@elevasis/core 0.18.0 → 0.19.0

package/src/execution/engine/tools/tool-maps.ts

@@ -258,6 +258,8 @@ import type {
   RecordListExecutionParams,
   UpdateCompanyStageParams,
   UpdateContactStageParams,
+  ListPendingCompanyIdsParams,
+  ListPendingContactIdsParams,
   UpsertSocialPostParams,
   UpsertSocialPostsResult,
   GetDealByIdParams,
@@ -725,6 +727,14 @@ export type ListToolMap = {
     params: Omit<UpdateContactStageParams, 'organizationId'>
     result: void
   }
+  listPendingCompanyIds: {
+    params: Omit<ListPendingCompanyIdsParams, 'organizationId'>
+    result: string[]
+  }
+  listPendingContactIds: {
+    params: Omit<ListPendingContactIdsParams, 'organizationId'>
+    result: string[]
+  }
 }
 
 // ---------------------------------------------------------------------------

package/src/execution/external/__tests__/api-schemas.test.ts

@@ -0,0 +1,127 @@
+import { describe, expect, it } from 'vitest'
+import { ExecuteAsyncEnvelopeSchema, GetExecutionsQuerySchema } from '../api-schemas'
+
+// ---------------------------------------------------------------------------
+// ExecuteAsyncEnvelopeSchema
+// ---------------------------------------------------------------------------
+
+describe('ExecuteAsyncEnvelopeSchema', () => {
+  it('accepts a minimal payload with only resourceId', () => {
+    const result = ExecuteAsyncEnvelopeSchema.safeParse({ resourceId: 'my-workflow' })
+    expect(result.success).toBe(true)
+  })
+
+  it('accepts resourceId with optional input passthrough', () => {
+    const result = ExecuteAsyncEnvelopeSchema.safeParse({
+      resourceId: 'my-workflow',
+      input: { foo: 'bar', nested: { count: 5 } }
+    })
+    expect(result.success).toBe(true)
+    if (result.success) {
+      expect(result.data.resourceId).toBe('my-workflow')
+      expect(result.data.input).toEqual({ foo: 'bar', nested: { count: 5 } })
+    }
+  })
+
+  it('accepts any arbitrary input shape (unknown passthrough)', () => {
+    const result = ExecuteAsyncEnvelopeSchema.safeParse({
+      resourceId: 'some-resource',
+      input: [1, 2, 3]
+    })
+    expect(result.success).toBe(true)
+  })
+
+  it('accepts input as null (unknown type allows null)', () => {
+    const result = ExecuteAsyncEnvelopeSchema.safeParse({ resourceId: 'r', input: null })
+    expect(result.success).toBe(true)
+  })
+
+  it('accepts payload without input field (input is optional)', () => {
+    const result = ExecuteAsyncEnvelopeSchema.safeParse({ resourceId: 'r' })
+    expect(result.success).toBe(true)
+    if (result.success) {
+      expect(result.data.input).toBeUndefined()
+    }
+  })
+
+  it('rejects an empty resourceId (minLength 1)', () => {
+    expect(ExecuteAsyncEnvelopeSchema.safeParse({ resourceId: '' }).success).toBe(false)
+  })
+
+  it('rejects a missing resourceId', () => {
+    expect(ExecuteAsyncEnvelopeSchema.safeParse({}).success).toBe(false)
+    expect(ExecuteAsyncEnvelopeSchema.safeParse({ input: { x: 1 } }).success).toBe(false)
+  })
+
+  it('rejects resourceId as a non-string type', () => {
+    expect(ExecuteAsyncEnvelopeSchema.safeParse({ resourceId: 42 }).success).toBe(false)
+    expect(ExecuteAsyncEnvelopeSchema.safeParse({ resourceId: null }).success).toBe(false)
+  })
+})
+
+// ---------------------------------------------------------------------------
+// GetExecutionsQuerySchema
+// ---------------------------------------------------------------------------
+
+describe('GetExecutionsQuerySchema', () => {
+  it('accepts an empty query and applies default limit of 50', () => {
+    const result = GetExecutionsQuerySchema.safeParse({})
+    expect(result.success).toBe(true)
+    if (result.success) {
+      expect(result.data.limit).toBe(50)
+    }
+  })
+
+  it('coerces limit from string "10" to number 10', () => {
+    const result = GetExecutionsQuerySchema.safeParse({ limit: '10' })
+    expect(result.success).toBe(true)
+    if (result.success) expect(result.data.limit).toBe(10)
+  })
+
+  it('coerces limit from string "100" to number 100 (upper boundary)', () => {
+    const result = GetExecutionsQuerySchema.safeParse({ limit: '100' })
+    expect(result.success).toBe(true)
+    if (result.success) expect(result.data.limit).toBe(100)
+  })
+
+  it('coerces limit from string "1" to number 1 (lower boundary)', () => {
+    const result = GetExecutionsQuerySchema.safeParse({ limit: '1' })
+    expect(result.success).toBe(true)
+    if (result.success) expect(result.data.limit).toBe(1)
+  })
+
+  it('rejects limit of 101 (above max 100)', () => {
+    expect(GetExecutionsQuerySchema.safeParse({ limit: '101' }).success).toBe(false)
+  })
+
+  it('rejects limit of 0 (below min 1)', () => {
+    expect(GetExecutionsQuerySchema.safeParse({ limit: '0' }).success).toBe(false)
+  })
+
+  it('rejects a negative limit', () => {
+    expect(GetExecutionsQuerySchema.safeParse({ limit: '-1' }).success).toBe(false)
+  })
+
+  it('rejects a non-numeric string for limit', () => {
+    expect(GetExecutionsQuerySchema.safeParse({ limit: 'abc' }).success).toBe(false)
+  })
+
+  it('accepts status as an optional string filter', () => {
+    const result = GetExecutionsQuerySchema.safeParse({ status: 'running' })
+    expect(result.success).toBe(true)
+    if (result.success) expect(result.data.status).toBe('running')
+  })
+
+  it('accepts status as undefined (optional field omitted)', () => {
+    const result = GetExecutionsQuerySchema.safeParse({})
+    expect(result.success).toBe(true)
+    if (result.success) expect(result.data.status).toBeUndefined()
+  })
+
+  it('note: GetExecutionsQuerySchema does not have an offset field', () => {
+    // The schema only defines limit and status -- no offset field exists.
+    // Passing offset is neither rejected nor coerced (schema is not strict).
+    const result = GetExecutionsQuerySchema.safeParse({ limit: '10', offset: '5' })
+    expect(result.success).toBe(true)
+  })
+})

package/src/integrations/oauth/__tests__/provider-registry.test.ts

@@ -38,12 +38,13 @@ describe('OAuth Provider Registry', () => {
   })
 
   describe('listProviders', () => {
-    it('should return all providers as array', () => {
-      const providers = listProviders()
-      expect(providers).toHaveLength(2)
-      expect(providers).toContainEqual(OAUTH_PROVIDERS['google-sheets'])
-      expect(providers).toContainEqual(OAUTH_PROVIDERS.dropbox)
-    })
+    it('should return all providers as array', () => {
+      const providers = listProviders()
+      expect(providers).toHaveLength(Object.keys(OAUTH_PROVIDERS).length)
+      expect(providers).toContainEqual(OAUTH_PROVIDERS['google-sheets'])
+      expect(providers).toContainEqual(OAUTH_PROVIDERS['google-calendar'])
+      expect(providers).toContainEqual(OAUTH_PROVIDERS.dropbox)
+    })
 
     it('should return array with correct provider structure', () => {
       const providers = listProviders()

package/src/integrations/oauth/provider-registry.ts

@@ -1,61 +1,74 @@
-import type { OAuthProviderConfig } from './types'
-
-/**
- * OAuth Provider Registry
- *
- * Add new integration = add config object here (no new code needed)
- *
- * Standard token exchange methods:
- * - basic-auth: client_id:client_secret in Authorization header
- * - form-encoded: credentials in URL-encoded body (Google)
- * - json-body: credentials in JSON body (most providers)
- *
- * Custom overrides for edge cases:
- * - customAuthFlow: Override authorization URL building
- * - customTokenExchange: Override token exchange logic
- */
-export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
-  'google-sheets': {
-    id: 'google-sheets',
-    name: 'Google Sheets',
-    authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
-    tokenUrl: 'https://oauth2.googleapis.com/token',
-    authParams: {
-      access_type: 'offline', // Required for refresh token
-      prompt: 'consent' // Force consent to get refresh token on reconnect
-    },
-    tokenExchange: 'form-encoded',
-    scopes: ['https://www.googleapis.com/auth/spreadsheets']
-  },
-
-  dropbox: {
-    id: 'dropbox',
-    name: 'Dropbox',
-    authUrl: 'https://www.dropbox.com/oauth2/authorize',
-    tokenUrl: 'https://api.dropboxapi.com/oauth2/token',
-    authParams: {
-      token_access_type: 'offline' // Required for refresh token
-    },
-    tokenExchange: 'form-encoded',
-    scopes: ['files.content.write', 'files.content.read', 'files.metadata.write']
-  }
-}
-
-/**
- * Get provider config by ID
- * @throws Error if provider not found
- */
-export function getProviderConfig(providerId: string): OAuthProviderConfig {
-  const config = OAUTH_PROVIDERS[providerId]
-  if (!config) {
-    throw new Error(`Unknown OAuth provider: ${providerId}`)
-  }
-  return config
-}
-
-/**
- * List all available providers (for frontend)
- */
-export function listProviders(): OAuthProviderConfig[] {
-  return Object.values(OAUTH_PROVIDERS)
-}
+import type { OAuthProviderConfig } from './types'
+
+/**
+ * OAuth Provider Registry
+ *
+ * Add new integration = add config object here (no new code needed)
+ *
+ * Standard token exchange methods:
+ * - basic-auth: client_id:client_secret in Authorization header
+ * - form-encoded: credentials in URL-encoded body (Google)
+ * - json-body: credentials in JSON body (most providers)
+ *
+ * Custom overrides for edge cases:
+ * - customAuthFlow: Override authorization URL building
+ * - customTokenExchange: Override token exchange logic
+ */
+export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
+  'google-sheets': {
+    id: 'google-sheets',
+    name: 'Google Sheets',
+    authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
+    tokenUrl: 'https://oauth2.googleapis.com/token',
+    authParams: {
+      access_type: 'offline', // Required for refresh token
+      prompt: 'consent' // Force consent to get refresh token on reconnect
+    },
+    tokenExchange: 'form-encoded',
+    scopes: ['https://www.googleapis.com/auth/spreadsheets']
+  },
+
+  'google-calendar': {
+    id: 'google-calendar',
+    name: 'Google Calendar',
+    authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
+    tokenUrl: 'https://oauth2.googleapis.com/token',
+    authParams: {
+      access_type: 'offline', // Required for refresh token
+      prompt: 'consent' // Force consent to get refresh token on reconnect
+    },
+    tokenExchange: 'form-encoded',
+    scopes: ['https://www.googleapis.com/auth/calendar.readonly']
+  },
+
+  dropbox: {
+    id: 'dropbox',
+    name: 'Dropbox',
+    authUrl: 'https://www.dropbox.com/oauth2/authorize',
+    tokenUrl: 'https://api.dropboxapi.com/oauth2/token',
+    authParams: {
+      token_access_type: 'offline' // Required for refresh token
+    },
+    tokenExchange: 'form-encoded',
+    scopes: ['files.content.write', 'files.content.read', 'files.metadata.write']
+  }
+}
+
+/**
+ * Get provider config by ID
+ * @throws Error if provider not found
+ */
+export function getProviderConfig(providerId: string): OAuthProviderConfig {
+  const config = OAUTH_PROVIDERS[providerId]
+  if (!config) {
+    throw new Error(`Unknown OAuth provider: ${providerId}`)
+  }
+  return config
+}
+
+/**
+ * List all available providers (for frontend)
+ */
+export function listProviders(): OAuthProviderConfig[] {
+  return Object.values(OAUTH_PROVIDERS)
+}

package/src/integrations/oauth/server/credentials.ts

@@ -1,39 +1,43 @@
-/**
- * OAuth Provider Credentials
- * Maps provider IDs to environment variable names
- * Single source of truth for credential lookup
- */
-
-const PROVIDER_ENV_VARS: Record<string, { clientIdEnv: string; clientSecretEnv: string }> = {
-  'google-sheets': {
-    clientIdEnv: 'GOOGLE_OAUTH_CLIENT_ID',
-    clientSecretEnv: 'GOOGLE_OAUTH_CLIENT_SECRET'
-  },
-  dropbox: {
-    clientIdEnv: 'DROPBOX_APP_KEY',
-    clientSecretEnv: 'DROPBOX_APP_SECRET'
-  }
-}
-
-/**
- * Get OAuth client credentials for a provider
- * @throws Error if provider unknown or credentials missing
- */
-export function getOAuthCredentials(providerId: string): { clientId: string; clientSecret: string } {
-  const config = PROVIDER_ENV_VARS[providerId]
-  if (!config) {
-    throw new Error(`Unknown OAuth provider: ${providerId}`)
-  }
-
-  const clientId = process.env[config.clientIdEnv]
-  const clientSecret = process.env[config.clientSecretEnv]
-
-  if (!clientId) {
-    throw new Error(`Missing environment variable: ${config.clientIdEnv}`)
-  }
-  if (!clientSecret) {
-    throw new Error(`Missing environment variable: ${config.clientSecretEnv}`)
-  }
-
-  return { clientId, clientSecret }
-}
+/**
+ * OAuth Provider Credentials
+ * Maps provider IDs to environment variable names
+ * Single source of truth for credential lookup
+ */
+
+const PROVIDER_ENV_VARS: Record<string, { clientIdEnv: string; clientSecretEnv: string }> = {
+  'google-sheets': {
+    clientIdEnv: 'GOOGLE_OAUTH_CLIENT_ID',
+    clientSecretEnv: 'GOOGLE_OAUTH_CLIENT_SECRET'
+  },
+  'google-calendar': {
+    clientIdEnv: 'GOOGLE_OAUTH_CLIENT_ID',
+    clientSecretEnv: 'GOOGLE_OAUTH_CLIENT_SECRET'
+  },
+  dropbox: {
+    clientIdEnv: 'DROPBOX_APP_KEY',
+    clientSecretEnv: 'DROPBOX_APP_SECRET'
+  }
+}
+
+/**
+ * Get OAuth client credentials for a provider
+ * @throws Error if provider unknown or credentials missing
+ */
+export function getOAuthCredentials(providerId: string): { clientId: string; clientSecret: string } {
+  const config = PROVIDER_ENV_VARS[providerId]
+  if (!config) {
+    throw new Error(`Unknown OAuth provider: ${providerId}`)
+  }
+
+  const clientId = process.env[config.clientIdEnv]
+  const clientSecret = process.env[config.clientSecretEnv]
+
+  if (!clientId) {
+    throw new Error(`Missing environment variable: ${config.clientIdEnv}`)
+  }
+  if (!clientSecret) {
+    throw new Error(`Missing environment variable: ${config.clientSecretEnv}`)
+  }
+
+  return { clientId, clientSecret }
+}

package/src/knowledge/__tests__/queries.test.ts

@@ -384,6 +384,95 @@ describe('parsePath — invalid inputs', () => {
   })
 })
 
+// ---------------------------------------------------------------------------
+// parsePath — edge cases
+// ---------------------------------------------------------------------------
+
+describe('parsePath edge cases', () => {
+  // Whitespace handling — the parser does NOT trim the incoming string.
+  // A path with leading whitespace does not start with '/' so it throws.
+  it('throws on path with leading whitespace', () => {
+    expect(() => parsePath(' /by-kind/playbook')).toThrow('parsePath: path must start with "/"')
+  })
+
+  // Trailing whitespace becomes part of the last segment (not stripped).
+  // The segment is non-empty so parsing proceeds and the whitespace is
+  // included verbatim in the returned arg.
+  it('preserves trailing whitespace inside the last segment', () => {
+    const result = parsePath('/by-kind/playbook ')
+    expect(result.mount).toBe('by-kind')
+    expect(result.args[0]).toBe('playbook ')
+  })
+
+  // Multiple trailing slashes are all stripped (regex /\/+$/).
+  it('strips multiple trailing slashes', () => {
+    expect(parsePath('/by-kind/playbook///')).toEqual({ mount: 'by-kind', args: ['playbook'] })
+  })
+
+  // Lone-slash variants — a path of only slashes normalises to an empty
+  // segments list and must throw the root-with-no-mount error.
+  it('throws on path consisting only of slashes', () => {
+    expect(() => parsePath('///')).toThrow('parsePath: path resolves to root with no mount')
+  })
+
+  // Case sensitivity — parsePath does not normalise case.
+  // 'Playbook' (capitalised) is passed through as-is to the caller.
+  it('preserves node-id case (no case normalisation)', () => {
+    // /by-kind takes rest[0] verbatim
+    const result = parsePath('/by-kind/Playbook')
+    expect(result.args[0]).toBe('Playbook')
+  })
+
+  // Feature ID: dot notation passes through unchanged.
+  it('/by-feature/sales.crm preserves dot notation', () => {
+    expect(parsePath('/by-feature/sales.crm')).toEqual({ mount: 'by-feature', args: ['sales.crm'] })
+  })
+
+  // Feature ID: slash notation joins rest segments with '/'.
+  // The parser does NOT convert slashes to dots — the caller must normalise.
+  it('/by-feature/sales/crm joins segments with slash (no dot conversion)', () => {
+    const result = parsePath('/by-feature/sales/crm')
+    expect(result.mount).toBe('by-feature')
+    // args[0] is 'sales/crm', NOT 'sales.crm'
+    expect(result.args[0]).toBe('sales/crm')
+  })
+
+  // /by-kind silently ignores extra path segments beyond the kind argument.
+  it('/by-kind/playbook/extra silently uses only first kind segment', () => {
+    // First segment after 'by-kind' is taken; extra is ignored.
+    const result = parsePath('/by-kind/playbook/extra')
+    expect(result.mount).toBe('by-kind')
+    expect(result.args[0]).toBe('playbook')
+    expect(result.args).toHaveLength(1)
+  })
+
+  // /by-owner joins rest with '/' (same behaviour as /by-feature).
+  it('/by-owner/role.ops-lead/sub joins segments with slash', () => {
+    const result = parsePath('/by-owner/role.ops-lead/sub')
+    expect(result.mount).toBe('by-owner')
+    expect(result.args[0]).toBe('role.ops-lead/sub')
+  })
+
+  // Graph node ID may contain a colon prefix (e.g. knowledge:knowledge.foo).
+  // The parser accepts it — the rest before the verb is joined with '/'.
+  it('/graph/<prefixed-nodeId>/governs round-trips the prefixed id', () => {
+    const result = parsePath('/graph/knowledge:knowledge.test-node/governs')
+    expect(result.mount).toBe('graph')
+    expect(result.args[0]).toBe('knowledge:knowledge.test-node')
+    expect(result.args[1]).toBe('governs')
+  })
+
+  // /graph with no arguments at all (just '/graph').
+  it('throws on /graph with no nodeId or verb', () => {
+    expect(() => parsePath('/graph')).toThrow('/graph requires <nodeId>/<verb>')
+  })
+
+  // /node mount — single-segment path works for any non-reserved first segment.
+  it('single-segment non-reserved path is treated as node mount', () => {
+    expect(parsePath('/knowledge.my-doc')).toEqual({ mount: 'node', args: ['knowledge.my-doc'] })
+  })
+})
+
 // ---------------------------------------------------------------------------
 // formatText
 // ---------------------------------------------------------------------------

package/src/organization-model/__tests__/icons.test.ts

@@ -24,4 +24,65 @@ describe('OrganizationModelIconTokenSchema', () => {
       expect(OrganizationModelIconTokenSchema.safeParse(token).success).toBe(false)
     }
   })
+
+  // max-length — CustomIconTokenSchema allows at most 80 characters
+  it('rejects custom token exceeding 80 characters', () => {
+    // 'custom.' is 7 chars; pad with 'a' so total = 81
+    const token = 'custom.' + 'a'.repeat(74)
+    expect(token.length).toBe(81)
+    expect(OrganizationModelIconTokenSchema.safeParse(token).success).toBe(false)
+  })
+
+  it('accepts custom token at exactly 80 characters', () => {
+    // 'custom.' = 7 chars, fill rest with 'a' to reach exactly 80
+    const token = 'custom.' + 'a'.repeat(73)
+    expect(token.length).toBe(80)
+    expect(OrganizationModelIconTokenSchema.safeParse(token).success).toBe(true)
+  })
+
+  // invalid charset — custom token regex only allows [a-z0-9] with [-._] separators
+  it('rejects custom token with uppercase letters in the suffix', () => {
+    expect(OrganizationModelIconTokenSchema.safeParse('custom.MyIcon').success).toBe(false)
+  })
+
+  it('rejects custom token with spaces', () => {
+    expect(OrganizationModelIconTokenSchema.safeParse('custom.my icon').success).toBe(false)
+  })
+
+  it('rejects custom token with a leading separator (double-dot)', () => {
+    expect(OrganizationModelIconTokenSchema.safeParse('custom..icon').success).toBe(false)
+  })
+
+  it('rejects custom token with a trailing separator', () => {
+    expect(OrganizationModelIconTokenSchema.safeParse('custom.icon-').success).toBe(false)
+  })
+
+  // missing prefix — tokens without the 'custom.' prefix that are not built-ins
+  it('rejects token that looks like a custom slug but lacks the custom. prefix', () => {
+    expect(OrganizationModelIconTokenSchema.safeParse('my-icon').success).toBe(false)
+    expect(OrganizationModelIconTokenSchema.safeParse('org.my-icon').success).toBe(false)
+  })
+})
+
+// ---------------------------------------------------------------------------
+// OrganizationModelBuiltinIconTokenSchema — only accepts built-ins
+// ---------------------------------------------------------------------------
+
+describe('OrganizationModelBuiltinIconTokenSchema', () => {
+  it('accepts every entry in ORGANIZATION_MODEL_ICON_TOKENS', () => {
+    for (const token of ORGANIZATION_MODEL_ICON_TOKENS) {
+      expect(OrganizationModelBuiltinIconTokenSchema.safeParse(token).success).toBe(true)
+    }
+  })
+
+  it('rejects custom.* tokens (only built-ins allowed)', () => {
+    expect(OrganizationModelBuiltinIconTokenSchema.safeParse('custom.my-icon').success).toBe(false)
+    expect(OrganizationModelBuiltinIconTokenSchema.safeParse('custom.partner-portal').success).toBe(false)
+  })
+
+  it('rejects arbitrary strings not in the enum', () => {
+    expect(OrganizationModelBuiltinIconTokenSchema.safeParse('book').success).toBe(false)
+    expect(OrganizationModelBuiltinIconTokenSchema.safeParse('').success).toBe(false)
+    expect(OrganizationModelBuiltinIconTokenSchema.safeParse('nav.unknown-item').success).toBe(false)
+  })
 })