it('should reject requests without Authorization header', () => {
+    const { result, set } = invokeMiddleware('http://localhost:4200/api/chat');
+    expect(set.status).toBe(401);
+    expect(result).toEqual({ error: 'Authentication required' });
+    expect(set.headers['WWW-Authenticate']).toBe('Basic realm="Nimbus API"');
+  });
+
+  it('should reject requests with invalid credentials', () => {
+    const { result, set } = invokeMiddleware('http://localhost:4200/api/chat', 'POST', {
+      Authorization: `Basic ${btoa('wrong:creds')}`,
+    });
+    expect(set.status).toBe(401);
+    expect(result).toEqual({ error: 'Invalid credentials' });
+  });
+
+  it('should reject requests with malformed Authorization header', () => {
+    const { result, set } = invokeMiddleware('http://localhost:4200/api/chat', 'POST', {
+      Authorization: 'Bearer some-token',
+    });
+    expect(set.status).toBe(401);
+    expect(result).toEqual({ error: 'Invalid credentials' });
+  });
+
+  it('should allow requests with valid credentials', () => {
+    const { result } = invokeMiddleware('http://localhost:4200/api/chat', 'POST', {
+      Authorization: `Basic ${btoa('admin:secret')}`,
+    });
+    expect(result).toBeUndefined();
+  });
+
+  it('should allow valid credentials for session endpoints', () => {
+    const { result } = invokeMiddleware('http://localhost:4200/api/session/abc-123', 'GET', {
+      Authorization: `Basic ${btoa('admin:secret')}`,
+    });
+    expect(result).toBeUndefined();
+  });
+
+  it('should allow valid credentials for the run endpoint', () => {
+    const { result } = invokeMiddleware('http://localhost:4200/api/run', 'POST', {
+      Authorization: `Basic ${btoa('admin:secret')}`,
+    });
+    expect(result).toBeUndefined();
+  });
+
+  it('should allow valid credentials for the sessions list endpoint', () => {
+    const { result } = invokeMiddleware('http://localhost:4200/api/sessions', 'GET', {
+      Authorization: `Basic ${btoa('admin:secret')}`,
+    });
+    expect(result).toBeUndefined();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Additional edge cases
+// ---------------------------------------------------------------------------
+
+describe('Auth Middleware — edge cases', () => {
+  it('should work with passwords containing colons', () => {
+    const mw = createAuthMiddleware({
+      username: 'user',
+      password: 'pass:with:colons',
+    });
+
+    const request = new Request('http://localhost:4200/api/chat', {
+      method: 'POST',
+      headers: { Authorization: `Basic ${btoa('user:pass:with:colons')}` },
+    });
+    const set: any = {};
+    const result = mw({ request, set });
+    expect(result).toBeUndefined();
+  });
+
+  it('should reject empty Authorization header', () => {
+    const mw = createAuthMiddleware({
+      username: 'admin',
+      password: 'secret',
+    });
+
+    const request = new Request('http://localhost:4200/api/chat', {
+      method: 'POST',
+      headers: { Authorization: '' },
+    });
+    const set: any = {};
+    const _result = mw({ request, set });
+    expect(set.status).toBe(401);
+  });
+});

package/src/__tests__/sessions.test.ts

@@ -0,0 +1,227 @@
+/**
+ * Tests for Multi-Session Manager
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'bun:test';
+import { Database } from '../compat/sqlite';
+import { SessionManager } from '../sessions/manager';
+import type { SessionEvent } from '../sessions/types';
+
+describe('SessionManager', () => {
+  let db: Database;
+  let manager: SessionManager;
+
+  beforeEach(() => {
+    db = new Database(':memory:');
+    db.exec('PRAGMA journal_mode=WAL');
+    db.exec('PRAGMA foreign_keys=ON');
+    SessionManager.resetInstance();
+    manager = new SessionManager(db);
+  });
+
+  afterEach(() => {
+    db.close();
+    SessionManager.resetInstance();
+  });
+
+  describe('create', () => {
+    it('should create a new session with defaults', () => {
+      const session = manager.create({ name: 'Test Session' });
+      expect(session.id).toBeTruthy();
+      expect(session.name).toBe('Test Session');
+      expect(session.status).toBe('active');
+      expect(session.mode).toBe('plan');
+      expect(session.tokenCount).toBe(0);
+      expect(session.costUSD).toBe(0);
+    });
+
+    it('should create a session with custom options', () => {
+      const session = manager.create({
+        name: 'Deploy Session',
+        mode: 'deploy',
+        model: 'claude-sonnet',
+        cwd: '/tmp/project',
+      });
+      expect(session.mode).toBe('deploy');
+      expect(session.model).toBe('claude-sonnet');
+      expect(session.cwd).toBe('/tmp/project');
+    });
+
+    it('should emit a created event', () => {
+      const events: SessionEvent[] = [];
+      manager.onEvent(e => events.push(e));
+      manager.create({ name: 'Test' });
+      expect(events).toHaveLength(1);
+      expect(events[0].type).toBe('created');
+    });
+  });
+
+  describe('list', () => {
+    it('should list all sessions', () => {
+      manager.create({ name: 'Session 1' });
+      manager.create({ name: 'Session 2' });
+      const sessions = manager.list();
+      expect(sessions).toHaveLength(2);
+    });
+
+    it('should filter by status', () => {
+      const _s1 = manager.create({ name: 'Active' });
+      const s2 = manager.create({ name: 'Completed' });
+      manager.complete(s2.id);
+
+      const active = manager.list('active');
+      expect(active).toHaveLength(1);
+      expect(active[0].name).toBe('Active');
+
+      const completed = manager.list('completed');
+      expect(completed).toHaveLength(1);
+      expect(completed[0].name).toBe('Completed');
+    });
+  });
+
+  describe('get', () => {
+    it('should return a session by ID', () => {
+      const created = manager.create({ name: 'Lookup Test' });
+      const fetched = manager.get(created.id);
+      expect(fetched).not.toBeNull();
+      expect(fetched!.name).toBe('Lookup Test');
+    });
+
+    it('should return null for non-existent session', () => {
+      expect(manager.get('nonexistent')).toBeNull();
+    });
+  });
+
+  describe('switchTo', () => {
+    it('should switch active session', () => {
+      const s1 = manager.create({ name: 'Session 1' });
+      const s2 = manager.create({ name: 'Session 2' });
+      manager.switchTo(s1.id);
+      expect(manager.getActiveSessionId()).toBe(s1.id);
+
+      manager.switchTo(s2.id);
+      expect(manager.getActiveSessionId()).toBe(s2.id);
+
+      // s1 should be suspended
+      const s1Updated = manager.get(s1.id);
+      expect(s1Updated!.status).toBe('suspended');
+    });
+
+    it('should return null for non-existent session', () => {
+      expect(manager.switchTo('nonexistent')).toBeNull();
+    });
+  });
+
+  describe('suspend and resume', () => {
+    it('should suspend an active session', () => {
+      const session = manager.create({ name: 'Test' });
+      manager.switchTo(session.id);
+      manager.suspend(session.id);
+
+      const updated = manager.get(session.id);
+      expect(updated!.status).toBe('suspended');
+      expect(manager.getActiveSessionId()).toBeNull();
+    });
+
+    it('should resume a suspended session', () => {
+      const session = manager.create({ name: 'Test' });
+      manager.suspend(session.id);
+      manager.resume(session.id);
+
+      const updated = manager.get(session.id);
+      expect(updated!.status).toBe('active');
+      expect(manager.getActiveSessionId()).toBe(session.id);
+    });
+
+    it('should not resume a completed session', () => {
+      const session = manager.create({ name: 'Test' });
+      manager.complete(session.id);
+      const result = manager.resume(session.id);
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('complete', () => {
+    it('should mark session as completed', () => {
+      const session = manager.create({ name: 'Test' });
+      manager.switchTo(session.id);
+      manager.complete(session.id);
+
+      const updated = manager.get(session.id);
+      expect(updated!.status).toBe('completed');
+      expect(manager.getActiveSessionId()).toBeNull();
+    });
+  });
+
+  describe('destroy', () => {
+    it('should remove session from database', () => {
+      const session = manager.create({ name: 'Test' });
+      manager.destroy(session.id);
+      expect(manager.get(session.id)).toBeNull();
+    });
+  });
+
+  describe('updateSession', () => {
+    it('should update session fields', () => {
+      const session = manager.create({ name: 'Test' });
+      manager.updateSession(session.id, {
+        tokenCount: 5000,
+        costUSD: 0.05,
+        mode: 'build',
+      });
+
+      const updated = manager.get(session.id);
+      expect(updated!.tokenCount).toBe(5000);
+      expect(updated!.costUSD).toBe(0.05);
+      expect(updated!.mode).toBe('build');
+    });
+  });
+
+  describe('file conflict detection', () => {
+    it('should detect when two sessions edit the same file', () => {
+      const s1 = manager.create({ name: 'Session 1' });
+      const s2 = manager.create({ name: 'Session 2' });
+
+      manager.recordFileEdit(s1.id, '/src/index.ts');
+      const conflicts = manager.recordFileEdit(s2.id, '/src/index.ts');
+
+      expect(conflicts).toContain(s1.id);
+    });
+
+    it('should not detect conflicts for the same session', () => {
+      const s1 = manager.create({ name: 'Session 1' });
+
+      manager.recordFileEdit(s1.id, '/src/index.ts');
+      const conflicts = manager.recordFileEdit(s1.id, '/src/index.ts');
+
+      expect(conflicts).toHaveLength(0);
+    });
+
+    it('should emit file_conflict event', () => {
+      const events: SessionEvent[] = [];
+      manager.onEvent(e => events.push(e));
+
+      const s1 = manager.create({ name: 'S1' });
+      const s2 = manager.create({ name: 'S2' });
+
+      manager.recordFileEdit(s1.id, '/src/index.ts');
+      manager.recordFileEdit(s2.id, '/src/index.ts');
+
+      const conflictEvents = events.filter(e => e.type === 'file_conflict');
+      expect(conflictEvents).toHaveLength(1);
+    });
+  });
+
+  describe('event listeners', () => {
+    it('should support removing listeners', () => {
+      const events: SessionEvent[] = [];
+      const unsub = manager.onEvent(e => events.push(e));
+
+      manager.create({ name: 'Before' });
+      expect(events).toHaveLength(1);
+
+      unsub();
+      manager.create({ name: 'After' });
+      expect(events).toHaveLength(1); // No new events after unsubscribe
+    });
+  });
+});