npm - @camstack/server - Versions diffs - 1.0.0 → 1.0.1 - Mend

@camstack/server 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

package/{src/agent-status-page.ts → dist/agent-status-page.js} +30 -45
package/dist/api/addon-upload.js +441 -0
package/dist/api/addons-custom.router.js +91 -0
package/dist/api/auth-whoami.js +55 -0
package/dist/api/bridge-addons.router.js +109 -0
package/dist/api/capabilities.router.js +229 -0
package/dist/api/core/addon-settings.router.js +117 -0
package/dist/api/core/agents.router.js +73 -0
package/dist/api/core/auth.router.js +286 -0
package/dist/api/core/bulk-update-coordinator.js +229 -0
package/dist/api/core/cap-providers.js +1124 -0
package/dist/api/core/capabilities.router.js +138 -0
package/dist/api/core/collection-preference.js +17 -0
package/dist/api/core/event-bus-proxy.router.js +45 -0
package/dist/api/core/hwaccel.router.js +91 -0
package/dist/api/core/live-events.router.js +61 -0
package/dist/api/core/logs.router.js +172 -0
package/dist/api/core/notifications.router.js +67 -0
package/dist/api/core/repl.router.js +35 -0
package/dist/api/core/settings-backend.router.js +121 -0
package/dist/api/core/stream-probe.router.js +58 -0
package/dist/api/core/system-events.router.js +100 -0
package/dist/api/health/health.routes.js +68 -0
package/{src/api/oauth2/consent-page.ts → dist/api/oauth2/consent-page.js} +11 -20
package/dist/api/oauth2/oauth2-routes.js +219 -0
package/dist/api/trpc/cap-mount-helpers.js +194 -0
package/dist/api/trpc/cap-route-error-formatter.js +133 -0
package/dist/api/trpc/client-ip.js +147 -0
package/dist/api/trpc/core-cap-bridge.js +115 -0
package/dist/api/trpc/generated-cap-mounts.js +388 -0
package/dist/api/trpc/generated-cap-routers.js +7635 -0
package/dist/api/trpc/scope-access.js +93 -0
package/dist/api/trpc/trpc.context.js +184 -0
package/dist/api/trpc/trpc.middleware.js +139 -0
package/dist/api/trpc/trpc.router.js +188 -0
package/dist/auth/session-cookie.js +47 -0
package/dist/boot/boot-config.js +241 -0
package/dist/boot/integration-id-backfill.js +76 -0
package/dist/boot/post-boot.service.js +85 -0
package/dist/core/addon/addon-call-gateway.js +99 -0
package/dist/core/addon/addon-package.service.js +1560 -0
package/dist/core/addon/addon-registry.service.js +2739 -0
package/{src/core/addon/addon-row-manifest.ts → dist/core/addon/addon-row-manifest.js} +5 -5
package/dist/core/addon/addon-search.service.js +62 -0
package/dist/core/addon/addon-settings-provider.js +102 -0
package/dist/core/addon/addon.tokens.js +5 -0
package/dist/core/addon-bridge/addon-bridge.service.js +145 -0
package/dist/core/addon-pages/addon-pages.service.js +107 -0
package/dist/core/addon-widgets/addon-widgets.service.js +120 -0
package/dist/core/agent/agent-registry.service.js +477 -0
package/dist/core/auth/auth.service.js +10 -0
package/dist/core/capability/capability.service.js +58 -0
package/dist/core/config/config.schema.js +7 -0
package/dist/core/config/config.service.js +10 -0
package/dist/core/events/event-bus.service.js +83 -0
package/dist/core/feature/feature.service.js +10 -0
package/dist/core/lifecycle/lifecycle-state-machine.js +6 -0
package/dist/core/logging/log-ring-buffer.js +6 -0
package/dist/core/logging/logging.service.js +130 -0
package/dist/core/logging/scoped-logger.js +6 -0
package/dist/core/moleculer/cap-call-fn.js +50 -0
package/dist/core/moleculer/cap-route-authority.js +122 -0
package/dist/core/moleculer/moleculer.service.js +898 -0
package/dist/core/network/network-quality.service.js +7 -0
package/dist/core/notification/notification-wrapper.service.js +33 -0
package/dist/core/notification/toast-wrapper.service.js +25 -0
package/dist/core/provider/provider.tokens.js +4 -0
package/dist/core/repl/repl-engine.service.js +140 -0
package/dist/core/storage/fs-storage-backend.js +6 -0
package/dist/core/storage/storage-location-manager.js +6 -0
package/dist/core/storage/storage.service.js +7 -0
package/dist/core/streaming/stream-probe.service.js +209 -0
package/dist/core/topology/topology-emitter.service.js +106 -0
package/dist/launcher.js +325 -0
package/dist/main.js +1098 -0
package/dist/manual-boot.js +227 -0
package/package.json +5 -1
package/src/__tests__/addon-install-e2e.test.ts +0 -74
package/src/__tests__/addon-pages-e2e.test.ts +0 -200
package/src/__tests__/addon-route-session.test.ts +0 -17
package/src/__tests__/addon-settings-router.spec.ts +0 -67
package/src/__tests__/addon-upload.spec.ts +0 -475
package/src/__tests__/agent-registry.spec.ts +0 -179
package/src/__tests__/agent-status-page.spec.ts +0 -82
package/src/__tests__/auth-session-cookie.test.ts +0 -48
package/src/__tests__/bulk-update-coordinator.spec.ts +0 -303
package/src/__tests__/cap-ownership-authority.spec.ts +0 -431
package/src/__tests__/cap-providers/cap-providers-location-import.spec.ts +0 -206
package/src/__tests__/cap-providers/cap-usage-graph.spec.ts +0 -37
package/src/__tests__/cap-providers/compute-topology-categories.spec.ts +0 -110
package/src/__tests__/cap-providers/integrations-delete-cascade.spec.ts +0 -292
package/src/__tests__/cap-providers-bulk-update.spec.ts +0 -408
package/src/__tests__/cap-route-adapter.spec.ts +0 -302
package/src/__tests__/cap-routers/_meta.spec.ts +0 -199
package/src/__tests__/cap-routers/addon-settings.router.spec.ts +0 -115
package/src/__tests__/cap-routers/broker-routing.router.spec.ts +0 -177
package/src/__tests__/cap-routers/cap-route-error-formatter.spec.ts +0 -125
package/src/__tests__/cap-routers/capabilities-node.spec.ts +0 -68
package/src/__tests__/cap-routers/device-link-overlay.spec.ts +0 -137
package/src/__tests__/cap-routers/device-manager-aggregate.router.spec.ts +0 -194
package/src/__tests__/cap-routers/harness.ts +0 -163
package/src/__tests__/cap-routers/metrics-provider.router.spec.ts +0 -133
package/src/__tests__/cap-routers/null-provider-guard.spec.ts +0 -64
package/src/__tests__/cap-routers/pipeline-executor.router.spec.ts +0 -159
package/src/__tests__/cap-routers/settings-store.router.spec.ts +0 -291
package/src/__tests__/capability-e2e.test.ts +0 -384
package/src/__tests__/cli-e2e.test.ts +0 -150
package/src/__tests__/core-cap-bridge.spec.ts +0 -91
package/src/__tests__/dev-bootstrap-shm-ring.spec.ts +0 -40
package/src/__tests__/device-settings-contribution-dispatch.spec.ts +0 -280
package/src/__tests__/embedded-deps-e2e.test.ts +0 -125
package/src/__tests__/event-bus-proxy-router.spec.ts +0 -75
package/src/__tests__/fixtures/mock-analysis-addon-a.ts +0 -37
package/src/__tests__/fixtures/mock-analysis-addon-b.ts +0 -37
package/src/__tests__/fixtures/mock-log-addon.ts +0 -37
package/src/__tests__/fixtures/mock-storage-addon.ts +0 -40
package/src/__tests__/framework-allowlist.spec.ts +0 -96
package/src/__tests__/framework-installer-defer-restart.spec.ts +0 -165
package/src/__tests__/https-e2e.test.ts +0 -124
package/src/__tests__/lifecycle-e2e.test.ts +0 -189
package/src/__tests__/live-events-subscription.spec.ts +0 -149
package/src/__tests__/moleculer/uds-readiness.spec.ts +0 -150
package/src/__tests__/moleculer/uds-topology.spec.ts +0 -418
package/src/__tests__/moleculer/uds-unowned-call.spec.ts +0 -383
package/src/__tests__/moleculer-register-node-idempotency.spec.ts +0 -273
package/src/__tests__/native-cap-route.spec.ts +0 -427
package/src/__tests__/oauth2-account-linking.spec.ts +0 -867
package/src/__tests__/post-boot-restart.spec.ts +0 -161
package/src/__tests__/singleton-contention.test.ts +0 -499
package/src/__tests__/streaming-diagnostic.test.ts +0 -615
package/src/__tests__/streaming-scale.test.ts +0 -314
package/src/__tests__/uds-addon-call-wiring.spec.ts +0 -242
package/src/__tests__/uds-log-ingest.spec.ts +0 -183
package/src/api/__tests__/addons-custom.spec.ts +0 -148
package/src/api/__tests__/capabilities.router.test.ts +0 -56
package/src/api/addon-upload.ts +0 -529
package/src/api/addons-custom.router.ts +0 -101
package/src/api/auth-whoami.ts +0 -101
package/src/api/bridge-addons.router.ts +0 -122
package/src/api/capabilities.router.ts +0 -265
package/src/api/core/__tests__/auth-router-totp.spec.ts +0 -297
package/src/api/core/__tests__/integration-markers.spec.ts +0 -10
package/src/api/core/addon-settings.router.ts +0 -127
package/src/api/core/agents.router.ts +0 -86
package/src/api/core/auth.router.ts +0 -322
package/src/api/core/bulk-update-coordinator.ts +0 -305
package/src/api/core/cap-providers.ts +0 -1339
package/src/api/core/capabilities.router.ts +0 -149
package/src/api/core/collection-preference.ts +0 -40
package/src/api/core/event-bus-proxy.router.ts +0 -45
package/src/api/core/hwaccel.router.ts +0 -108
package/src/api/core/live-events.router.ts +0 -67
package/src/api/core/logs.router.ts +0 -195
package/src/api/core/notifications.router.ts +0 -66
package/src/api/core/repl.router.ts +0 -39
package/src/api/core/settings-backend.router.ts +0 -140
package/src/api/core/stream-probe.router.ts +0 -57
package/src/api/core/system-events.router.ts +0 -125
package/src/api/health/health.routes.ts +0 -117
package/src/api/oauth2/__tests__/oauth2-routes.spec.ts +0 -62
package/src/api/oauth2/oauth2-routes.ts +0 -281
package/src/api/trpc/__tests__/client-ip.spec.ts +0 -146
package/src/api/trpc/__tests__/scope-access-device.spec.ts +0 -268
package/src/api/trpc/__tests__/scope-access.spec.ts +0 -102
package/src/api/trpc/__tests__/webrtc-session-ua-enrich.spec.ts +0 -136
package/src/api/trpc/cap-mount-helpers.ts +0 -245
package/src/api/trpc/cap-route-error-formatter.ts +0 -171
package/src/api/trpc/client-ip.ts +0 -147
package/src/api/trpc/core-cap-bridge.ts +0 -154
package/src/api/trpc/generated-cap-mounts.ts +0 -1240
package/src/api/trpc/generated-cap-routers.ts +0 -11523
package/src/api/trpc/scope-access.ts +0 -110
package/src/api/trpc/trpc.context.ts +0 -258
package/src/api/trpc/trpc.middleware.ts +0 -146
package/src/api/trpc/trpc.router.ts +0 -389
package/src/auth/session-cookie.ts +0 -54
package/src/boot/__tests__/integration-id-backfill.spec.ts +0 -131
package/src/boot/boot-config.ts +0 -259
package/src/boot/integration-id-backfill.ts +0 -109
package/src/boot/post-boot.service.ts +0 -105
package/src/core/addon/__tests__/addon-registry-capability.test.ts +0 -62
package/src/core/addon/__tests__/addon-row-manifest.spec.ts +0 -62
package/src/core/addon/addon-call-gateway.ts +0 -171
package/src/core/addon/addon-package.service.ts +0 -1787
package/src/core/addon/addon-registry.service.ts +0 -3130
package/src/core/addon/addon-search.service.ts +0 -91
package/src/core/addon/addon-settings-provider.ts +0 -220
package/src/core/addon/addon.tokens.ts +0 -2
package/src/core/addon-bridge/addon-bridge.service.ts +0 -130
package/src/core/addon-pages/addon-pages.service.spec.ts +0 -117
package/src/core/addon-pages/addon-pages.service.ts +0 -82
package/src/core/addon-widgets/addon-widgets.service.ts +0 -95
package/src/core/agent/agent-registry.service.ts +0 -529
package/src/core/auth/auth.service.spec.ts +0 -86
package/src/core/auth/auth.service.ts +0 -8
package/src/core/capability/capability.service.ts +0 -66
package/src/core/config/config.schema.ts +0 -3
package/src/core/config/config.service.spec.ts +0 -175
package/src/core/config/config.service.ts +0 -7
package/src/core/events/event-bus.service.spec.ts +0 -235
package/src/core/events/event-bus.service.ts +0 -89
package/src/core/feature/feature.service.spec.ts +0 -99
package/src/core/feature/feature.service.ts +0 -8
package/src/core/lifecycle/lifecycle-state-machine.spec.ts +0 -166
package/src/core/lifecycle/lifecycle-state-machine.ts +0 -3
package/src/core/logging/log-ring-buffer.ts +0 -3
package/src/core/logging/logging.service.spec.ts +0 -287
package/src/core/logging/logging.service.ts +0 -143
package/src/core/logging/scoped-logger.ts +0 -3
package/src/core/moleculer/cap-call-fn.spec.ts +0 -173
package/src/core/moleculer/cap-call-fn.ts +0 -107
package/src/core/moleculer/cap-route-authority.ts +0 -194
package/src/core/moleculer/moleculer.service.ts +0 -1072
package/src/core/network/network-quality.service.spec.ts +0 -53
package/src/core/network/network-quality.service.ts +0 -5
package/src/core/notification/notification-wrapper.service.ts +0 -34
package/src/core/notification/toast-wrapper.service.ts +0 -27
package/src/core/provider/provider.tokens.ts +0 -1
package/src/core/repl/repl-engine.service.spec.ts +0 -444
package/src/core/repl/repl-engine.service.ts +0 -155
package/src/core/storage/fs-storage-backend.spec.ts +0 -70
package/src/core/storage/fs-storage-backend.ts +0 -3
package/src/core/storage/storage-location-manager.spec.ts +0 -130
package/src/core/storage/storage-location-manager.ts +0 -3
package/src/core/storage/storage.service.spec.ts +0 -73
package/src/core/storage/storage.service.ts +0 -3
package/src/core/streaming/stream-probe.service.ts +0 -221
package/src/core/topology/topology-emitter.service.ts +0 -105
package/src/launcher.ts +0 -314
package/src/main.ts +0 -1245
package/src/manual-boot.ts +0 -301
package/tsconfig.build.json +0 -8
package/tsconfig.json +0 -33
package/vitest.config.ts +0 -26

package/src/__tests__/addon-upload.spec.ts DELETED Viewed

@@ -1,475 +0,0 @@
-/**
- * Integration test for the `/api/addons/upload` route.
- *
- * Uses a real Fastify instance to exercise the multipart parser end-to-end
- * with mock dependencies for the AddonBridgeService, AuthService, and
- * MoleculerService. Verifies:
- *
- * 1. Auth enforcement (401 without token, 403 for non-admin)
- * 2. File extension validation (.tgz / .tar.gz only)
- * 3. Hub install path (nodeId = 'hub' or absent → AddonInstaller.installFromTgz)
- * 4. Agent deploy path (nodeId = 'agent-x' → moleculer.broker.call with nodeID)
- * 5. Agent failure → 502 response
- */
-import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
-import Fastify from 'fastify'
-import type { FastifyInstance } from 'fastify'
-import * as fs from 'node:fs'
-import * as path from 'node:path'
-import * as os from 'node:os'
-import { execFileSync } from 'node:child_process'
-import { registerAddonUploadRoute } from '../api/addon-upload.js'
-import type { AddonBridgeService } from '../core/addon-bridge/addon-bridge.service.js'
-import type { AuthService } from '../core/auth/auth.service.js'
-import type { MoleculerService } from '../core/moleculer/moleculer.service.js'
-import type { AddonRegistryService } from '../core/addon/addon-registry.service.js'
-import type { AddonPackageService } from '../core/addon/addon-package.service.js'
-import type { IScopedLogger } from '@camstack/types'
-/**
- * Build a minimal valid addon tarball containing a `package/package.json`
- * with the given name + version. `validateTarball` on the server extracts
- * just that file via `tar -xzO`, so nothing else is needed for the happy
- * path tests. Returns a Buffer.
- */
-function buildValidTarball(manifest: { name: string; version: string }): Buffer {
-  const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'vitest-tarball-'))
-  try {
-    fs.mkdirSync(path.join(tmpDir, 'package'), { recursive: true })
-    fs.writeFileSync(path.join(tmpDir, 'package', 'package.json'), JSON.stringify(manifest))
-    const tgz = path.join(tmpDir, 'out.tgz')
-    execFileSync('tar', ['-czf', tgz, '-C', tmpDir, 'package'])
-    return fs.readFileSync(tgz)
-  } finally {
-    fs.rmSync(tmpDir, { recursive: true, force: true })
-  }
-}
-interface MockAuthPayload {
-  readonly isAdmin: boolean
-}
-interface FormDataLike {
-  readonly file: { filename: string; content: Buffer }
-  readonly nodeId?: string
-  readonly addonId?: string
-}
-function buildMultipart(boundary: string, body: FormDataLike): Buffer {
-  const parts: Buffer[] = []
-  const push = (s: string) => parts.push(Buffer.from(s))
-  push(`--${boundary}\r\n`)
-  push(`Content-Disposition: form-data; name="file"; filename="${body.file.filename}"\r\n`)
-  push('Content-Type: application/gzip\r\n\r\n')
-  parts.push(body.file.content)
-  push('\r\n')
-  if (body.nodeId !== undefined) {
-    push(`--${boundary}\r\n`)
-    push('Content-Disposition: form-data; name="nodeId"\r\n\r\n')
-    push(body.nodeId)
-    push('\r\n')
-  }
-  if (body.addonId !== undefined) {
-    push(`--${boundary}\r\n`)
-    push('Content-Disposition: form-data; name="addonId"\r\n\r\n')
-    push(body.addonId)
-    push('\r\n')
-  }
-  push(`--${boundary}--\r\n`)
-  return Buffer.concat(parts)
-}
-function makeAuth(kind: 'admin' | 'non-admin' | 'invalid' = 'admin'): AuthService {
-  return {
-    verifyToken: vi.fn(() => {
-      if (kind === 'invalid') throw new Error('invalid token')
-      const payload: MockAuthPayload = { isAdmin: kind === 'admin' }
-      return payload
-    }),
-  } as unknown as AuthService
-}
-function makeAddonBridge(installed?: { name: string; version: string }): AddonBridgeService {
-  return {
-    getInstaller: vi.fn(() =>
-      installed === undefined
-        ? null
-        : {
-            installFromTgz: vi.fn(async () => installed),
-          },
-    ),
-    reloadPackages: vi.fn(async () => {}),
-  } as unknown as AddonBridgeService
-}
-function makeMoleculer(call: ReturnType<typeof vi.fn>): MoleculerService {
-  return {
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment -- test stub: vi.fn isn't typed against the broker's internal call shape, but the runtime contract is what we exercise
-    broker: { call } as unknown as MoleculerService['broker'],
-  } as unknown as MoleculerService
-}
-function makeAddonRegistry(): AddonRegistryService {
-  return {
-    // Returns an empty list — no addons currently tied to any package.
-    // `installToHub` uses this to build `preInstallAddonIds`; an empty
-    // result means no background `restartAddon` calls are fired.
-    listAddons: vi.fn(() => []),
-    // Simulates a successful filesystem scan that found no new addons.
-    loadNewAddons: vi.fn(async () => ({ loaded: [] as string[], failed: [] as string[] })),
-    // Not reached in the default happy-path (preInstallAddonIds is empty),
-    // but stubbed for completeness and per-test overrides.
-    restartAddon: vi.fn(async (_id: string) => ({ success: true })),
-    // Returns a minimal cap-registry stub. `validateScopedTokenViaCap`
-    // calls `getSingleton('user-management')` — returning null means no
-    // singleton is mounted, so scoped-token auth is skipped. All happy-
-    // path tests authenticate via the JWT path (`Bearer t` → isAdmin),
-    // so this is the correct safe default.
-    getCapabilityRegistry: vi.fn(() => ({
-      getSingleton: vi.fn((_name: string) => null),
-    })),
-  } as unknown as AddonRegistryService
-}
-function makeAddonPackageService(): AddonPackageService {
-  // `restartServer` is exercised only by the framework-package branch; the
-  // default happy-path tests deploy a regular addon and never call it.
-  return {
-    restartServer: vi.fn((_requestedBy?: string) => {}),
-  } as unknown as AddonPackageService
-}
-function makeLogger(): IScopedLogger {
-  return {
-    debug: vi.fn(),
-    info: vi.fn(),
-    warn: vi.fn(),
-    error: vi.fn(),
-    child: vi.fn(function (this: IScopedLogger) {
-      return this
-    }),
-    withTags: vi.fn(function (this: IScopedLogger) {
-      return this
-    }),
-  } as unknown as IScopedLogger
-}
-async function makeServer(opts: {
-  auth: AuthService
-  bridge: AddonBridgeService
-  moleculer: MoleculerService
-  addonRegistry?: AddonRegistryService
-  addonPackageService?: AddonPackageService
-  logger?: IScopedLogger
-}): Promise<FastifyInstance> {
-  const fastify = Fastify({ logger: false })
-  await registerAddonUploadRoute(
-    fastify,
-    opts.bridge,
-    opts.auth,
-    opts.moleculer,
-    opts.addonRegistry ?? makeAddonRegistry(),
-    opts.addonPackageService ?? makeAddonPackageService(),
-    opts.logger ?? makeLogger(),
-  )
-  await fastify.ready()
-  return fastify
-}
-const TGZ_BOUNDARY = '----vitestboundary'
-const VALID_TARBALL = buildValidTarball({ name: 'addon-x', version: '1.0.0' })
-const INVALID_TARBALL = Buffer.from('fake-not-a-tarball')
-describe('POST /api/addons/upload', () => {
-  let fastify: FastifyInstance | null = null
-  afterEach(async () => {
-    if (fastify) {
-      await fastify.close()
-      fastify = null
-    }
-  })
-  describe('auth', () => {
-    beforeEach(async () => {
-      fastify = await makeServer({
-        auth: makeAuth('admin'),
-        bridge: makeAddonBridge({ name: 'addon-x', version: '1.0.0' }),
-        moleculer: makeMoleculer(vi.fn()),
-      })
-    })
-    it('returns 401 when Authorization header is missing', async () => {
-      const res = await fastify!.inject({
-        method: 'POST',
-        url: '/api/addons/upload',
-        headers: { 'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}` },
-        payload: buildMultipart(TGZ_BOUNDARY, {
-          file: { filename: 'addon-x.tgz', content: VALID_TARBALL },
-        }),
-      })
-      expect(res.statusCode).toBe(401)
-    })
-    it('returns 403 when token is not admin', async () => {
-      await fastify!.close()
-      fastify = await makeServer({
-        auth: makeAuth('non-admin'),
-        bridge: makeAddonBridge({ name: 'addon-x', version: '1.0.0' }),
-        moleculer: makeMoleculer(vi.fn()),
-      })
-      const res = await fastify.inject({
-        method: 'POST',
-        url: '/api/addons/upload',
-        headers: {
-          'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-          authorization: 'Bearer token',
-        },
-        payload: buildMultipart(TGZ_BOUNDARY, {
-          file: { filename: 'addon-x.tgz', content: VALID_TARBALL },
-        }),
-      })
-      expect(res.statusCode).toBe(403)
-    })
-  })
-  it('returns 400 when filename is not a tarball', async () => {
-    fastify = await makeServer({
-      auth: makeAuth('admin'),
-      bridge: makeAddonBridge({ name: 'addon-x', version: '1.0.0' }),
-      moleculer: makeMoleculer(vi.fn()),
-    })
-    const res = await fastify.inject({
-      method: 'POST',
-      url: '/api/addons/upload',
-      headers: {
-        'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-        authorization: 'Bearer t',
-      },
-      payload: buildMultipart(TGZ_BOUNDARY, {
-        file: { filename: 'evil.exe', content: VALID_TARBALL },
-      }),
-    })
-    expect(res.statusCode).toBe(400)
-  })
-  it('routes to hub installer when nodeId is absent', async () => {
-    // Hub install writes a `.install-source` marker into
-    // `${CAMSTACK_DATA}/addons/<addonName>/`. Point CAMSTACK_DATA at an
-    // isolated temp dir for the test so the side effect doesn't escape.
-    const tmpRoot = await import('node:fs/promises').then((fs) =>
-      fs.mkdtemp('/tmp/camstack-upload-test-'),
-    )
-    const previous = process.env['CAMSTACK_DATA']
-    process.env['CAMSTACK_DATA'] = tmpRoot
-    const fsSync = await import('node:fs')
-    fsSync.mkdirSync(`${tmpRoot}/addons/addon-x`, { recursive: true })
-    try {
-      const bridge = makeAddonBridge({ name: 'addon-x', version: '2.0.0' })
-      fastify = await makeServer({
-        auth: makeAuth('admin'),
-        bridge,
-        moleculer: makeMoleculer(vi.fn()),
-      })
-      const res = await fastify.inject({
-        method: 'POST',
-        url: '/api/addons/upload',
-        headers: {
-          'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-          authorization: 'Bearer t',
-        },
-        payload: buildMultipart(TGZ_BOUNDARY, {
-          file: { filename: 'addon-x.tgz', content: VALID_TARBALL },
-        }),
-      })
-      expect(res.statusCode).toBe(200)
-      const body = res.json() as {
-        success: boolean
-        target: string
-        packageName: string
-        version: string
-      }
-      expect(body).toMatchObject({
-        success: true,
-        target: 'hub',
-        packageName: 'addon-x',
-        version: '2.0.0',
-      })
-    } finally {
-      if (previous === undefined) delete process.env['CAMSTACK_DATA']
-      else process.env['CAMSTACK_DATA'] = previous
-      fsSync.rmSync(tmpRoot, { recursive: true, force: true })
-    }
-  })
-  it('restarts the server (not an in-process reload) when a framework package is deployed', async () => {
-    // @camstack/core ships hub builtins that can't hot-reload in place — the
-    // upload path must call restartServer() and SKIP the per-addon restartAddon.
-    const tmpRoot = await import('node:fs/promises').then((fs) =>
-      fs.mkdtemp('/tmp/camstack-upload-fw-'),
-    )
-    const previous = process.env['CAMSTACK_DATA']
-    process.env['CAMSTACK_DATA'] = tmpRoot
-    const fsSync = await import('node:fs')
-    fsSync.mkdirSync(`${tmpRoot}/addons/@camstack/core`, { recursive: true })
-    try {
-      const restartServer = vi.fn((_requestedBy?: string) => {})
-      const restartAddon = vi.fn(async (_id: string) => ({ success: true }))
-      const registry = {
-        listAddons: vi.fn(() => [
-          { manifest: { id: 'sqlite-settings', packageName: '@camstack/core' } },
-        ]),
-        loadNewAddons: vi.fn(async () => ({ loaded: [] as string[], failed: [] as string[] })),
-        restartAddon,
-        getCapabilityRegistry: vi.fn(() => ({ getSingleton: vi.fn((_n: string) => null) })),
-      } as unknown as AddonRegistryService
-      const pkgSvc = { restartServer } as unknown as AddonPackageService
-      fastify = await makeServer({
-        auth: makeAuth('admin'),
-        bridge: makeAddonBridge({ name: '@camstack/core', version: '9.9.9' }),
-        moleculer: makeMoleculer(vi.fn()),
-        addonRegistry: registry,
-        addonPackageService: pkgSvc,
-      })
-      const res = await fastify.inject({
-        method: 'POST',
-        url: '/api/addons/upload',
-        headers: {
-          'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-          authorization: 'Bearer t',
-        },
-        payload: buildMultipart(TGZ_BOUNDARY, {
-          file: {
-            filename: 'camstack-core-9.9.9.tgz',
-            content: buildValidTarball({ name: '@camstack/core', version: '9.9.9' }),
-          },
-        }),
-      })
-      expect(res.statusCode).toBe(200)
-      expect(res.json()).toMatchObject({ success: true, requiresRestart: true, restarting: true })
-      expect(restartServer).toHaveBeenCalledOnce()
-      // Critical: the in-process restart that breaks builtins must NOT run.
-      expect(restartAddon).not.toHaveBeenCalled()
-    } finally {
-      if (previous === undefined) delete process.env['CAMSTACK_DATA']
-      else process.env['CAMSTACK_DATA'] = previous
-      fsSync.rmSync(tmpRoot, { recursive: true, force: true })
-    }
-  })
-  it('routes to $agent.deploy when nodeId is provided', async () => {
-    const call = vi.fn(async () => ({
-      success: true,
-      addonId: 'addon-x',
-      path: '/agent/addons/addon-x',
-    }))
-    fastify = await makeServer({
-      auth: makeAuth('admin'),
-      bridge: makeAddonBridge(),
-      moleculer: makeMoleculer(call),
-    })
-    const res = await fastify.inject({
-      method: 'POST',
-      url: '/api/addons/upload',
-      headers: {
-        'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-        authorization: 'Bearer t',
-      },
-      payload: buildMultipart(TGZ_BOUNDARY, {
-        file: { filename: 'addon-x-1.2.3.tgz', content: VALID_TARBALL },
-        nodeId: 'agent-frigate',
-        addonId: 'addon-x',
-      }),
-    })
-    expect(res.statusCode).toBe(200)
-    const body = res.json() as { success: boolean; target: string; addonId: string; path: string }
-    expect(body.target).toBe('agent-frigate')
-    expect(body.addonId).toBe('addon-x')
-    expect(call).toHaveBeenCalledWith(
-      '$agent.deploy',
-      { addonId: 'addon-x', bundle: VALID_TARBALL },
-      { nodeID: 'agent-frigate', timeout: 60_000 },
-    )
-  })
-  it('returns 502 when $agent.deploy throws', async () => {
-    const call = vi.fn(async () => {
-      throw new Error('agent unreachable')
-    })
-    fastify = await makeServer({
-      auth: makeAuth('admin'),
-      bridge: makeAddonBridge(),
-      moleculer: makeMoleculer(call),
-    })
-    const res = await fastify.inject({
-      method: 'POST',
-      url: '/api/addons/upload',
-      headers: {
-        'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-        authorization: 'Bearer t',
-      },
-      payload: buildMultipart(TGZ_BOUNDARY, {
-        file: { filename: 'addon-x.tgz', content: VALID_TARBALL },
-        nodeId: 'agent-frigate',
-      }),
-    })
-    expect(res.statusCode).toBe(502)
-    const body = res.json() as { error: string }
-    expect(body.error).toMatch(/agent unreachable/)
-  })
-  it('uses manifest.name as addonId fallback when client omits the hint', async () => {
-    const call = vi.fn(async () => ({ success: true, addonId: 'addon-foo' }))
-    const tarball = buildValidTarball({ name: 'addon-foo', version: '1.2.3' })
-    fastify = await makeServer({
-      auth: makeAuth('admin'),
-      bridge: makeAddonBridge(),
-      moleculer: makeMoleculer(call),
-    })
-    await fastify.inject({
-      method: 'POST',
-      url: '/api/addons/upload',
-      headers: {
-        'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-        authorization: 'Bearer t',
-      },
-      payload: buildMultipart(TGZ_BOUNDARY, {
-        // Filename is intentionally different from manifest.name to prove
-        // that the server reads the manifest, not the filename.
-        file: { filename: 'unrelated-name-9.tgz', content: tarball },
-        nodeId: 'agent-frigate',
-      }),
-    })
-    expect(call).toHaveBeenCalledWith(
-      '$agent.deploy',
-      expect.objectContaining({ addonId: 'addon-foo' }),
-      expect.anything(),
-    )
-  })
-  it('returns 400 when the tarball has no valid package.json', async () => {
-    fastify = await makeServer({
-      auth: makeAuth('admin'),
-      bridge: makeAddonBridge(),
-      moleculer: makeMoleculer(vi.fn()),
-    })
-    const res = await fastify.inject({
-      method: 'POST',
-      url: '/api/addons/upload',
-      headers: {
-        'content-type': `multipart/form-data; boundary=${TGZ_BOUNDARY}`,
-        authorization: 'Bearer t',
-      },
-      payload: buildMultipart(TGZ_BOUNDARY, {
-        file: { filename: 'bogus.tgz', content: INVALID_TARBALL },
-      }),
-    })
-    expect(res.statusCode).toBe(400)
-    const body = res.json() as { error: string }
-    expect(body.error).toMatch(/package\.json/)
-  })
-})

package/src/__tests__/agent-registry.spec.ts DELETED Viewed

@@ -1,179 +0,0 @@
-/**
- * AgentRegistryService — node.connected + cold-scan event emission.
- *
- * Regression guard for the race between hub boot and remote agents: when
- * a dev.sh cluster starts hub + agents simultaneously, agents can register
- * with Moleculer BEFORE the hub's `AgentRegistryService.onModuleInit`
- * wires its `$node.connected` listener. Without the cold-scan below,
- * those agents never produced an `agent.online` event, so alert-center
- * and admin-ui lost their lifecycle view of the cluster.
- *
- * These specs validate both the hot path (new connections fire the
- * listener) and the cold path (already-connected nodes retroactively
- * emit on init).
- */
-import { describe, it, expect, beforeEach } from 'vitest'
-import { EventEmitter } from 'node:events'
-import { AgentRegistryService } from '../core/agent/agent-registry.service.js'
-import type { EventBusService } from '../core/events/event-bus.service.js'
-import type { MoleculerService } from '../core/moleculer/moleculer.service.js'
-import type { CapabilityService } from '../core/capability/capability.service.js'
-import type { SystemEvent } from '@camstack/types'
-interface CapturedEmits {
-  readonly events: SystemEvent[]
-}
-function createFakes(opts: { preExistingNodeIds?: readonly string[] } = {}) {
-  const emits: CapturedEmits = { events: [] }
-  const fakeEventBus = {
-    emit: (event: SystemEvent) => {
-      emits.events.push(event)
-    },
-  } as unknown as EventBusService
-  const localBus = new EventEmitter()
-  const nodeList = (opts.preExistingNodeIds ?? []).map((id) => ({ id }))
-  // D3: setOnAgentRegistered is called by AgentRegistryService.onModuleInit
-  // to wire the handshake-driven reconcile trigger. The fake captures the
-  // callback but does not invoke it (reconcile tests are out of scope here).
-  const fakeMoleculer = {
-    broker: {
-      nodeID: 'hub',
-      localBus,
-      registry: {
-        getNodeList: ({ onlyAvailable }: { onlyAvailable: boolean }) => {
-          void onlyAvailable
-          return nodeList
-        },
-      },
-    },
-    setOnAgentRegistered: (_cb: (nodeId: string) => void) => {
-      /* no-op in unit tests */
-    },
-  } as unknown as MoleculerService
-  const fakeCapability = {} as unknown as CapabilityService
-  const service = new AgentRegistryService(fakeEventBus, fakeMoleculer, fakeCapability)
-  return { service, emits, localBus }
-}
-describe('AgentRegistryService — agent.online event lifecycle', () => {
-  let captured: CapturedEmits
-  let service: AgentRegistryService
-  let localBus: EventEmitter
-  describe('hot path: $node.connected fired after onModuleInit', () => {
-    beforeEach(() => {
-      const fakes = createFakes()
-      service = fakes.service
-      captured = fakes.emits
-      localBus = fakes.localBus
-      service.onModuleInit()
-    })
-    it('emits agent.online with the agentId when a new node connects', () => {
-      localBus.emit('$node.connected', { node: { id: 'dev-agent-0' } })
-      expect(captured.events).toHaveLength(1)
-      expect(captured.events[0]!.category).toBe('agent.online')
-      expect((captured.events[0]!.data as Record<string, unknown>).agentId).toBe('dev-agent-0')
-    })
-    it('emits agent.offline on $node.disconnected', () => {
-      localBus.emit('$node.disconnected', { node: { id: 'dev-agent-0' } })
-      expect(captured.events).toHaveLength(1)
-      expect(captured.events[0]!.category).toBe('agent.offline')
-    })
-    it('handles burst of connections without loss', () => {
-      for (let i = 0; i < 5; i++) {
-        localBus.emit('$node.connected', { node: { id: `agent-${i}` } })
-      }
-      expect(captured.events).toHaveLength(5)
-      expect(captured.events.map((e) => (e.data as Record<string, unknown>).agentId)).toEqual([
-        'agent-0',
-        'agent-1',
-        'agent-2',
-        'agent-3',
-        'agent-4',
-      ])
-    })
-  })
-  describe('cold path: nodes already connected before onModuleInit', () => {
-    it('retroactively emits agent.online for pre-existing remote agents and worker.online for sub-workers', () => {
-      const fakes = createFakes({
-        preExistingNodeIds: ['dev-agent-0', 'dev-agent-1', 'hub/benchmark'],
-      })
-      fakes.service.onModuleInit()
-      // Skip the self-node ('hub'). Bare ids → agents (`agent.online`);
-      // `hub/<x>` ids → in-process workers (`worker.online`). The split
-      // is intentional — see "Event system: separate WorkerOnline /
-      // WorkerOffline events split from agent lifecycle" in
-      // `agent-registry.service.ts::onModuleInit`.
-      const agentIds = fakes.emits.events
-        .filter((e) => e.category === 'agent.online')
-        .map((e) => (e.data as Record<string, unknown>).agentId)
-      const workerIds = fakes.emits.events
-        .filter((e) => e.category === 'worker.online')
-        .map((e) => (e.data as Record<string, unknown>).workerId)
-      expect(agentIds.toSorted()).toEqual(['dev-agent-0', 'dev-agent-1'])
-      expect(workerIds).toEqual(['hub/benchmark'])
-    })
-    it('skips the hub self-node on cold-scan', () => {
-      const fakes = createFakes({ preExistingNodeIds: ['hub', 'dev-agent-0'] })
-      fakes.service.onModuleInit()
-      const ids = fakes.emits.events
-        .filter((e) => e.category === 'agent.online')
-        .map((e) => (e.data as Record<string, unknown>).agentId)
-      expect(ids).toEqual(['dev-agent-0'])
-      expect(ids).not.toContain('hub')
-    })
-    it('combined cold-scan + hot-path: no duplicates, both sources produce events', () => {
-      const fakes = createFakes({ preExistingNodeIds: ['dev-agent-0'] })
-      fakes.service.onModuleInit()
-      // One from cold-scan.
-      expect(fakes.emits.events).toHaveLength(1)
-      // New connection fires the hot path.
-      fakes.localBus.emit('$node.connected', { node: { id: 'dev-agent-1' } })
-      expect(fakes.emits.events).toHaveLength(2)
-      expect((fakes.emits.events[1]!.data as Record<string, unknown>).agentId).toBe('dev-agent-1')
-    })
-  })
-  describe('resilience: malformed registry shape', () => {
-    it('does not throw if broker.registry.getNodeList is missing', () => {
-      const emits: CapturedEmits = { events: [] }
-      const fakeEventBus = {
-        emit: (e: SystemEvent) => emits.events.push(e),
-      } as unknown as EventBusService
-      const fakeMoleculer = {
-        broker: { nodeID: 'hub', localBus: new EventEmitter(), registry: {} },
-        setOnAgentRegistered: (_cb: (nodeId: string) => void) => {
-          /* no-op */
-        },
-      } as unknown as MoleculerService
-      const svc = new AgentRegistryService(fakeEventBus, fakeMoleculer, {} as CapabilityService)
-      expect(() => svc.onModuleInit()).not.toThrow()
-      expect(emits.events).toHaveLength(0)
-    })
-    it('does not throw if broker.registry itself is missing', () => {
-      const emits: CapturedEmits = { events: [] }
-      const fakeEventBus = {
-        emit: (e: SystemEvent) => emits.events.push(e),
-      } as unknown as EventBusService
-      const fakeMoleculer = {
-        broker: { nodeID: 'hub', localBus: new EventEmitter() },
-        setOnAgentRegistered: (_cb: (nodeId: string) => void) => {
-          /* no-op */
-        },
-      } as unknown as MoleculerService
-      const svc = new AgentRegistryService(fakeEventBus, fakeMoleculer, {} as CapabilityService)
-      expect(() => svc.onModuleInit()).not.toThrow()
-    })
-  })
-})