@cursorpool-dev/cli 0.5.6

package/node_modules/@cursor-pool/service/test/requestGateway.test.ts

@@ -0,0 +1,466 @@
+import assert from 'node:assert/strict';
+import { createServer } from 'node:http';
+import test from 'node:test';
+import {
+  createGatewayHttpForwarder,
+  createGatewayStore,
+  evaluateGatewayDecision,
+  completeGatewayForward,
+  resolveGatewayForward,
+  sanitizeAgentGateway,
+  sanitizeGatewayForward,
+  type AgentGateway,
+  type GatewayForwarder,
+} from '../src/requestGateway';
+
+async function createApiServer(handler: Parameters<typeof createServer>[0]) {
+  const server = createServer(handler);
+  await new Promise<void>((resolve) => {
+    server.listen(0, '127.0.0.1', resolve);
+  });
+  const address = server.address();
+  assert.equal(typeof address, 'object');
+  return {
+    baseUrl: `http://127.0.0.1:${address?.port}`,
+    close: () => new Promise<void>((resolve, reject) => {
+      server.close((error) => (error ? reject(error) : resolve()));
+    }),
+  };
+}
+
+const allowedDecision = {
+  state: 'allowed' as const,
+  productId: 'prod_basic',
+  modeStartedAt: '2026-05-31T00:05:00.000Z',
+};
+
+test('sanitizeAgentGateway keeps only safe metadata fields', () => {
+  const gateway = sanitizeAgentGateway(
+    {
+      requestId: 'req-gateway-1',
+      requestType: 'bad-type',
+      source: 'cursor-agent-exec',
+      model: 'gpt-test',
+      prompt: 'discard this',
+      messages: [{ role: 'user', content: 'discard' }],
+      headers: { authorization: 'Bearer secret' },
+      routeToken: 'rt_secret_value',
+      apiKey: 'sk-secret',
+    },
+    {
+      runtimeId: 'runtime-1',
+      decision: {
+        state: 'accepted',
+        productId: 'prod_basic',
+        modeStartedAt: '2026-05-31T00:05:00.000Z',
+        route: { state: 'ready', expiresAt: '2999-05-31T00:10:00.000Z' },
+      },
+      now: () => '2026-05-31T00:20:00.000Z',
+    },
+  );
+
+  assert.deepEqual(gateway, {
+    requestId: 'req-gateway-1',
+    requestType: 'agent',
+    source: 'cursor-agent-exec',
+    model: 'gpt-test',
+    receivedAt: '2026-05-31T00:20:00.000Z',
+    runtimeId: 'runtime-1',
+    decision: {
+      state: 'accepted',
+      productId: 'prod_basic',
+      modeStartedAt: '2026-05-31T00:05:00.000Z',
+      route: { state: 'ready', expiresAt: '2999-05-31T00:10:00.000Z' },
+    },
+    forward: { state: 'unknown' },
+  });
+  assert.equal(Object.hasOwn(gateway, 'prompt'), false);
+  assert.equal(Object.hasOwn(gateway, 'messages'), false);
+  assert.equal(Object.hasOwn(gateway, 'headers'), false);
+  assert.equal(Object.hasOwn(gateway, 'routeToken'), false);
+  assert.equal(Object.hasOwn(gateway, 'apiKey'), false);
+});
+
+test('sanitizeAgentGateway normalizes unsafe metadata and generates request id', () => {
+  const gateway = sanitizeAgentGateway(
+    {
+      requestId: '',
+      source: 'bad-source',
+      model: 'sk-secret-token',
+    },
+    {
+      runtimeId: 'runtime-1',
+      decision: { state: 'unknown' },
+      now: () => '2026-05-31T00:20:00.000Z',
+      requestId: () => 'generated-request-id',
+    },
+  );
+
+  assert.deepEqual(gateway, {
+    requestId: 'generated-request-id',
+    requestType: 'agent',
+    source: 'unknown',
+    model: 'unknown',
+    receivedAt: '2026-05-31T00:20:00.000Z',
+    runtimeId: 'runtime-1',
+    decision: { state: 'unknown' },
+    forward: { state: 'unknown' },
+  });
+});
+
+test('sanitizeAgentGateway rejects unsafe request ids before persistence', () => {
+  const unsafeInputs = [
+    'req-1 apiKey=secret',
+    'rt_secret_value',
+    'sk-live-secret-token',
+    'req-1\nprompt=leak',
+  ];
+
+  for (const requestId of unsafeInputs) {
+    const gateway = sanitizeAgentGateway(
+      {
+        requestId,
+        source: 'manual-check',
+        model: 'gpt-test',
+      },
+      {
+        runtimeId: 'runtime-1',
+        decision: { state: 'unknown' },
+        now: () => '2026-05-31T00:20:00.000Z',
+        requestId: () => 'generated-request-id',
+      },
+    );
+
+    assert.equal(gateway.requestId, 'generated-request-id');
+    assert.doesNotMatch(JSON.stringify(gateway), /apiKey|secret|rt_secret_value|sk-live|prompt|leak/);
+  }
+});
+
+test('evaluateGatewayDecision maps gate and route states', () => {
+  assert.deepEqual(
+    evaluateGatewayDecision(allowedDecision, {
+      state: 'ready',
+      expiresAt: '2999-05-31T00:10:00.000Z',
+    }),
+    {
+      state: 'accepted',
+      productId: 'prod_basic',
+      modeStartedAt: '2026-05-31T00:05:00.000Z',
+      route: { state: 'ready', expiresAt: '2999-05-31T00:10:00.000Z' },
+    },
+  );
+  assert.deepEqual(
+    evaluateGatewayDecision(allowedDecision, { state: 'missing' }),
+    {
+      state: 'route-missing',
+      productId: 'prod_basic',
+      modeStartedAt: '2026-05-31T00:05:00.000Z',
+      route: { state: 'missing' },
+    },
+  );
+  assert.deepEqual(
+    evaluateGatewayDecision(allowedDecision, {
+      state: 'expired',
+      expiresAt: '2026-05-31T00:04:00.000Z',
+    }),
+    {
+      state: 'route-expired',
+      productId: 'prod_basic',
+      modeStartedAt: '2026-05-31T00:05:00.000Z',
+      route: { state: 'expired', expiresAt: '2026-05-31T00:04:00.000Z' },
+    },
+  );
+  assert.deepEqual(
+    evaluateGatewayDecision(
+      { state: 'blocked', reason: 'logged-out' },
+      { state: 'ready', expiresAt: '2999-05-31T00:10:00.000Z' },
+    ),
+    {
+      state: 'blocked',
+      reason: 'logged-out',
+      route: { state: 'missing' },
+    },
+  );
+  assert.deepEqual(
+    evaluateGatewayDecision(
+      {
+        state: 'blocked',
+        reason: 'mode-released',
+        releaseReason: 'invalid-token',
+        releasedAt: '2026-05-31T00:10:00.000Z',
+      },
+      { state: 'missing' },
+    ),
+    {
+      state: 'blocked',
+      reason: 'mode-released',
+      releaseReason: 'invalid-token',
+      releasedAt: '2026-05-31T00:10:00.000Z',
+      route: { state: 'missing' },
+    },
+  );
+});
+
+test('createGatewayStore records and returns only the latest gateway', () => {
+  const store = createGatewayStore();
+  const first: AgentGateway = {
+    requestId: 'req-1',
+    requestType: 'agent',
+    source: 'manual-check',
+    model: 'unknown',
+    receivedAt: '2026-05-31T00:20:00.000Z',
+    runtimeId: 'runtime-1',
+    decision: { state: 'unknown' },
+    forward: { state: 'unknown' },
+  };
+  const second: AgentGateway = {
+    ...first,
+    requestId: 'req-2',
+    decision: {
+      state: 'route-missing',
+      productId: 'prod_basic',
+      modeStartedAt: '2026-05-31T00:05:00.000Z',
+      route: { state: 'missing' },
+    },
+  };
+
+  assert.equal(store.latest(), null);
+  assert.deepEqual(store.record(first), first);
+  assert.deepEqual(store.record(second), second);
+  assert.deepEqual(store.latest(), second);
+});
+
+test('resolveGatewayForward skips non-accepted gateway decisions', async () => {
+  let calls = 0;
+  const forwarder: GatewayForwarder = async () => {
+    calls += 1;
+    return {
+      state: 'forwarded',
+      upstreamRequestId: 'gw_req_1',
+      acceptedAt: '2026-05-31T00:30:00.000Z',
+      routeExpiresAt: '2999-05-31T00:10:00.000Z',
+    };
+  };
+
+  const forward = await resolveGatewayForward({
+    gateway: {
+      requestId: 'req-1',
+      requestType: 'agent',
+      source: 'manual-check',
+      model: 'gpt-test',
+      receivedAt: '2026-05-31T00:20:00.000Z',
+      runtimeId: 'runtime-1',
+      decision: {
+        state: 'route-missing',
+        productId: 'prod_basic',
+        modeStartedAt: '2026-05-31T00:05:00.000Z',
+        route: { state: 'missing' },
+      },
+      forward: { state: 'unknown' },
+    },
+    routeToken: 'rt_secret_value',
+    productId: 'prod_basic',
+    model: 'gpt-test',
+    requestId: 'req-1',
+    forwarder,
+  });
+
+  assert.equal(calls, 0);
+  assert.deepEqual(forward, { state: 'skipped', reason: 'not-accepted' });
+});
+
+test('resolveGatewayForward returns not-configured when no forwarder is injected', async () => {
+  const gateway: AgentGateway = {
+    requestId: 'req-1',
+    requestType: 'agent',
+    source: 'manual-check',
+    model: 'gpt-test',
+    receivedAt: '2026-05-31T00:20:00.000Z',
+    runtimeId: 'runtime-1',
+    decision: {
+      state: 'accepted',
+      productId: 'prod_basic',
+      modeStartedAt: '2026-05-31T00:05:00.000Z',
+      route: { state: 'ready', expiresAt: '2999-05-31T00:10:00.000Z' },
+    },
+    forward: { state: 'unknown' },
+  };
+
+  assert.deepEqual(await resolveGatewayForward({
+    gateway,
+    routeToken: 'rt_secret_value',
+    poolSessionId: 'pool_session_1',
+    productId: 'prod_basic',
+    model: 'gpt-test',
+    requestId: 'req-1',
+  }), { state: 'not-configured' });
+});
+
+test('createGatewayHttpForwarder sends client-response settlement mode', async () => {
+  let posted: Record<string, unknown> | null = null;
+  const api = await createApiServer((request, response) => {
+    assert.equal(request.url, '/api/client/gateway/agent');
+    const chunks: Buffer[] = [];
+    request.on('data', (chunk) => chunks.push(Buffer.from(chunk)));
+    request.on('end', () => {
+      posted = JSON.parse(Buffer.concat(chunks).toString('utf8')) as Record<string, unknown>;
+      response.writeHead(200, { 'content-type': 'application/json' });
+      response.end(JSON.stringify({
+        state: 'forwarded',
+        upstreamRequestId: 'gw_req_1',
+        acceptedAt: '2026-05-31T00:30:00.000Z',
+        routeExpiresAt: '2999-05-31T00:10:00.000Z',
+        usageRequestId: 'ur_1',
+      }));
+    });
+  });
+
+  try {
+    const forwarder = createGatewayHttpForwarder({ apiBaseUrl: api.baseUrl, deviceToken: 'cp_dev_secret' });
+    const result = await forwarder({
+      gateway: {
+        requestId: 'req-1',
+        requestType: 'agent',
+        source: 'manual-check',
+        model: 'gpt-test',
+        receivedAt: '2026-05-31T00:20:00.000Z',
+        runtimeId: 'runtime-1',
+        decision: {
+          state: 'accepted',
+          productId: 'prod_basic',
+          modeStartedAt: '2026-05-31T00:05:00.000Z',
+          route: { state: 'ready', expiresAt: '2999-05-31T00:10:00.000Z' },
+        },
+        forward: { state: 'unknown' },
+      },
+      routeToken: 'rt_secret_value',
+      poolSessionId: 'pool_session_1',
+      productId: 'prod_basic',
+      model: 'gpt-test',
+      requestId: 'req-1',
+      settlementMode: 'client_response',
+    });
+
+    assert.equal(result.state, 'forwarded');
+    assert.equal(posted?.settlementMode, 'client_response');
+  } finally {
+    await api.close();
+  }
+});
+
+test('completeGatewayForward confirms client response settlement by request id', async () => {
+  let posted: Record<string, unknown> | null = null;
+  const api = await createApiServer((request, response) => {
+    assert.equal(request.url, '/api/client/gateway/agent/req-1/complete');
+    const chunks: Buffer[] = [];
+    request.on('data', (chunk) => chunks.push(Buffer.from(chunk)));
+    request.on('end', () => {
+      posted = JSON.parse(Buffer.concat(chunks).toString('utf8')) as Record<string, unknown>;
+      response.writeHead(200, { 'content-type': 'application/json' });
+      response.end(JSON.stringify({
+        state: 'charged',
+        usageRequestId: 'ur_1',
+        chargeStatus: 'charged',
+        chargeCredits: 1,
+      }));
+    });
+  });
+
+  try {
+    const result = await completeGatewayForward({
+      apiBaseUrl: api.baseUrl,
+      deviceToken: 'cp_dev_secret',
+      requestId: 'req-1',
+      routeToken: 'rt_secret_value',
+      poolSessionId: 'pool_session_1',
+      productId: 'prod_basic',
+    });
+
+    assert.deepEqual(result, {
+      state: 'charged',
+      usageRequestId: 'ur_1',
+      chargeStatus: 'charged',
+      chargeCredits: 1,
+    });
+    assert.deepEqual(posted, {
+      routeToken: 'rt_secret_value',
+      poolSessionId: 'pool_session_1',
+      productId: 'prod_basic',
+    });
+  } finally {
+    await api.close();
+  }
+});
+
+test('sanitizeGatewayForward keeps safe forwarded metadata only', () => {
+  assert.deepEqual(
+    sanitizeGatewayForward({
+      state: 'forwarded',
+      upstreamRequestId: 'gw_req_1',
+      acceptedAt: '2026-05-31T00:30:00.000Z',
+      routeExpiresAt: '2999-05-31T00:10:00.000Z',
+      routeToken: 'rt_secret_value',
+    } as never),
+    {
+      state: 'forwarded',
+      upstreamRequestId: 'gw_req_1',
+      acceptedAt: '2026-05-31T00:30:00.000Z',
+    },
+  );
+});
+
+test('sanitizeGatewayForward keeps insufficient-credits reject reason', () => {
+  assert.deepEqual(
+    sanitizeGatewayForward({
+      state: 'rejected',
+      reason: 'insufficient-credits',
+    }),
+    {
+      state: 'rejected',
+      reason: 'insufficient-credits',
+    },
+  );
+});
+
+test('sanitizeGatewayForward downgrades unsafe forward metadata to unknown', () => {
+  assert.deepEqual(
+    sanitizeGatewayForward({
+      state: 'forwarded',
+      upstreamRequestId: 'gw_req_1 token=rt_secret_value',
+      acceptedAt: 'not-a-date',
+    }),
+    { state: 'unknown' },
+  );
+  assert.deepEqual(sanitizeGatewayForward({ state: 'made-up' }), { state: 'unknown' });
+});
+
+test('resolveGatewayForward maps thrown errors to network-error without message', async () => {
+  const gateway: AgentGateway = {
+    requestId: 'req-1',
+    requestType: 'agent',
+    source: 'manual-check',
+    model: 'gpt-test',
+    receivedAt: '2026-05-31T00:20:00.000Z',
+    runtimeId: 'runtime-1',
+    decision: {
+      state: 'accepted',
+      productId: 'prod_basic',
+      modeStartedAt: '2026-05-31T00:05:00.000Z',
+      route: { state: 'ready', expiresAt: '2999-05-31T00:10:00.000Z' },
+    },
+    forward: { state: 'unknown' },
+  };
+
+  const forward = await resolveGatewayForward({
+    gateway,
+    routeToken: 'rt_secret_value',
+    productId: 'prod_basic',
+    model: 'gpt-test',
+    requestId: 'req-1',
+    forwarder: async () => {
+      throw new Error('secret provider stack');
+    },
+  });
+
+  assert.deepEqual(forward, { state: 'network-error' });
+});

package/node_modules/@cursor-pool/service/test/runtime.test.ts

@@ -0,0 +1,47 @@
+import assert from 'node:assert/strict';
+import { mkdtemp, rm, writeFile } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import test from 'node:test';
+import { readRuntimeInfo, writeRuntimeInfo } from '../src/runtime';
+
+test('runtime info is written to and read from an injected runtime file', async () => {
+  const tempDir = await mkdtemp(join(tmpdir(), 'cursor-pool-runtime-'));
+  const runtimeFile = join(tempDir, 'nested', 'runtime.json');
+
+  try {
+    const runtime = {
+      host: '127.0.0.1',
+      port: 3210,
+      runtimeId: 'runtime-test',
+    };
+
+    await writeRuntimeInfo(runtime, { runtimeFile });
+    assert.deepEqual(await readRuntimeInfo({ runtimeFile }), runtime);
+  } finally {
+    await rm(tempDir, { recursive: true, force: true });
+  }
+});
+
+test('readRuntimeInfo returns null when the runtime file does not exist', async () => {
+  const tempDir = await mkdtemp(join(tmpdir(), 'cursor-pool-runtime-'));
+
+  try {
+    assert.equal(await readRuntimeInfo({ runtimeFile: join(tempDir, 'missing.json') }), null);
+  } finally {
+    await rm(tempDir, { recursive: true, force: true });
+  }
+});
+
+test('readRuntimeInfo returns null for incomplete runtime JSON', async () => {
+  const tempDir = await mkdtemp(join(tmpdir(), 'cursor-pool-runtime-'));
+  const runtimeFile = join(tempDir, 'runtime.json');
+
+  try {
+    await writeFile(runtimeFile, '{"host":"127.0.0.1"', 'utf8');
+
+    assert.equal(await readRuntimeInfo({ runtimeFile }), null);
+  } finally {
+    await rm(tempDir, { recursive: true, force: true });
+  }
+});