@cpretzinger/boss-claude 1.0.0 → 1.0.2

package/lib/validators/config.test.js

@@ -0,0 +1,175 @@
+#!/usr/bin/env node
+
+/**
+ * Configuration Validator Test Suite
+ * Tests the config validator with various scenarios
+ */
+
+import {
+  validateRedisUrl,
+  validateGitHubToken,
+  validateOpenAiKey,
+  validateConfig,
+  printReport
+} from './config.js';
+import chalk from 'chalk';
+
+console.log(chalk.bold.blue('\n🧪 Boss Claude Configuration Validator Tests\n'));
+
+// Test 1: Valid Redis URLs
+console.log(chalk.bold('Test 1: Redis URL Validation'));
+console.log('─'.repeat(60));
+
+const redisTests = [
+  {
+    name: 'Valid Redis URL (Railway)',
+    url: 'redis://user:password@test.example.com:6379',
+    shouldPass: true
+  },
+  {
+    name: 'Valid Redis URL with SSL',
+    url: 'rediss://default:password@redis.production.com:6379/0',
+    shouldPass: true
+  },
+  {
+    name: 'Valid Redis URL (no auth)',
+    url: 'redis://localhost:6379',
+    shouldPass: false // Should fail as placeholder
+  },
+  {
+    name: 'Invalid Redis URL (missing host)',
+    url: 'redis://:password@:6379',
+    shouldPass: false
+  },
+  {
+    name: 'Invalid Redis URL (wrong protocol)',
+    url: 'http://localhost:6379',
+    shouldPass: false
+  }
+];
+
+redisTests.forEach(test => {
+  const result = validateRedisUrl(test.url);
+  const passed = result.valid === test.shouldPass;
+  const icon = passed ? chalk.green('✓') : chalk.red('✗');
+  console.log(`${icon} ${test.name}`);
+  if (!passed) {
+    console.log(`  Expected: ${test.shouldPass}, Got: ${result.valid}`);
+    console.log(`  Error: ${result.error}`);
+  }
+});
+
+console.log();
+
+// Test 2: GitHub Token Validation
+console.log(chalk.bold('Test 2: GitHub Token Validation'));
+console.log('─'.repeat(60));
+
+const githubTests = [
+  {
+    name: 'Valid classic token',
+    token: 'ghp_1234567890abcdefghijklmnopqrstuvwxyz12',
+    shouldPass: true
+  },
+  {
+    name: 'Valid fine-grained token',
+    token: 'github_pat_11ABCDEFG0123456789abcdefghijklmnopqrstuvwxyz1234567890',
+    shouldPass: true
+  },
+  {
+    name: 'Invalid - placeholder',
+    token: 'YOUR_TOKEN_HERE',
+    shouldPass: false
+  },
+  {
+    name: 'Invalid - too short',
+    token: 'ghp_short',
+    shouldPass: false
+  },
+  {
+    name: 'Invalid - wrong prefix',
+    token: 'abc_1234567890abcdefghijklmnopqrstuvwxyz12',
+    shouldPass: false
+  }
+];
+
+githubTests.forEach(test => {
+  const result = validateGitHubToken(test.token);
+  const passed = result.valid === test.shouldPass;
+  const icon = passed ? chalk.green('✓') : chalk.red('✗');
+  console.log(`${icon} ${test.name}`);
+  if (!passed) {
+    console.log(`  Expected: ${test.shouldPass}, Got: ${result.valid}`);
+    console.log(`  Error: ${result.error}`);
+  }
+});
+
+console.log();
+
+// Test 3: OpenAI API Key Validation
+console.log(chalk.bold('Test 3: OpenAI API Key Validation'));
+console.log('─'.repeat(60));
+
+const openaiTests = [
+  {
+    name: 'Valid legacy key',
+    key: 'sk-1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJ',
+    shouldPass: true
+  },
+  {
+    name: 'Valid project key',
+    key: 'sk-proj-1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJ1234567890',
+    shouldPass: true
+  },
+  {
+    name: 'Invalid - placeholder',
+    key: 'YOUR_OPENAI_KEY',
+    shouldPass: false
+  },
+  {
+    name: 'Invalid - wrong prefix',
+    key: 'pk-1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJ',
+    shouldPass: false
+  },
+  {
+    name: 'Invalid - too short',
+    key: 'sk-short',
+    shouldPass: false
+  }
+];
+
+openaiTests.forEach(test => {
+  const result = validateOpenAiKey(test.key);
+  const passed = result.valid === test.shouldPass;
+  const icon = passed ? chalk.green('✓') : chalk.red('✗');
+  console.log(`${icon} ${test.name}`);
+  if (!passed) {
+    console.log(`  Expected: ${test.shouldPass}, Got: ${result.valid}`);
+    console.log(`  Error: ${result.error}`);
+  }
+});
+
+console.log();
+
+// Test 4: Full Configuration Validation
+console.log(chalk.bold('Test 4: Full Configuration Validation'));
+console.log('─'.repeat(60));
+console.log(chalk.dim('Testing actual ~/.boss-claude/.env file...\n'));
+
+try {
+  const report = await validateConfig({ includeOptional: true });
+  printReport(report);
+
+  if (report.valid) {
+    console.log(chalk.green.bold('\n✅ All tests passed!'));
+  } else {
+    console.log(chalk.yellow.bold('\n⚠️  Some tests failed (see report above)'));
+  }
+} catch (error) {
+  console.error(chalk.red('\n❌ Error running full validation:'), error.message);
+  process.exit(1);
+}
+
+console.log('\n' + '═'.repeat(60));
+console.log(chalk.bold.blue('🎯 Test Suite Complete'));
+console.log('═'.repeat(60) + '\n');

package/lib/validators/github.js

@@ -0,0 +1,310 @@
+import { Octokit } from '@octokit/rest';
+
+/**
+ * GitHub Token Validator
+ * Tests if a GitHub token has the required permissions for Boss Claude operations
+ *
+ * Required Permissions:
+ * - Issues: Read/Write (repo scope or issues scope)
+ * - Contents: Read/Write (repo scope or contents scope)
+ */
+
+/**
+ * Validates GitHub token permissions
+ * @param {string} token - GitHub personal access token
+ * @param {Object} options - Validation options
+ * @param {boolean} options.strict - If true, requires exact scopes. If false, allows broader scopes like 'repo'
+ * @returns {Promise<Object>} Validation result
+ */
+export async function validateGitHubToken(token, options = { strict: false }) {
+  if (!token) {
+    return {
+      valid: false,
+      error: 'No GitHub token provided',
+      missingPermissions: ['issues', 'contents'],
+      suggestion: 'Provide a GitHub personal access token'
+    };
+  }
+
+  const octokit = new Octokit({ auth: token });
+
+  try {
+    // Get token information
+    const { data: user, headers } = await octokit.rest.users.getAuthenticated();
+
+    // Parse X-OAuth-Scopes header to get token scopes
+    const scopeHeader = headers['x-oauth-scopes'];
+    const scopes = scopeHeader ? scopeHeader.split(',').map(s => s.trim()) : [];
+
+    // Check for required permissions
+    const requiredPermissions = {
+      issues: checkIssuesPermission(scopes, options.strict),
+      contents: checkContentsPermission(scopes, options.strict)
+    };
+
+    const hasAllPermissions = requiredPermissions.issues && requiredPermissions.contents;
+    const missingPermissions = [];
+
+    if (!requiredPermissions.issues) {
+      missingPermissions.push('issues');
+    }
+    if (!requiredPermissions.contents) {
+      missingPermissions.push('contents');
+    }
+
+    if (hasAllPermissions) {
+      return {
+        valid: true,
+        user: user.login,
+        scopes: scopes,
+        permissions: {
+          issues: 'read/write',
+          contents: 'read/write'
+        },
+        message: `✅ GitHub token valid for user: ${user.login}`
+      };
+    } else {
+      return {
+        valid: false,
+        user: user.login,
+        scopes: scopes,
+        error: 'Token is missing required permissions',
+        missingPermissions: missingPermissions,
+        currentPermissions: {
+          issues: requiredPermissions.issues ? 'read/write' : 'none or read-only',
+          contents: requiredPermissions.contents ? 'read/write' : 'none or read-only'
+        },
+        suggestion: generatePermissionSuggestion(missingPermissions, scopes)
+      };
+    }
+
+  } catch (error) {
+    // Handle specific error cases
+    if (error.status === 401) {
+      return {
+        valid: false,
+        error: 'Invalid or expired GitHub token',
+        details: error.message,
+        suggestion: 'Generate a new personal access token at https://github.com/settings/tokens'
+      };
+    }
+
+    if (error.status === 403) {
+      return {
+        valid: false,
+        error: 'GitHub API rate limit exceeded or token lacks basic access',
+        details: error.message,
+        suggestion: 'Wait for rate limit reset or check token permissions'
+      };
+    }
+
+    return {
+      valid: false,
+      error: 'Failed to validate GitHub token',
+      details: error.message,
+      suggestion: 'Check your network connection and token validity'
+    };
+  }
+}
+
+/**
+ * Check if token has issues read/write permission
+ * @param {Array<string>} scopes - Token scopes
+ * @param {boolean} strict - Strict mode flag
+ * @returns {boolean} True if has permission
+ */
+function checkIssuesPermission(scopes, strict) {
+  // 'repo' scope includes full access to repositories (issues, contents, etc.)
+  // 'public_repo' includes access to public repositories
+  // Fine-grained tokens might have specific 'issues' scope
+
+  if (strict) {
+    // In strict mode, require explicit issues scope or repo scope
+    return scopes.includes('repo') || scopes.includes('issues');
+  }
+
+  // In non-strict mode, allow broader scopes
+  return scopes.includes('repo') ||
+         scopes.includes('public_repo') ||
+         scopes.includes('issues');
+}
+
+/**
+ * Check if token has contents read/write permission
+ * @param {Array<string>} scopes - Token scopes
+ * @param {boolean} strict - Strict mode flag
+ * @returns {boolean} True if has permission
+ */
+function checkContentsPermission(scopes, strict) {
+  // 'repo' scope includes full access to repositories
+  // 'public_repo' includes access to public repositories
+  // Fine-grained tokens might have specific 'contents' scope
+
+  if (strict) {
+    // In strict mode, require explicit contents scope or repo scope
+    return scopes.includes('repo') || scopes.includes('contents');
+  }
+
+  // In non-strict mode, allow broader scopes
+  return scopes.includes('repo') ||
+         scopes.includes('public_repo');
+}
+
+/**
+ * Generate helpful permission suggestion based on missing permissions
+ * @param {Array<string>} missing - Missing permission names
+ * @param {Array<string>} current - Current scopes
+ * @returns {string} Helpful suggestion
+ */
+function generatePermissionSuggestion(missing, current) {
+  const suggestions = [];
+
+  if (missing.length === 0) {
+    return 'Token has all required permissions';
+  }
+
+  suggestions.push('To fix this, create a new GitHub token with the following scopes:');
+
+  if (current.includes('repo')) {
+    suggestions.push('  - Your token already has "repo" scope, but it may be read-only');
+    suggestions.push('  - Ensure the token has write access to repositories');
+  } else {
+    suggestions.push('  - Add "repo" scope for full repository access (recommended)');
+    suggestions.push('  OR');
+
+    if (missing.includes('issues')) {
+      suggestions.push('  - Add "issues" scope for issues read/write access');
+    }
+    if (missing.includes('contents')) {
+      suggestions.push('  - Add "contents" scope for repository contents read/write access');
+    }
+  }
+
+  suggestions.push('');
+  suggestions.push('Create a new token at: https://github.com/settings/tokens/new');
+  suggestions.push('Or use fine-grained tokens at: https://github.com/settings/personal-access-tokens/new');
+
+  return suggestions.join('\n');
+}
+
+/**
+ * Test token against a specific repository
+ * @param {string} token - GitHub token
+ * @param {string} owner - Repository owner
+ * @param {string} repo - Repository name
+ * @returns {Promise<Object>} Test result
+ */
+export async function testTokenOnRepository(token, owner, repo) {
+  const octokit = new Octokit({ auth: token });
+
+  const tests = {
+    readIssues: false,
+    writeIssues: false,
+    readContents: false,
+    writeContents: false
+  };
+
+  const errors = [];
+
+  try {
+    // Test 1: Read issues
+    try {
+      await octokit.rest.issues.listForRepo({ owner, repo, per_page: 1 });
+      tests.readIssues = true;
+    } catch (error) {
+      errors.push(`Read Issues: ${error.message}`);
+    }
+
+    // Test 2: Create a test issue (we'll close it immediately)
+    try {
+      const { data: issue } = await octokit.rest.issues.create({
+        owner,
+        repo,
+        title: '[Boss Claude] Token validation test',
+        body: 'This is an automated test. Closing immediately.',
+        labels: ['bot', 'test']
+      });
+      tests.writeIssues = true;
+
+      // Close the test issue
+      await octokit.rest.issues.update({
+        owner,
+        repo,
+        issue_number: issue.number,
+        state: 'closed'
+      });
+    } catch (error) {
+      errors.push(`Write Issues: ${error.message}`);
+    }
+
+    // Test 3: Read contents
+    try {
+      await octokit.rest.repos.getContent({ owner, repo, path: 'README.md' });
+      tests.readContents = true;
+    } catch (error) {
+      errors.push(`Read Contents: ${error.message}`);
+    }
+
+    // Test 4: Write contents (get latest commit to test write access)
+    try {
+      await octokit.rest.repos.listCommits({ owner, repo, per_page: 1 });
+      tests.writeContents = true;
+    } catch (error) {
+      errors.push(`Write Contents: ${error.message}`);
+    }
+
+    const allTestsPassed = Object.values(tests).every(t => t === true);
+
+    return {
+      success: allTestsPassed,
+      repository: `${owner}/${repo}`,
+      tests,
+      errors: errors.length > 0 ? errors : null,
+      message: allTestsPassed
+        ? `✅ All permissions verified on ${owner}/${repo}`
+        : `❌ Some permissions are missing on ${owner}/${repo}`
+    };
+
+  } catch (error) {
+    return {
+      success: false,
+      repository: `${owner}/${repo}`,
+      error: `Failed to test repository: ${error.message}`,
+      suggestion: 'Ensure the repository exists and the token has access to it'
+    };
+  }
+}
+
+/**
+ * Validate and display results in a user-friendly format
+ * @param {string} token - GitHub token
+ * @param {Object} options - Validation options
+ * @returns {Promise<boolean>} True if valid
+ */
+export async function validateAndDisplay(token, options = {}) {
+  const result = await validateGitHubToken(token, options);
+
+  if (result.valid) {
+    console.log('\n✅ GitHub Token Validation: PASSED');
+    console.log(`User: ${result.user}`);
+    console.log(`Scopes: ${result.scopes.join(', ')}`);
+    console.log(`Permissions: Issues (R/W), Contents (R/W)`);
+  } else {
+    console.log('\n❌ GitHub Token Validation: FAILED');
+    console.log(`Error: ${result.error}`);
+    if (result.missingPermissions) {
+      console.log(`Missing: ${result.missingPermissions.join(', ')}`);
+    }
+    if (result.suggestion) {
+      console.log(`\n${result.suggestion}`);
+    }
+  }
+
+  return result.valid;
+}
+
+export default {
+  validateGitHubToken,
+  testTokenOnRepository,
+  validateAndDisplay
+};

package/lib/validators/github.test.js

@@ -0,0 +1,61 @@
+/**
+ * GitHub Token Validator Test
+ *
+ * Usage:
+ *   node lib/validators/github.test.js <github-token>
+ *   node lib/validators/github.test.js <github-token> <owner> <repo>
+ *
+ * Examples:
+ *   node lib/validators/github.test.js ghp_abc123...
+ *   node lib/validators/github.test.js ghp_abc123... cpretzinger boss-claude
+ */
+
+import { validateGitHubToken, testTokenOnRepository, validateAndDisplay } from './github.js';
+
+async function main() {
+  const args = process.argv.slice(2);
+
+  if (args.length === 0) {
+    console.log('Usage: node github.test.js <github-token> [owner] [repo]');
+    console.log('');
+    console.log('Examples:');
+    console.log('  node github.test.js ghp_abc123...');
+    console.log('  node github.test.js ghp_abc123... cpretzinger boss-claude');
+    process.exit(1);
+  }
+
+  const token = args[0];
+  const owner = args[1];
+  const repo = args[2];
+
+  console.log('🔍 Validating GitHub Token...\n');
+
+  // Basic validation
+  const isValid = await validateAndDisplay(token);
+
+  // If repository specified, run repository-specific tests
+  if (owner && repo && isValid) {
+    console.log('\n🔍 Testing Token on Repository...\n');
+    const repoTest = await testTokenOnRepository(token, owner, repo);
+
+    console.log(`Repository: ${repoTest.repository}`);
+    console.log(`Status: ${repoTest.success ? '✅ PASSED' : '❌ FAILED'}`);
+    console.log('\nPermission Tests:');
+    console.log(`  Read Issues: ${repoTest.tests.readIssues ? '✅' : '❌'}`);
+    console.log(`  Write Issues: ${repoTest.tests.writeIssues ? '✅' : '❌'}`);
+    console.log(`  Read Contents: ${repoTest.tests.readContents ? '✅' : '❌'}`);
+    console.log(`  Write Contents: ${repoTest.tests.writeContents ? '✅' : '❌'}`);
+
+    if (repoTest.errors) {
+      console.log('\nErrors:');
+      repoTest.errors.forEach(err => console.log(`  - ${err}`));
+    }
+  }
+
+  process.exit(isValid ? 0 : 1);
+}
+
+main().catch(error => {
+  console.error('Error:', error.message);
+  process.exit(1);
+});

package/lib/validators/index.js

@@ -0,0 +1,15 @@
+/**
+ * Boss Claude Validators
+ *
+ * Validation utilities for external service credentials and permissions
+ */
+
+export * from './github.js';
+export * from './postgres.js';
+export * from './config.js';
+
+export default {
+  github: () => import('./github.js'),
+  postgres: () => import('./postgres.js'),
+  config: () => import('./config.js')
+};