npm - @build-astron-co/nimbus - Versions diffs - 0.2.0 - Mend

@build-astron-co/nimbus 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (313) hide show

package/LICENSE +21 -0
package/README.md +628 -0
package/bin/nimbus +38 -0
package/package.json +80 -0
package/src/__tests__/app.test.ts +76 -0
package/src/__tests__/audit.test.ts +877 -0
package/src/__tests__/circuit-breaker.test.ts +116 -0
package/src/__tests__/cli-run.test.ts +115 -0
package/src/__tests__/context-manager.test.ts +502 -0
package/src/__tests__/context.test.ts +242 -0
package/src/__tests__/enterprise.test.ts +401 -0
package/src/__tests__/generator.test.ts +433 -0
package/src/__tests__/hooks.test.ts +582 -0
package/src/__tests__/init.test.ts +436 -0
package/src/__tests__/intent-parser.test.ts +229 -0
package/src/__tests__/llm-router.test.ts +209 -0
package/src/__tests__/lsp.test.ts +293 -0
package/src/__tests__/modes.test.ts +336 -0
package/src/__tests__/permissions.test.ts +338 -0
package/src/__tests__/serve.test.ts +275 -0
package/src/__tests__/sessions.test.ts +227 -0
package/src/__tests__/sharing.test.ts +288 -0
package/src/__tests__/snapshots.test.ts +581 -0
package/src/__tests__/state-db.test.ts +334 -0
package/src/__tests__/stream-with-tools.test.ts +732 -0
package/src/__tests__/subagents.test.ts +176 -0
package/src/__tests__/system-prompt.test.ts +169 -0
package/src/__tests__/tool-converter.test.ts +256 -0
package/src/__tests__/tool-schemas.test.ts +397 -0
package/src/__tests__/tools.test.ts +143 -0
package/src/__tests__/version.test.ts +49 -0
package/src/agent/compaction-agent.ts +227 -0
package/src/agent/context-manager.ts +435 -0
package/src/agent/context.ts +427 -0
package/src/agent/deploy-preview.ts +426 -0
package/src/agent/index.ts +68 -0
package/src/agent/loop.ts +717 -0
package/src/agent/modes.ts +429 -0
package/src/agent/permissions.ts +466 -0
package/src/agent/subagents/base.ts +116 -0
package/src/agent/subagents/cost.ts +51 -0
package/src/agent/subagents/explore.ts +42 -0
package/src/agent/subagents/general.ts +54 -0
package/src/agent/subagents/index.ts +102 -0
package/src/agent/subagents/infra.ts +59 -0
package/src/agent/subagents/security.ts +69 -0
package/src/agent/system-prompt.ts +436 -0
package/src/app.ts +122 -0
package/src/audit/activity-log.ts +290 -0
package/src/audit/compliance-checker.ts +540 -0
package/src/audit/cost-tracker.ts +318 -0
package/src/audit/index.ts +23 -0
package/src/audit/security-scanner.ts +596 -0
package/src/auth/guard.ts +75 -0
package/src/auth/index.ts +56 -0
package/src/auth/oauth.ts +455 -0
package/src/auth/providers.ts +470 -0
package/src/auth/sso.ts +113 -0
package/src/auth/store.ts +505 -0
package/src/auth/types.ts +187 -0
package/src/build.ts +141 -0
package/src/cli/index.ts +16 -0
package/src/cli/init.ts +854 -0
package/src/cli/openapi-spec.ts +356 -0
package/src/cli/run.ts +237 -0
package/src/cli/serve-auth.ts +80 -0
package/src/cli/serve.ts +462 -0
package/src/cli/web.ts +67 -0
package/src/cli.ts +1417 -0
package/src/clients/core-engine-client.ts +227 -0
package/src/clients/enterprise-client.ts +334 -0
package/src/clients/generator-client.ts +351 -0
package/src/clients/git-client.ts +627 -0
package/src/clients/github-client.ts +410 -0
package/src/clients/helm-client.ts +504 -0
package/src/clients/index.ts +80 -0
package/src/clients/k8s-client.ts +497 -0
package/src/clients/llm-client.ts +161 -0
package/src/clients/rest-client.ts +130 -0
package/src/clients/service-discovery.ts +33 -0
package/src/clients/terraform-client.ts +482 -0
package/src/clients/tools-client.ts +1843 -0
package/src/clients/ws-client.ts +115 -0
package/src/commands/analyze/index.ts +352 -0
package/src/commands/apply/helm.ts +473 -0
package/src/commands/apply/index.ts +213 -0
package/src/commands/apply/k8s.ts +454 -0
package/src/commands/apply/terraform.ts +582 -0
package/src/commands/ask.ts +167 -0
package/src/commands/audit/index.ts +238 -0
package/src/commands/auth-cloud.ts +294 -0
package/src/commands/auth-list.ts +134 -0
package/src/commands/auth-profile.ts +121 -0
package/src/commands/auth-status.ts +141 -0
package/src/commands/aws/ec2.ts +501 -0
package/src/commands/aws/iam.ts +397 -0
package/src/commands/aws/index.ts +133 -0
package/src/commands/aws/lambda.ts +396 -0
package/src/commands/aws/rds.ts +439 -0
package/src/commands/aws/s3.ts +439 -0
package/src/commands/aws/vpc.ts +393 -0
package/src/commands/aws-discover.ts +649 -0
package/src/commands/aws-terraform.ts +805 -0
package/src/commands/azure/aks.ts +376 -0
package/src/commands/azure/functions.ts +253 -0
package/src/commands/azure/index.ts +116 -0
package/src/commands/azure/storage.ts +478 -0
package/src/commands/azure/vm.ts +355 -0
package/src/commands/billing/index.ts +256 -0
package/src/commands/chat.ts +314 -0
package/src/commands/config.ts +346 -0
package/src/commands/cost/cloud-cost-estimator.ts +266 -0
package/src/commands/cost/estimator.ts +79 -0
package/src/commands/cost/index.ts +594 -0
package/src/commands/cost/parsers/terraform.ts +273 -0
package/src/commands/cost/parsers/types.ts +25 -0
package/src/commands/cost/pricing/aws.ts +544 -0
package/src/commands/cost/pricing/azure.ts +499 -0
package/src/commands/cost/pricing/gcp.ts +396 -0
package/src/commands/cost/pricing/index.ts +40 -0
package/src/commands/demo.ts +250 -0
package/src/commands/doctor.ts +794 -0
package/src/commands/drift/index.ts +439 -0
package/src/commands/explain.ts +277 -0
package/src/commands/feedback.ts +389 -0
package/src/commands/fix.ts +324 -0
package/src/commands/fs/index.ts +402 -0
package/src/commands/gcp/compute.ts +325 -0
package/src/commands/gcp/functions.ts +271 -0
package/src/commands/gcp/gke.ts +438 -0
package/src/commands/gcp/iam.ts +344 -0
package/src/commands/gcp/index.ts +129 -0
package/src/commands/gcp/storage.ts +284 -0
package/src/commands/generate-helm.ts +1249 -0
package/src/commands/generate-k8s.ts +1560 -0
package/src/commands/generate-terraform.ts +1460 -0
package/src/commands/gh/index.ts +863 -0
package/src/commands/git/index.ts +1343 -0
package/src/commands/helm/index.ts +1126 -0
package/src/commands/help.ts +539 -0
package/src/commands/history.ts +142 -0
package/src/commands/import.ts +868 -0
package/src/commands/index.ts +367 -0
package/src/commands/init.ts +1046 -0
package/src/commands/k8s/index.ts +1137 -0
package/src/commands/login.ts +631 -0
package/src/commands/logout.ts +83 -0
package/src/commands/onboarding.ts +228 -0
package/src/commands/plan/display.ts +279 -0
package/src/commands/plan/index.ts +599 -0
package/src/commands/preview.ts +452 -0
package/src/commands/questionnaire.ts +1270 -0
package/src/commands/resume.ts +55 -0
package/src/commands/team/index.ts +346 -0
package/src/commands/template.ts +232 -0
package/src/commands/tf/index.ts +1034 -0
package/src/commands/upgrade.ts +550 -0
package/src/commands/usage/index.ts +134 -0
package/src/commands/version.ts +170 -0
package/src/compat/index.ts +2 -0
package/src/compat/runtime.ts +12 -0
package/src/compat/sqlite.ts +107 -0
package/src/config/index.ts +17 -0
package/src/config/manager.ts +530 -0
package/src/config/safety-policy.ts +358 -0
package/src/config/schema.ts +125 -0
package/src/config/types.ts +527 -0
package/src/context/context-db.ts +199 -0
package/src/demo/index.ts +349 -0
package/src/demo/scenarios/full-journey.ts +229 -0
package/src/demo/scenarios/getting-started.ts +127 -0
package/src/demo/scenarios/helm-release.ts +341 -0
package/src/demo/scenarios/k8s-deployment.ts +194 -0
package/src/demo/scenarios/terraform-vpc.ts +170 -0
package/src/demo/types.ts +92 -0
package/src/engine/cost-estimator.ts +438 -0
package/src/engine/diagram-generator.ts +256 -0
package/src/engine/drift-detector.ts +902 -0
package/src/engine/executor.ts +1035 -0
package/src/engine/index.ts +76 -0
package/src/engine/orchestrator.ts +636 -0
package/src/engine/planner.ts +720 -0
package/src/engine/safety.ts +743 -0
package/src/engine/verifier.ts +770 -0
package/src/enterprise/audit.ts +348 -0
package/src/enterprise/auth.ts +270 -0
package/src/enterprise/billing.ts +822 -0
package/src/enterprise/index.ts +17 -0
package/src/enterprise/teams.ts +443 -0
package/src/generator/best-practices.ts +1608 -0
package/src/generator/helm.ts +630 -0
package/src/generator/index.ts +37 -0
package/src/generator/intent-parser.ts +514 -0
package/src/generator/kubernetes.ts +976 -0
package/src/generator/terraform.ts +1867 -0
package/src/history/index.ts +8 -0
package/src/history/manager.ts +322 -0
package/src/history/types.ts +34 -0
package/src/hooks/config.ts +432 -0
package/src/hooks/engine.ts +391 -0
package/src/hooks/index.ts +4 -0
package/src/llm/auth-bridge.ts +198 -0
package/src/llm/circuit-breaker.ts +140 -0
package/src/llm/config-loader.ts +201 -0
package/src/llm/cost-calculator.ts +171 -0
package/src/llm/index.ts +8 -0
package/src/llm/model-aliases.ts +115 -0
package/src/llm/provider-registry.ts +63 -0
package/src/llm/providers/anthropic.ts +433 -0
package/src/llm/providers/bedrock.ts +477 -0
package/src/llm/providers/google.ts +405 -0
package/src/llm/providers/ollama.ts +767 -0
package/src/llm/providers/openai-compatible.ts +340 -0
package/src/llm/providers/openai.ts +328 -0
package/src/llm/providers/openrouter.ts +338 -0
package/src/llm/router.ts +1035 -0
package/src/llm/types.ts +232 -0
package/src/lsp/client.ts +298 -0
package/src/lsp/languages.ts +116 -0
package/src/lsp/manager.ts +278 -0
package/src/mcp/client.ts +402 -0
package/src/mcp/index.ts +5 -0
package/src/mcp/manager.ts +133 -0
package/src/nimbus.ts +214 -0
package/src/plugins/index.ts +27 -0
package/src/plugins/loader.ts +334 -0
package/src/plugins/manager.ts +376 -0
package/src/plugins/types.ts +284 -0
package/src/scanners/cicd-scanner.ts +258 -0
package/src/scanners/cloud-scanner.ts +466 -0
package/src/scanners/framework-scanner.ts +469 -0
package/src/scanners/iac-scanner.ts +388 -0
package/src/scanners/index.ts +539 -0
package/src/scanners/language-scanner.ts +276 -0
package/src/scanners/package-manager-scanner.ts +277 -0
package/src/scanners/types.ts +172 -0
package/src/sessions/manager.ts +365 -0
package/src/sessions/types.ts +44 -0
package/src/sharing/sync.ts +296 -0
package/src/sharing/viewer.ts +97 -0
package/src/snapshots/index.ts +2 -0
package/src/snapshots/manager.ts +530 -0
package/src/state/artifacts.ts +147 -0
package/src/state/audit.ts +137 -0
package/src/state/billing.ts +240 -0
package/src/state/checkpoints.ts +117 -0
package/src/state/config.ts +67 -0
package/src/state/conversations.ts +14 -0
package/src/state/credentials.ts +154 -0
package/src/state/db.ts +58 -0
package/src/state/index.ts +26 -0
package/src/state/messages.ts +115 -0
package/src/state/projects.ts +123 -0
package/src/state/schema.ts +236 -0
package/src/state/sessions.ts +147 -0
package/src/state/teams.ts +200 -0
package/src/telemetry.ts +108 -0
package/src/tools/aws-ops.ts +952 -0
package/src/tools/azure-ops.ts +579 -0
package/src/tools/file-ops.ts +593 -0
package/src/tools/gcp-ops.ts +625 -0
package/src/tools/git-ops.ts +773 -0
package/src/tools/github-ops.ts +799 -0
package/src/tools/helm-ops.ts +943 -0
package/src/tools/index.ts +17 -0
package/src/tools/k8s-ops.ts +819 -0
package/src/tools/schemas/converter.ts +184 -0
package/src/tools/schemas/devops.ts +612 -0
package/src/tools/schemas/index.ts +73 -0
package/src/tools/schemas/standard.ts +1144 -0
package/src/tools/schemas/types.ts +705 -0
package/src/tools/terraform-ops.ts +862 -0
package/src/types/ambient.d.ts +193 -0
package/src/types/config.ts +83 -0
package/src/types/drift.ts +116 -0
package/src/types/enterprise.ts +335 -0
package/src/types/index.ts +20 -0
package/src/types/plan.ts +44 -0
package/src/types/request.ts +65 -0
package/src/types/response.ts +54 -0
package/src/types/service.ts +51 -0
package/src/ui/App.tsx +997 -0
package/src/ui/DeployPreview.tsx +169 -0
package/src/ui/Header.tsx +68 -0
package/src/ui/InputBox.tsx +350 -0
package/src/ui/MessageList.tsx +585 -0
package/src/ui/PermissionPrompt.tsx +151 -0
package/src/ui/StatusBar.tsx +158 -0
package/src/ui/ToolCallDisplay.tsx +409 -0
package/src/ui/chat-ui.ts +853 -0
package/src/ui/index.ts +33 -0
package/src/ui/ink/index.ts +711 -0
package/src/ui/streaming.ts +176 -0
package/src/ui/types.ts +57 -0
package/src/utils/analytics.ts +72 -0
package/src/utils/cost-warning.ts +27 -0
package/src/utils/env.ts +46 -0
package/src/utils/errors.ts +69 -0
package/src/utils/event-bus.ts +38 -0
package/src/utils/index.ts +24 -0
package/src/utils/logger.ts +171 -0
package/src/utils/rate-limiter.ts +121 -0
package/src/utils/service-auth.ts +49 -0
package/src/utils/validation.ts +53 -0
package/src/version.ts +4 -0
package/src/watcher/index.ts +163 -0
package/src/wizard/approval.ts +383 -0
package/src/wizard/index.ts +25 -0
package/src/wizard/prompts.ts +338 -0
package/src/wizard/types.ts +171 -0
package/src/wizard/ui.ts +556 -0
package/src/wizard/wizard.ts +304 -0
package/tsconfig.json +24 -0

package/src/__tests__/context.test.ts ADDED Viewed

@@ -0,0 +1,242 @@
+/**
+ * Context Manager Tests (@file Reference System)
+ *
+ * Validates @file mention extraction, path resolution, token budgeting,
+ * context injection formatting, and fuzzy file search.
+ */
+import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import {
+  resolveReferences,
+  buildContextInjection,
+  fuzzyFileSearch,
+  type FileReference,
+} from '../agent/context';
+// ---------------------------------------------------------------------------
+// Temp directory setup
+// ---------------------------------------------------------------------------
+let tmpDir: string;
+beforeEach(() => {
+  tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'nimbus-context-test-'));
+});
+afterEach(() => {
+  fs.rmSync(tmpDir, { recursive: true, force: true });
+});
+// ===========================================================================
+// extractMentions (tested through resolveReferences)
+// ===========================================================================
+describe('extractMentions (via resolveReferences)', () => {
+  test('finds @path patterns in messages', async () => {
+    // Create a file so it can be resolved
+    const filePath = path.join(tmpDir, 'server.ts');
+    fs.writeFileSync(filePath, 'export const app = {};', 'utf-8');
+    const result = await resolveReferences('@server.ts fix the bug', { cwd: tmpDir });
+    expect(result.references).toHaveLength(1);
+    expect(result.references[0].resolvedPath).toBe(filePath);
+  });
+  test('skips @agent mentions (explore, infra, etc.)', async () => {
+    const result = await resolveReferences('@explore find TODOs', { cwd: tmpDir });
+    expect(result.references).toHaveLength(0);
+    expect(result.processedMessage).toBe('@explore find TODOs');
+  });
+  test('skips @security mentions', async () => {
+    const result = await resolveReferences('@security scan the code', { cwd: tmpDir });
+    expect(result.references).toHaveLength(0);
+  });
+  test('skips @cost mentions', async () => {
+    const result = await resolveReferences('@cost estimate spending', { cwd: tmpDir });
+    expect(result.references).toHaveLength(0);
+  });
+  test('returns unmodified message when no mentions', async () => {
+    const result = await resolveReferences('just a normal message', { cwd: tmpDir });
+    expect(result.processedMessage).toBe('just a normal message');
+    expect(result.references).toHaveLength(0);
+    expect(result.totalTokens).toBe(0);
+    expect(result.truncated).toBe(false);
+  });
+});
+// ===========================================================================
+// resolveReferences
+// ===========================================================================
+describe('resolveReferences', () => {
+  test('resolves a real file path', async () => {
+    const filePath = path.join(tmpDir, 'config.yaml');
+    const content = 'port: 3000\nhost: localhost';
+    fs.writeFileSync(filePath, content, 'utf-8');
+    const result = await resolveReferences('@config.yaml check the port', { cwd: tmpDir });
+    expect(result.references).toHaveLength(1);
+    expect(result.references[0].content).toBe(content);
+    expect(result.references[0].isDirectory).toBe(false);
+  });
+  test('handles non-existent files gracefully', async () => {
+    const result = await resolveReferences('@nonexistent.txt do something', { cwd: tmpDir });
+    // Non-existent file is simply skipped
+    expect(result.references).toHaveLength(0);
+  });
+  test('respects token budget', async () => {
+    // Create a large file (200KB ~ 50K tokens at 4 chars/token)
+    const largeContent = 'x'.repeat(250_000);
+    const filePath = path.join(tmpDir, 'big.txt');
+    fs.writeFileSync(filePath, largeContent, 'utf-8');
+    const result = await resolveReferences('@big.txt analyze this', {
+      cwd: tmpDir,
+      maxTokens: 1000, // very small budget
+    });
+    // Should be truncated
+    expect(result.truncated).toBe(true);
+    if (result.references.length > 0) {
+      expect(result.references[0].content.length).toBeLessThan(largeContent.length);
+    }
+  });
+  test('processes directory references', async () => {
+    const subDir = path.join(tmpDir, 'src');
+    fs.mkdirSync(subDir);
+    fs.writeFileSync(path.join(subDir, 'index.ts'), 'export {};', 'utf-8');
+    fs.writeFileSync(path.join(subDir, 'utils.ts'), 'export {};', 'utf-8');
+    const result = await resolveReferences('@src/ list contents', { cwd: tmpDir });
+    if (result.references.length > 0) {
+      expect(result.references[0].isDirectory).toBe(true);
+      expect(result.references[0].content).toContain('index.ts');
+      expect(result.references[0].content).toContain('utils.ts');
+    }
+  });
+  test('replaces @mention with [File: ...] in processedMessage', async () => {
+    const filePath = path.join(tmpDir, 'app.ts');
+    fs.writeFileSync(filePath, 'const app = 1;', 'utf-8');
+    const result = await resolveReferences('@app.ts fix it', { cwd: tmpDir });
+    expect(result.processedMessage).toContain('[File: app.ts]');
+    expect(result.processedMessage).not.toContain('@app.ts');
+  });
+});
+// ===========================================================================
+// buildContextInjection
+// ===========================================================================
+describe('buildContextInjection', () => {
+  test('formats references as markdown', () => {
+    const refs: FileReference[] = [
+      {
+        mention: '@server.ts',
+        resolvedPath: '/project/src/server.ts',
+        isDirectory: false,
+        content: 'const server = http.createServer();',
+        tokenCount: 10,
+      },
+    ];
+    const injection = buildContextInjection(refs);
+    expect(injection).toContain('# Referenced Files');
+    expect(injection).toContain('### File: /project/src/server.ts');
+    expect(injection).toContain('const server = http.createServer();');
+    expect(injection).toContain('```');
+  });
+  test('returns empty string for empty references array', () => {
+    expect(buildContextInjection([])).toBe('');
+  });
+  test('formats directory references with directory header', () => {
+    const refs: FileReference[] = [
+      {
+        mention: '@src/',
+        resolvedPath: '/project/src',
+        isDirectory: true,
+        content: 'Directory listing...',
+        tokenCount: 5,
+      },
+    ];
+    const injection = buildContextInjection(refs);
+    expect(injection).toContain('### Directory: /project/src');
+  });
+  test('formats multiple references', () => {
+    const refs: FileReference[] = [
+      {
+        mention: '@a.ts',
+        resolvedPath: '/project/a.ts',
+        isDirectory: false,
+        content: 'file a',
+        tokenCount: 2,
+      },
+      {
+        mention: '@b.ts',
+        resolvedPath: '/project/b.ts',
+        isDirectory: false,
+        content: 'file b',
+        tokenCount: 2,
+      },
+    ];
+    const injection = buildContextInjection(refs);
+    expect(injection).toContain('### File: /project/a.ts');
+    expect(injection).toContain('### File: /project/b.ts');
+    expect(injection).toContain('file a');
+    expect(injection).toContain('file b');
+  });
+});
+// ===========================================================================
+// fuzzyFileSearch
+// ===========================================================================
+describe('fuzzyFileSearch', () => {
+  test('finds files by partial name', async () => {
+    fs.writeFileSync(path.join(tmpDir, 'server.ts'), '', 'utf-8');
+    fs.writeFileSync(path.join(tmpDir, 'config.yaml'), '', 'utf-8');
+    const results = await fuzzyFileSearch('server', tmpDir);
+    expect(results.length).toBeGreaterThanOrEqual(1);
+    expect(results.some(r => r.endsWith('server.ts'))).toBe(true);
+  });
+  test('finds exact matches first', async () => {
+    const exactPath = path.join(tmpDir, 'exact.ts');
+    fs.writeFileSync(exactPath, '', 'utf-8');
+    const results = await fuzzyFileSearch('exact.ts', tmpDir);
+    expect(results).toHaveLength(1);
+    expect(results[0]).toBe(exactPath);
+  });
+  test('returns empty array when no matches', async () => {
+    const results = await fuzzyFileSearch('does-not-exist-xyz', tmpDir);
+    expect(results).toHaveLength(0);
+  });
+  test('returns at most 10 results', async () => {
+    // Create 15 similarly named files
+    for (let i = 0; i < 15; i++) {
+      fs.writeFileSync(path.join(tmpDir, `match-${i}.ts`), '', 'utf-8');
+    }
+    const results = await fuzzyFileSearch('match', tmpDir);
+    expect(results.length).toBeLessThanOrEqual(10);
+  });
+});

package/src/__tests__/enterprise.test.ts ADDED Viewed

@@ -0,0 +1,401 @@
+/**
+ * Tests for the enterprise modules:
+ *   - src/enterprise/auth.ts    – initiateDeviceFlow, pollDeviceCode, verifyDeviceCode, validateToken
+ *   - src/enterprise/teams.ts   – createTeam, getTeam, listUserTeams, inviteMember, listMembers
+ *   - src/enterprise/billing.ts – subscribe, getBillingStatus, recordUsage, getUsage
+ *   - src/enterprise/audit.ts   – createLog, queryLogs, exportLogs
+ *
+ * Every test uses an isolated in-memory SQLite database via NIMBUS_DB_PATH=':memory:'
+ * so the real ~/.nimbus/nimbus.db is never touched.
+ *
+ * IMPORTANT: The enterprise modules use `getDb()` (singleton) internally when
+ * they reach for the database.  We set NIMBUS_DB_PATH to ':memory:' before
+ * each test group and reset the db singleton afterwards via `closeDb()`.
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'bun:test';
+import { getTestDb, closeDb } from '../state/db';
+// ---------------------------------------------------------------------------
+// Setup: point every getDb() call to a fresh in-memory database.
+// ---------------------------------------------------------------------------
+beforeEach(() => {
+  // closeDb() resets the db singleton so the next getDb() call re-opens.
+  closeDb();
+  // Re-initialise using NIMBUS_DB_PATH=':memory:' by creating a test db
+  // and setting the env variable so subsequent getDb() calls hit :memory:.
+  process.env.NIMBUS_DB_PATH = ':memory:';
+  // Warm-up the singleton with migrations applied
+  getTestDb(); // just to confirm migration works; enterprise fns call getDb() on their own
+});
+afterEach(() => {
+  closeDb();
+  delete process.env.NIMBUS_DB_PATH;
+});
+// ---------------------------------------------------------------------------
+// Auth: device-authorization flow
+// ---------------------------------------------------------------------------
+describe('enterprise auth – initiateDeviceFlow', () => {
+  it('returns a DeviceCodeResponse with all expected fields', async () => {
+    const { initiateDeviceFlow } = await import('../enterprise/auth');
+    const response = await initiateDeviceFlow();
+    expect(typeof response.deviceCode).toBe('string');
+    expect(response.deviceCode.length).toBeGreaterThan(0);
+    expect(typeof response.userCode).toBe('string');
+    // User code format: XXXX-NNNN
+    expect(/^[A-Z]{4}-\d{4}$/.test(response.userCode)).toBe(true);
+    expect(typeof response.verificationUri).toBe('string');
+    expect(response.expiresIn).toBe(900);
+    expect(response.interval).toBe(5);
+  });
+  it('generates a unique deviceCode on each call', async () => {
+    const { initiateDeviceFlow } = await import('../enterprise/auth');
+    const r1 = await initiateDeviceFlow();
+    const r2 = await initiateDeviceFlow();
+    expect(r1.deviceCode).not.toBe(r2.deviceCode);
+    expect(r1.userCode).not.toBe(r2.userCode);
+  });
+  it('userCode consists of uppercase letters and digits only', async () => {
+    const { initiateDeviceFlow } = await import('../enterprise/auth');
+    const { userCode } = await initiateDeviceFlow();
+    // Valid chars: uppercase ASCII letters (no I or O) + digits + hyphen
+    expect(/^[A-HJ-NP-Z0-9]{4}-[0-9]{4}$/.test(userCode)).toBe(true);
+  });
+});
+describe('enterprise auth – pollDeviceCode', () => {
+  it('returns authorization_pending for a newly created device code', async () => {
+    const { initiateDeviceFlow, pollDeviceCode } = await import('../enterprise/auth');
+    const { deviceCode } = await initiateDeviceFlow();
+    const response = await pollDeviceCode(deviceCode);
+    expect(response.error).toBe('authorization_pending');
+    expect(response.accessToken).toBeUndefined();
+  });
+  it('returns expired_token for an unknown device code', async () => {
+    const { pollDeviceCode } = await import('../enterprise/auth');
+    const response = await pollDeviceCode('nonexistent-device-code');
+    expect(response.error).toBe('expired_token');
+  });
+});
+describe('enterprise auth – validateToken', () => {
+  it('returns valid: false for a non-existent token', async () => {
+    const { validateToken } = await import('../enterprise/auth');
+    const result = await validateToken({ accessToken: 'not-a-real-token' });
+    expect(result.valid).toBe(false);
+  });
+  it('returns valid: false for an empty token string', async () => {
+    const { validateToken } = await import('../enterprise/auth');
+    const result = await validateToken({ accessToken: '' });
+    expect(result.valid).toBe(false);
+  });
+});
+// ---------------------------------------------------------------------------
+// Teams
+// ---------------------------------------------------------------------------
+describe('enterprise teams – createTeam', () => {
+  it('creates a team and returns a Team object', async () => {
+    const { createTeam } = await import('../enterprise/teams');
+    const team = await createTeam({ name: 'Nimbus Core', ownerId: 'user-001' });
+    expect(typeof team.id).toBe('string');
+    expect(team.id.length).toBeGreaterThan(0);
+    expect(team.name).toBe('Nimbus Core');
+    expect(team.ownerId).toBe('user-001');
+    expect(team.plan).toBe('free');
+  });
+  it('throws when name is missing', async () => {
+    const { createTeam } = await import('../enterprise/teams');
+    await expect(createTeam({ name: '', ownerId: 'user-001' })).rejects.toThrow();
+  });
+  it('throws when ownerId is missing', async () => {
+    const { createTeam } = await import('../enterprise/teams');
+    await expect(createTeam({ name: 'Team', ownerId: '' })).rejects.toThrow();
+  });
+});
+describe('enterprise teams – getTeam', () => {
+  it('retrieves a team that was just created', async () => {
+    const { createTeam, getTeam } = await import('../enterprise/teams');
+    const created = await createTeam({ name: 'Alpha Team', ownerId: 'u-alpha' });
+    const fetched = await getTeam(created.id);
+    expect(fetched).not.toBeNull();
+    expect(fetched!.id).toBe(created.id);
+    expect(fetched!.name).toBe('Alpha Team');
+  });
+  it('returns null for a non-existent team id', async () => {
+    const { getTeam } = await import('../enterprise/teams');
+    const result = await getTeam('non-existent-id');
+    expect(result).toBeNull();
+  });
+});
+describe('enterprise teams – listUserTeams', () => {
+  it('returns teams where user is a member', async () => {
+    const { createTeam, listUserTeams } = await import('../enterprise/teams');
+    await createTeam({ name: 'My Team', ownerId: 'user-list' });
+    const teams = await listUserTeams('user-list');
+    expect(Array.isArray(teams)).toBe(true);
+    expect(teams.length).toBeGreaterThanOrEqual(1);
+    expect(teams.some(t => t.name === 'My Team')).toBe(true);
+  });
+  it('returns empty array for user with no team memberships', async () => {
+    const { listUserTeams } = await import('../enterprise/teams');
+    const teams = await listUserTeams('user-with-no-teams-xyz');
+    expect(Array.isArray(teams)).toBe(true);
+    expect(teams.length).toBe(0);
+  });
+});
+describe('enterprise teams – inviteMember', () => {
+  it('invites a new member to a team by email', async () => {
+    const { createTeam, inviteMember } = await import('../enterprise/teams');
+    const team = await createTeam({ name: 'Invite Team', ownerId: 'owner-u' });
+    const member = await inviteMember(team.id, { email: 'new@example.com', role: 'member' });
+    expect(member.teamId).toBe(team.id);
+    expect(member.role).toBe('member');
+    expect(member.user?.email).toBe('new@example.com');
+  });
+  it('throws for an invalid role', async () => {
+    const { createTeam, inviteMember } = await import('../enterprise/teams');
+    const team = await createTeam({ name: 'Role Team', ownerId: 'owner-r' });
+    await expect(
+      inviteMember(team.id, { email: 'x@example.com', role: 'superadmin' })
+    ).rejects.toThrow();
+  });
+});
+describe('enterprise teams – listMembers', () => {
+  it('lists members including the team owner', async () => {
+    const { createTeam, listMembers } = await import('../enterprise/teams');
+    const team = await createTeam({ name: 'List Members Team', ownerId: 'owner-lm' });
+    const members = await listMembers(team.id);
+    expect(Array.isArray(members)).toBe(true);
+    expect(members.length).toBeGreaterThanOrEqual(1);
+    // Owner is automatically added as a member with role 'owner'
+    const ownerEntry = members.find(m => m.role === 'owner');
+    expect(ownerEntry).toBeDefined();
+  });
+});
+// ---------------------------------------------------------------------------
+// Billing
+// ---------------------------------------------------------------------------
+describe('enterprise billing – subscribe', () => {
+  it('creates a subscription and returns billing status', async () => {
+    const { createTeam } = await import('../enterprise/teams');
+    const { subscribe } = await import('../enterprise/billing');
+    // A subscription has a FK on team_id; create the team first.
+    const team = await createTeam({ name: 'Sub Team Pro', ownerId: 'owner-sub-001' });
+    const result = await subscribe({ teamId: team.id, plan: 'pro' });
+    expect(result).toBeDefined();
+    expect(result.billing.plan).toBe('pro');
+    expect(result.billing.status).toBe('active');
+    expect(result.stripe).toBeDefined();
+    expect(result.stripe.object).toBe('subscription');
+  });
+  it('throws for an invalid plan name', async () => {
+    const { subscribe } = await import('../enterprise/billing');
+    await expect(subscribe({ teamId: 'team-bad', plan: 'diamond' })).rejects.toThrow();
+  });
+  it('throws when teamId is empty', async () => {
+    const { subscribe } = await import('../enterprise/billing');
+    await expect(subscribe({ teamId: '', plan: 'pro' })).rejects.toThrow();
+  });
+});
+describe('enterprise billing – getBillingStatus', () => {
+  it('returns free plan defaults for a team with no subscription', async () => {
+    const { getBillingStatus } = await import('../enterprise/billing');
+    const status = await getBillingStatus('team-no-sub');
+    expect(status.plan).toBe('free');
+    expect(status.status).toBe('active');
+    expect(status.cancelAtPeriodEnd).toBe(false);
+  });
+  it('returns active status after subscribing', async () => {
+    const { createTeam } = await import('../enterprise/teams');
+    const { subscribe, getBillingStatus } = await import('../enterprise/billing');
+    // A subscription has a FK on team_id; create the team first.
+    const team = await createTeam({ name: 'Status Team', ownerId: 'owner-status' });
+    await subscribe({ teamId: team.id, plan: 'enterprise' });
+    const status = await getBillingStatus(team.id);
+    expect(status.plan).toBe('enterprise');
+    expect(status.status).toBe('active');
+  });
+});
+describe('enterprise billing – recordUsage', () => {
+  it('records a usage event and returns a confirmation receipt', async () => {
+    const { recordUsage } = await import('../enterprise/billing');
+    const result = await recordUsage({
+      teamId: 'team-usage',
+      operationType: 'generate',
+      tokensUsed: 1000,
+      costUsd: 0.003,
+    });
+    expect(result.recorded).toBe(true);
+    expect(typeof result.id).toBe('string');
+    expect(result.teamId).toBe('team-usage');
+    expect(result.operationType).toBe('generate');
+    expect(result.tokensUsed).toBe(1000);
+    expect(result.costUsd).toBe(0.003);
+    expect(typeof result.timestamp).toBe('string');
+  });
+  it('throws for negative tokensUsed', async () => {
+    const { recordUsage } = await import('../enterprise/billing');
+    await expect(
+      recordUsage({ teamId: 'team-bad', operationType: 'gen', tokensUsed: -1, costUsd: 0 })
+    ).rejects.toThrow();
+  });
+  it('throws for negative costUsd', async () => {
+    const { recordUsage } = await import('../enterprise/billing');
+    await expect(
+      recordUsage({ teamId: 'team-bad', operationType: 'gen', tokensUsed: 0, costUsd: -0.5 })
+    ).rejects.toThrow();
+  });
+});
+describe('enterprise billing – getUsage', () => {
+  it('returns an EnhancedUsageSummary with expected shape', async () => {
+    const { getUsage } = await import('../enterprise/billing');
+    const summary = await getUsage('team-get-usage', 'month');
+    expect(summary).toBeDefined();
+    expect(typeof summary.totals.operations).toBe('number');
+    expect(typeof summary.totals.tokensUsed).toBe('number');
+    expect(typeof summary.totals.costUsd).toBe('number');
+    expect(summary.quota).toBeDefined();
+    expect(summary.quota.plan).toBe('free'); // No subscription → free plan
+    expect(typeof summary.rateLimit.requestsPerMinute).toBe('number');
+  });
+});
+// ---------------------------------------------------------------------------
+// Audit
+// ---------------------------------------------------------------------------
+describe('enterprise audit – createLog', () => {
+  it('creates an audit log entry and returns an AuditLog', async () => {
+    const { createLog } = await import('../enterprise/audit');
+    const log = await createLog({
+      action: 'generate.terraform',
+      status: 'success',
+      userId: 'user-audit-001',
+      resourceType: 'terraform',
+      resourceId: 'vpc-module',
+    });
+    expect(typeof log.id).toBe('string');
+    expect(log.id.length).toBeGreaterThan(0);
+    expect(log.action).toBe('generate.terraform');
+    expect(log.status).toBe('success');
+    expect(log.userId).toBe('user-audit-001');
+    expect(log.resourceType).toBe('terraform');
+    expect(typeof log.timestamp).toBe('string');
+  });
+  it('throws when action is missing', async () => {
+    const { createLog } = await import('../enterprise/audit');
+    await expect(createLog({ action: '', status: 'success' })).rejects.toThrow();
+  });
+  it('throws when status is missing', async () => {
+    const { createLog } = await import('../enterprise/audit');
+    await expect(createLog({ action: 'do.thing', status: '' })).rejects.toThrow();
+  });
+  it('stores teamId and ipAddress in the returned log', async () => {
+    const { createLog } = await import('../enterprise/audit');
+    const log = await createLog({
+      action: 'login',
+      status: 'success',
+      teamId: 'team-audit',
+      ipAddress: '127.0.0.1',
+    });
+    expect(log.teamId).toBe('team-audit');
+    expect(log.ipAddress).toBe('127.0.0.1');
+  });
+});
+describe('enterprise audit – queryLogs', () => {
+  it('returns paginated results with total count', async () => {
+    const { createLog, queryLogs } = await import('../enterprise/audit');
+    await createLog({ action: 'action.a', status: 'success' });
+    await createLog({ action: 'action.b', status: 'failure' });
+    const result = await queryLogs({ limit: 10, offset: 0 });
+    expect(Array.isArray(result.logs)).toBe(true);
+    expect(typeof result.total).toBe('number');
+    expect(typeof result.limit).toBe('number');
+    expect(typeof result.offset).toBe('number');
+    expect(result.total).toBeGreaterThanOrEqual(2);
+  });
+  it('filters by action when action param is provided', async () => {
+    const { createLog, queryLogs } = await import('../enterprise/audit');
+    await createLog({ action: 'filtered.action', status: 'success' });
+    await createLog({ action: 'other.action', status: 'success' });
+    const result = await queryLogs({ action: 'filtered.action' });
+    expect(result.logs.every(l => l.action === 'filtered.action')).toBe(true);
+  });
+});
+describe('enterprise audit – exportLogs', () => {
+  it('exports logs as JSON string', async () => {
+    const { createLog, exportLogs } = await import('../enterprise/audit');
+    await createLog({ action: 'export.test', status: 'success' });
+    const json = await exportLogs('json', {});
+    expect(typeof json).toBe('string');
+    const parsed = JSON.parse(json);
+    expect(Array.isArray(parsed.logs)).toBe(true);
+    expect(typeof parsed.exportedAt).toBe('string');
+  });
+  it('exports logs as CSV string', async () => {
+    const { createLog, exportLogs } = await import('../enterprise/audit');
+    await createLog({ action: 'csv.test', status: 'success' });
+    const csv = await exportLogs('csv', {});
+    expect(typeof csv).toBe('string');
+    // CSV should contain the header row
+    expect(csv).toContain('id,timestamp');
+    expect(csv).toContain('action');
+  });
+});