@desplega.ai/agent-swarm 1.80.2 → 1.81.0

package/src/tests/mcp-tools-user.test.ts

@@ -0,0 +1,292 @@
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
+import { unlink } from "node:fs/promises";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import { closeDb, createAgent, createUser, getDb, initDb } from "../be/db";
+import { getUserIdentities, type IdentityActor, linkIdentity } from "../be/users";
+import { registerManageUserTool } from "../tools/manage-user";
+import { registerResolveUserTool, resolveUserInputSchema } from "../tools/resolve-user";
+
+const TEST_DB_PATH = "./test-mcp-tools-user.sqlite";
+
+const LEAD_ID = "11111111-1111-4111-8111-111111111111";
+const WORKER_ID = "22222222-2222-4222-8222-222222222222";
+
+const SYSTEM_ACTOR: IdentityActor = { kind: "system", id: "test" };
+
+type RegisteredTool = {
+  handler: (args: unknown, extra: unknown) => Promise<CallToolResult>;
+};
+
+/**
+ * Invoke a registered MCP tool's handler directly. Mirrors the test pattern
+ * used by `src/tests/update-profile-auth.test.ts`.
+ */
+async function callTool(
+  server: McpServer,
+  name: string,
+  args: Record<string, unknown>,
+  callerAgentId: string = LEAD_ID,
+): Promise<CallToolResult> {
+  const tools = (server as unknown as { _registeredTools: Record<string, RegisteredTool> })
+    ._registeredTools;
+  const tool = tools[name];
+  if (!tool) throw new Error(`tool ${name} not registered`);
+  const extra = {
+    sessionId: "test-session",
+    requestInfo: { headers: { "x-agent-id": callerAgentId } },
+  };
+  return tool.handler(args, extra);
+}
+
+function textOf(result: CallToolResult): string {
+  const first = result.content?.[0];
+  if (first && first.type === "text") return first.text;
+  return "";
+}
+
+function eventsFor(userId: string): Array<{ eventType: string; afterJson: string | null }> {
+  return getDb()
+    .prepare<{ eventType: string; afterJson: string | null }, string>(
+      "SELECT eventType, afterJson FROM user_identity_events WHERE userId = ? ORDER BY createdAt ASC, rowid ASC",
+    )
+    .all(userId);
+}
+
+beforeAll(async () => {
+  for (const suffix of ["", "-wal", "-shm"]) {
+    try {
+      await unlink(TEST_DB_PATH + suffix);
+    } catch {}
+  }
+  closeDb();
+  initDb(TEST_DB_PATH);
+  createAgent({ id: LEAD_ID, name: "Test Lead", isLead: true, status: "idle" });
+  createAgent({ id: WORKER_ID, name: "Test Worker", isLead: false, status: "idle" });
+});
+
+afterAll(async () => {
+  closeDb();
+  for (const suffix of ["", "-wal", "-shm"]) {
+    try {
+      await unlink(TEST_DB_PATH + suffix);
+    } catch {}
+  }
+});
+
+describe("resolve-user MCP tool (new {kind, externalId, email} shape)", () => {
+  const server = new McpServer({ name: "test-resolve-user", version: "1.0.0" });
+  registerResolveUserTool(server);
+
+  test("matches by (kind, externalId) → findUserByExternalId hit", async () => {
+    const user = createUser({ name: "Slack User One", email: "one@example.com" });
+    linkIdentity(user.id, "slack", "U_SLACK_ONE", SYSTEM_ACTOR);
+
+    const result = await callTool(server, "resolve-user", {
+      kind: "slack",
+      externalId: "U_SLACK_ONE",
+    });
+
+    const text = textOf(result);
+    expect(text).toContain(user.id);
+    expect(text).toContain("Slack User One");
+  });
+
+  test("matches by email → findUserByEmail hit (primary + alias)", async () => {
+    const user = createUser({
+      name: "Email User",
+      email: "primary@example.com",
+      emailAliases: ["alias@example.com"],
+    });
+
+    const byPrimary = await callTool(server, "resolve-user", { email: "primary@example.com" });
+    expect(textOf(byPrimary)).toContain(user.id);
+
+    const byAlias = await callTool(server, "resolve-user", { email: "alias@example.com" });
+    expect(textOf(byAlias)).toContain(user.id);
+  });
+
+  test("returns 'No user found' when nothing matches", async () => {
+    const result = await callTool(server, "resolve-user", {
+      kind: "slack",
+      externalId: "U_DOES_NOT_EXIST",
+    });
+    expect(textOf(result)).toContain("No user found");
+  });
+
+  // Schema-level validation tests. The MCP SDK runs Zod at the transport
+  // layer; calling the registered handler directly bypasses it. We test the
+  // schema directly to confirm the contract MCP clients see at the wire.
+
+  test("old shape {slackUserId: ...} fails Zod validation (unrecognized keys via .strict)", () => {
+    const parsed = resolveUserInputSchema.safeParse({ slackUserId: "U_X" });
+    expect(parsed.success).toBe(false);
+    if (!parsed.success) {
+      const msg = JSON.stringify(parsed.error.issues);
+      expect(msg.toLowerCase()).toMatch(/unrecognized|extra|invalid/);
+    }
+  });
+
+  test("empty input {} fails the refine constraint", () => {
+    const parsed = resolveUserInputSchema.safeParse({});
+    expect(parsed.success).toBe(false);
+    if (!parsed.success) {
+      const msg = JSON.stringify(parsed.error.issues);
+      expect(msg).toMatch(/Provide either \(kind \+ externalId\) or email/);
+    }
+  });
+
+  test("name parameter (old shape) is rejected", () => {
+    const parsed = resolveUserInputSchema.safeParse({ name: "Whoever" });
+    expect(parsed.success).toBe(false);
+  });
+
+  test("partial input (kind only, no externalId) fails the refine constraint", () => {
+    const parsed = resolveUserInputSchema.safeParse({ kind: "slack" });
+    expect(parsed.success).toBe(false);
+  });
+
+  test("valid {kind, externalId} input passes the schema", () => {
+    const parsed = resolveUserInputSchema.safeParse({
+      kind: "slack",
+      externalId: "U_X",
+    });
+    expect(parsed.success).toBe(true);
+  });
+
+  test("valid {email} input passes the schema", () => {
+    const parsed = resolveUserInputSchema.safeParse({ email: "x@example.com" });
+    expect(parsed.success).toBe(true);
+  });
+});
+
+describe("manage-user MCP tool (identities array)", () => {
+  const server = new McpServer({ name: "test-manage-user", version: "1.0.0" });
+  registerManageUserTool(server);
+
+  test("create with identities[] → user created + linkIdentity per entry + identity_added events", async () => {
+    const result = await callTool(server, "manage-user", {
+      action: "create",
+      name: "Identities Create",
+      email: "ic@example.com",
+      identities: [
+        { kind: "slack", externalId: "U_IC" },
+        { kind: "linear", externalId: "L_IC" },
+      ],
+    });
+
+    const text = textOf(result);
+    expect(text).toContain("User created:");
+    const match = text.match(/"id":\s*"([^"]+)"/);
+    expect(match).not.toBeNull();
+    const userId = match![1];
+
+    // Verify identities are linked.
+    const idents = getUserIdentities(userId);
+    expect(idents).toHaveLength(2);
+    const kinds = idents.map((i) => `${i.kind}:${i.externalId}`).sort();
+    expect(kinds).toEqual(["linear:L_IC", "slack:U_IC"]);
+
+    // Two `identity_added` events were emitted via linkIdentity().
+    const events = eventsFor(userId);
+    const added = events.filter((e) => e.eventType === "identity_added");
+    expect(added).toHaveLength(2);
+  });
+
+  test("update with identities diff → add one + remove one emits correct events", async () => {
+    const created = await callTool(server, "manage-user", {
+      action: "create",
+      name: "Identities Diff",
+      identities: [{ kind: "slack", externalId: "U_DIFF" }],
+    });
+    const userId = textOf(created).match(/"id":\s*"([^"]+)"/)![1];
+    const baselineEventCount = eventsFor(userId).length;
+
+    // Now update: keep slack, drop nothing yet — desired set has slack + add github.
+    await callTool(server, "manage-user", {
+      action: "update",
+      userId,
+      identities: [
+        { kind: "slack", externalId: "U_DIFF" },
+        { kind: "github", externalId: "gh_diff" },
+      ],
+    });
+    let idents = getUserIdentities(userId);
+    expect(idents.map((i) => `${i.kind}:${i.externalId}`).sort()).toEqual([
+      "github:gh_diff",
+      "slack:U_DIFF",
+    ]);
+
+    // Next update: drop slack, keep github. Diff = remove slack.
+    await callTool(server, "manage-user", {
+      action: "update",
+      userId,
+      identities: [{ kind: "github", externalId: "gh_diff" }],
+    });
+    idents = getUserIdentities(userId);
+    expect(idents.map((i) => `${i.kind}:${i.externalId}`)).toEqual(["github:gh_diff"]);
+
+    const events = eventsFor(userId).slice(baselineEventCount);
+    const added = events.filter((e) => e.eventType === "identity_added");
+    const removed = events.filter((e) => e.eventType === "identity_removed");
+    // First update: added github. Second update: removed slack.
+    expect(added).toHaveLength(1);
+    expect(removed).toHaveLength(1);
+    expect(added[0]!.afterJson).toContain("github");
+    expect(removed[0]!.afterJson).toBeNull();
+  });
+
+  test("update with emailAliases diff emits email_added / email_removed", async () => {
+    const created = await callTool(server, "manage-user", {
+      action: "create",
+      name: "Alias Diff",
+      email: "ad@example.com",
+      emailAliases: ["a@example.com"],
+    });
+    const userId = textOf(created).match(/"id":\s*"([^"]+)"/)![1];
+    const baselineEventCount = eventsFor(userId).length;
+
+    // Update aliases: remove a@, add b@.
+    await callTool(server, "manage-user", {
+      action: "update",
+      userId,
+      emailAliases: ["b@example.com"],
+    });
+
+    const events = eventsFor(userId).slice(baselineEventCount);
+    const added = events.filter((e) => e.eventType === "email_added");
+    const removed = events.filter((e) => e.eventType === "email_removed");
+    expect(added).toHaveLength(1);
+    expect(removed).toHaveLength(1);
+    expect(added[0]!.afterJson).toContain("b@example.com");
+  });
+
+  test("non-lead caller is rejected", async () => {
+    const result = await callTool(server, "manage-user", { action: "list" }, WORKER_ID);
+    expect(textOf(result)).toContain("Only the lead agent");
+  });
+
+  test("create no longer accepts old top-level slackUserId / linearUserId / githubUsername / gitlabUsername", async () => {
+    // The schema is `z.object({...})` without `.strict()` on manage-user
+    // (preserving forward-compat headroom for future fields). But the dropped
+    // identity fields are explicitly not in the schema — they are silently
+    // ignored, NOT routed to the dropped DB columns. Verify behaviour:
+    // passing them as extra keys does not affect the created user.
+    const result = await callTool(server, "manage-user", {
+      action: "create",
+      name: "Legacy Shape User",
+      slackUserId: "U_LEGACY",
+      linearUserId: "L_LEGACY",
+      githubUsername: "gh_legacy",
+      gitlabUsername: "gl_legacy",
+    });
+    const text = textOf(result);
+    expect(text).toContain("User created:");
+    const userId = text.match(/"id":\s*"([^"]+)"/)![1];
+
+    // None of the legacy fields should have been turned into linked identities
+    // — the new shape REQUIRES `identities` array to link.
+    const idents = getUserIdentities(userId);
+    expect(idents).toHaveLength(0);
+  });
+});

package/src/tests/slack-identity-resolution.test.ts

@@ -0,0 +1,349 @@
+/**
+ * Step-2 verification: the Slack identity resolution cascade.
+ *
+ * Covers — without spinning up Bolt — the three behavioural slices that
+ * matter for the kv-backed enrichment + unmapped tracker rewire:
+ *
+ *   1. Cascade for a NEW Slack user with an email — creates a `users` row,
+ *      writes a `user_external_ids` row, emits `identity_added` events.
+ *   2. Cascade for the SAME user a second time — fast-path through
+ *      `findUserByExternalId`; no duplicate row, no extra `client.users.info`.
+ *   3. Cascade for a Slack user without an email — writes two kv rows under
+ *      `integration:unmapped:slack` (`<U>:meta` JSON + `<U>:count` integer).
+ *      Second sighting bumps count to 2 and refreshes the meta TTL.
+ *   4. `enrichSlackUserEmail` does NOT cache failures (null email → next
+ *      call hits the API again).
+ *   5. `enrichSlackUserEmail` DOES cache successes for 24h (next call is a
+ *      kv hit; `client.users.info` is not called).
+ */
+
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { unlinkSync } from "node:fs";
+import { closeDb, getDb, getKv, initDb } from "../be/db";
+import { findUserByExternalId, getUserIdentities } from "../be/users";
+import { enrichSlackUserEmail, resolveSlackUserId } from "../slack/enrich";
+
+const TEST_DB_PATH = "./test-slack-identity-resolution.sqlite";
+
+// ---------------------------------------------------------------------------
+// Mock Slack WebClient
+// ---------------------------------------------------------------------------
+
+interface MockUsersInfoResponse {
+  user?: {
+    real_name?: string;
+    profile?: {
+      email?: string;
+      real_name?: string;
+    };
+  };
+}
+
+/**
+ * Minimal WebClient stub — only the `users.info` method is exercised by the
+ * code under test. Counts calls per user so cache-hit assertions can be
+ * unambiguous.
+ */
+function makeMockClient(byUserId: Record<string, MockUsersInfoResponse | "throw">) {
+  const callCounts: Record<string, number> = {};
+  const client = {
+    users: {
+      info: async ({ user }: { user: string }) => {
+        callCounts[user] = (callCounts[user] ?? 0) + 1;
+        const fixture = byUserId[user];
+        if (fixture === "throw") {
+          throw new Error(`Mock client.users.info(${user}) threw`);
+        }
+        if (!fixture) {
+          throw new Error(`No fixture for user ${user}`);
+        }
+        return fixture;
+      },
+    },
+  };
+  return {
+    // biome-ignore lint/suspicious/noExplicitAny: shape-matched to WebClient's users.info call site.
+    client: client as any,
+    callCounts,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// DB lifecycle
+// ---------------------------------------------------------------------------
+
+function cleanupDb() {
+  for (const suffix of ["", "-wal", "-shm"]) {
+    try {
+      unlinkSync(`${TEST_DB_PATH}${suffix}`);
+    } catch {}
+  }
+}
+
+beforeAll(() => {
+  cleanupDb();
+  initDb(TEST_DB_PATH);
+});
+
+afterAll(() => {
+  closeDb();
+  cleanupDb();
+});
+
+beforeEach(() => {
+  // Wipe state between tests — full isolation. Identity-related tables only;
+  // leave the schema and seeded singletons untouched.
+  const db = getDb();
+  db.exec("DELETE FROM user_identity_events");
+  db.exec("DELETE FROM user_external_ids");
+  db.exec("DELETE FROM users");
+  db.exec("DELETE FROM kv_entries WHERE namespace LIKE 'integration:%'");
+});
+
+function countUsers(): number {
+  return getDb().prepare<{ n: number }, []>("SELECT COUNT(*) AS n FROM users").get()?.n ?? 0;
+}
+
+function externalIdRows(): Array<{ kind: string; externalId: string; userId: string }> {
+  return getDb()
+    .prepare<{ kind: string; externalId: string; userId: string }, []>(
+      "SELECT kind, externalId, userId FROM user_external_ids ORDER BY kind, externalId",
+    )
+    .all();
+}
+
+function identityEventTypes(userId: string): string[] {
+  return getDb()
+    .prepare<{ eventType: string }, string>(
+      "SELECT eventType FROM user_identity_events WHERE userId = ? ORDER BY createdAt ASC, rowid ASC",
+    )
+    .all(userId)
+    .map((r) => r.eventType);
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("resolveSlackUserId — three-step cascade", () => {
+  test("NEW user with email → creates users + external_ids + emits identity_added", async () => {
+    const { client } = makeMockClient({
+      U_HUMAN: {
+        user: {
+          real_name: "Real Human",
+          profile: { email: "real@example.com", real_name: "Real Human" },
+        },
+      },
+    });
+
+    const userId = await resolveSlackUserId(client, "U_HUMAN", {
+      sampleEventType: "message",
+      sampleContext: "hello swarm",
+    });
+
+    expect(userId).toBeDefined();
+    expect(countUsers()).toBe(1);
+
+    const ext = externalIdRows();
+    expect(ext).toHaveLength(1);
+    expect(ext[0]).toMatchObject({ kind: "slack", externalId: "U_HUMAN", userId });
+
+    const events = identityEventTypes(userId!);
+    // Brand-new email triggers two `identity_added` events:
+    //   * `findOrCreateUserByEmail` creates the user → `identity_added`
+    //   * `linkIdentity('slack', ...)` adds the alias → `identity_added`
+    expect(events).toEqual(["identity_added", "identity_added"]);
+  });
+
+  test("SAME user again → fast path, no duplicate users / external_ids / API call", async () => {
+    const { client, callCounts } = makeMockClient({
+      U_HUMAN: {
+        user: {
+          real_name: "Real Human",
+          profile: { email: "real@example.com", real_name: "Real Human" },
+        },
+      },
+    });
+
+    const first = await resolveSlackUserId(client, "U_HUMAN", {
+      sampleEventType: "message",
+      sampleContext: "hello swarm",
+    });
+    const second = await resolveSlackUserId(client, "U_HUMAN", {
+      sampleEventType: "message",
+      sampleContext: "again",
+    });
+
+    expect(second).toBe(first);
+    expect(countUsers()).toBe(1);
+    expect(externalIdRows()).toHaveLength(1);
+    // The second call must hit the alias fast path — `client.users.info` was
+    // called exactly once (on the first lookup).
+    expect(callCounts.U_HUMAN).toBe(1);
+  });
+
+  test("NEW user with NO email → writes :meta + :count kv rows under integration:unmapped:slack", async () => {
+    const { client } = makeMockClient({
+      U_BOT: {
+        user: {
+          real_name: "Bot Account",
+          profile: {}, // no email
+        },
+      },
+    });
+
+    const userId = await resolveSlackUserId(client, "U_BOT", {
+      sampleEventType: "message",
+      sampleContext: "noisy bot ping",
+    });
+
+    expect(userId).toBeUndefined();
+    expect(countUsers()).toBe(0);
+    expect(externalIdRows()).toHaveLength(0);
+
+    const meta = getKv("integration:unmapped:slack", "U_BOT:meta");
+    expect(meta).not.toBeNull();
+    expect(meta!.valueType).toBe("json");
+    const metaValue = meta!.value as {
+      sampleEventType: string;
+      sampleContext: string;
+      lastSeenAt: string;
+    };
+    expect(metaValue.sampleEventType).toBe("message");
+    expect(metaValue.sampleContext).toBe("noisy bot ping");
+    expect(metaValue.lastSeenAt).toBeTruthy();
+    expect(meta!.expiresAt).not.toBeNull();
+
+    const count = getKv("integration:unmapped:slack", "U_BOT:count");
+    expect(count).not.toBeNull();
+    expect(count!.valueType).toBe("integer");
+    expect(count!.value).toBe(1);
+    expect(count!.expiresAt).not.toBeNull();
+  });
+
+  test("NO-email user seen twice → count goes to 2, meta upserted", async () => {
+    const { client } = makeMockClient({
+      U_BOT: { user: { profile: {} } },
+    });
+
+    await resolveSlackUserId(client, "U_BOT", {
+      sampleEventType: "message",
+      sampleContext: "first",
+    });
+    await resolveSlackUserId(client, "U_BOT", {
+      sampleEventType: "message",
+      sampleContext: "second",
+    });
+
+    const meta = getKv("integration:unmapped:slack", "U_BOT:meta");
+    expect((meta!.value as { sampleContext: string }).sampleContext).toBe("second");
+
+    const count = getKv("integration:unmapped:slack", "U_BOT:count");
+    expect(count!.value).toBe(2);
+  });
+
+  test("auto-link merges into an existing user by email", async () => {
+    const { client } = makeMockClient({
+      U_HUMAN: {
+        user: { profile: { email: "shared@example.com", real_name: "Shared Email Human" } },
+      },
+    });
+
+    // Seed an existing user with the same email — no slack alias yet.
+    const db = getDb();
+    db.prepare(
+      `INSERT INTO users (id, name, email, emailAliases, status, createdAt, lastUpdatedAt)
+       VALUES (?, ?, ?, ?, 'active', ?, ?)`,
+    ).run(
+      "existing-id",
+      "Pre-existing",
+      "shared@example.com",
+      "[]",
+      new Date().toISOString(),
+      new Date().toISOString(),
+    );
+
+    const userId = await resolveSlackUserId(client, "U_HUMAN", {
+      sampleEventType: "message",
+      sampleContext: "hi",
+    });
+
+    // Auto-merge: cascade lands on the existing row, no new `users` insert.
+    expect(userId).toBe("existing-id");
+    expect(countUsers()).toBe(1);
+
+    // One slack alias linked to the pre-existing user.
+    const identities = getUserIdentities("existing-id");
+    expect(identities).toEqual([{ kind: "slack", externalId: "U_HUMAN" }]);
+
+    // Audit trail: auto_merge (by email) + identity_added (alias link).
+    expect(identityEventTypes("existing-id")).toEqual(["auto_merge", "identity_added"]);
+  });
+});
+
+describe("enrichSlackUserEmail — 24h success cache, no failure cache", () => {
+  test("cache hit on second call (success)", async () => {
+    const { client, callCounts } = makeMockClient({
+      U_OK: { user: { profile: { email: "ok@example.com", real_name: "OK User" } } },
+    });
+
+    const first = await enrichSlackUserEmail(client, "U_OK");
+    const second = await enrichSlackUserEmail(client, "U_OK");
+
+    expect(first).toBe("ok@example.com");
+    expect(second).toBe("ok@example.com");
+    expect(callCounts.U_OK).toBe(1);
+
+    // Cached row carries the 24h TTL anchor.
+    const cached = getKv("integration:user-enrichment:slack", "U_OK");
+    expect(cached).not.toBeNull();
+    expect(cached!.expiresAt).not.toBeNull();
+    expect(cached!.expiresAt! - Date.now()).toBeGreaterThan(23 * 60 * 60 * 1000);
+    expect(cached!.expiresAt! - Date.now()).toBeLessThanOrEqual(24 * 60 * 60 * 1000);
+  });
+
+  test("API throw → no cache, second call still calls the API", async () => {
+    const { client, callCounts } = makeMockClient({ U_ERR: "throw" });
+
+    const first = await enrichSlackUserEmail(client, "U_ERR");
+    const second = await enrichSlackUserEmail(client, "U_ERR");
+
+    expect(first).toBeNull();
+    expect(second).toBeNull();
+    expect(callCounts.U_ERR).toBe(2);
+
+    // Nothing persisted.
+    expect(getKv("integration:user-enrichment:slack", "U_ERR")).toBeNull();
+  });
+
+  test("no-email profile → no cache, second call still calls the API", async () => {
+    const { client, callCounts } = makeMockClient({
+      U_NOEMAIL: { user: { profile: {} } },
+    });
+
+    const first = await enrichSlackUserEmail(client, "U_NOEMAIL");
+    const second = await enrichSlackUserEmail(client, "U_NOEMAIL");
+
+    expect(first).toBeNull();
+    expect(second).toBeNull();
+    expect(callCounts.U_NOEMAIL).toBe(2);
+
+    expect(getKv("integration:user-enrichment:slack", "U_NOEMAIL")).toBeNull();
+  });
+});
+
+describe("findUserByExternalId — sanity check after cascade", () => {
+  test("post-cascade lookup matches the cascade's return id", async () => {
+    const { client } = makeMockClient({
+      U_HUMAN: { user: { profile: { email: "u@example.com", real_name: "U" } } },
+    });
+
+    const id = await resolveSlackUserId(client, "U_HUMAN", {
+      sampleEventType: "message",
+      sampleContext: "test",
+    });
+    const looked = findUserByExternalId("slack", "U_HUMAN");
+    expect(looked).not.toBeNull();
+    expect(looked!.id).toBe(id);
+  });
+});