@elizaos/autonomous 2.0.0-alpha.10

package/test/api/apps-routes.test.ts

@@ -0,0 +1,140 @@
+import { describe, test, expect, vi } from "vitest";
+import {
+  createMockIncomingMessage,
+  createMockHttpResponse,
+} from "../../src/test-support/test-helpers";
+import type {
+  AppsRouteContext,
+  AppManagerLike,
+  PluginManagerLike,
+} from "../../src/api/apps-routes";
+import { handleAppsRoutes } from "../../src/api/apps-routes";
+
+function buildPluginManager(
+  overrides: Partial<PluginManagerLike> = {},
+): PluginManagerLike {
+  return {
+    listInstalledPlugins: vi.fn(async () => []),
+    getRegistryPlugin: vi.fn(async () => null),
+    refreshRegistry: vi.fn(async () => new Map()),
+    searchRegistry: vi.fn(async () => []),
+    installPlugin: vi.fn(async () => ({
+      success: true,
+      pluginName: "test",
+      version: "1.0.0",
+      installPath: "/tmp",
+      requiresRestart: false,
+    })),
+    uninstallPlugin: vi.fn(async () => ({
+      success: true,
+      pluginName: "test",
+      requiresRestart: false,
+    })),
+    listEjectedPlugins: vi.fn(async () => []),
+    ejectPlugin: vi.fn(async () => ({
+      success: true,
+      pluginName: "test",
+      ejectedPath: "/tmp",
+      requiresRestart: false,
+    })),
+    syncPlugin: vi.fn(async () => ({
+      success: true,
+      pluginName: "test",
+      ejectedPath: "/tmp",
+      requiresRestart: false,
+    })),
+    reinjectPlugin: vi.fn(async () => ({
+      success: true,
+      pluginName: "test",
+      removedPath: "/tmp",
+      requiresRestart: false,
+    })),
+    ...overrides,
+  };
+}
+
+function buildAppManager(
+  overrides: Partial<AppManagerLike> = {},
+): AppManagerLike {
+  return {
+    listAvailable: vi.fn(async () => []),
+    search: vi.fn(async () => []),
+    listInstalled: vi.fn(async () => []),
+    launch: vi.fn(async () => ({ success: true })),
+    stop: vi.fn(async () => ({ success: true })),
+    getInfo: vi.fn(async () => null),
+    ...overrides,
+  };
+}
+
+function buildCtx(
+  overrides: Partial<AppsRouteContext> = {},
+): AppsRouteContext {
+  const { res } = createMockHttpResponse();
+  return {
+    req: createMockIncomingMessage({ method: "GET", url: "/" }),
+    res,
+    method: "GET",
+    pathname: "/",
+    url: new URL("http://localhost:2138/"),
+    appManager: buildAppManager(),
+    getPluginManager: () => buildPluginManager(),
+    parseBoundedLimit: vi.fn((raw, fallback = 20) =>
+      raw ? Math.min(Math.max(1, Number(raw)), 100) : fallback,
+    ),
+    json: vi.fn((r, data, status = 200) => {
+      r.writeHead(status);
+      r.end(JSON.stringify(data));
+    }),
+    error: vi.fn((r, message, status = 500) => {
+      r.writeHead(status);
+      r.end(JSON.stringify({ error: message }));
+    }),
+    readJsonBody: vi.fn(async () => null),
+    runtime: null,
+    ...overrides,
+  };
+}
+
+describe("handleAppsRoutes", () => {
+  test("returns false for unrelated path", async () => {
+    const ctx = buildCtx({ pathname: "/api/other" });
+    const handled = await handleAppsRoutes(ctx);
+    expect(handled).toBe(false);
+  });
+
+  test("GET /api/apps returns available apps list", async () => {
+    const { res, getStatus, getJson } = createMockHttpResponse();
+    const apps = [{ name: "test-app", version: "1.0.0" }];
+    const ctx = buildCtx({
+      method: "GET",
+      pathname: "/api/apps",
+      res,
+      appManager: buildAppManager({
+        listAvailable: vi.fn(async () => apps),
+      }),
+    });
+
+    const handled = await handleAppsRoutes(ctx);
+
+    expect(handled).toBe(true);
+    expect(getStatus()).toBe(200);
+    expect(getJson()).toEqual(apps);
+  });
+
+  test("GET /api/apps/search returns empty array for blank query", async () => {
+    const { res, getStatus, getJson } = createMockHttpResponse();
+    const ctx = buildCtx({
+      method: "GET",
+      pathname: "/api/apps/search",
+      url: new URL("http://localhost:2138/api/apps/search?q="),
+      res,
+    });
+
+    const handled = await handleAppsRoutes(ctx);
+
+    expect(handled).toBe(true);
+    expect(getStatus()).toBe(200);
+    expect(getJson()).toEqual([]);
+  });
+});

package/test/api/auth-routes.test.ts

@@ -0,0 +1,160 @@
+import { describe, test, expect, vi, beforeEach, afterEach } from "vitest";
+import {
+  createMockIncomingMessage,
+  createMockHttpResponse,
+} from "../../src/test-support/test-helpers";
+import { handleAuthRoutes } from "../../src/api/auth-routes";
+import type { AuthRouteContext } from "../../src/api/auth-routes";
+
+let envBackup: string | undefined;
+
+beforeEach(() => {
+  envBackup = process.env.MILADY_API_TOKEN;
+  process.env.MILADY_API_TOKEN = "test-token-secret";
+});
+
+afterEach(() => {
+  if (envBackup === undefined) delete process.env.MILADY_API_TOKEN;
+  else process.env.MILADY_API_TOKEN = envBackup;
+});
+
+function buildCtx(
+  method: string,
+  pathname: string,
+  overrides?: Partial<AuthRouteContext>,
+): AuthRouteContext & { getStatus: () => number; getJson: () => unknown } {
+  const { res, getStatus, getJson } = createMockHttpResponse();
+  const req = createMockIncomingMessage({ method, url: pathname });
+  (req as any).socket = { remoteAddress: "127.0.0.1" };
+  const ctx = {
+    req,
+    res,
+    method,
+    pathname,
+    json: vi.fn((r, data, status = 200) => {
+      r.writeHead(status);
+      r.end(JSON.stringify(data));
+    }),
+    error: vi.fn((r, msg, status = 500) => {
+      r.writeHead(status);
+      r.end(JSON.stringify({ error: msg }));
+    }),
+    readJsonBody: vi.fn(async () => null),
+    pairingEnabled: () => true,
+    ensurePairingCode: () => "ABC123",
+    normalizePairingCode: (code: string) => code.toUpperCase().trim(),
+    rateLimitPairing: () => true,
+    getPairingExpiresAt: () => Date.now() + 60_000,
+    clearPairing: vi.fn(),
+    ...overrides,
+  } as AuthRouteContext & { getStatus: () => number; getJson: () => unknown };
+  (ctx as any).getStatus = getStatus;
+  (ctx as any).getJson = getJson;
+  return ctx;
+}
+
+describe("auth-routes", () => {
+  describe("GET /api/auth/status", () => {
+    test("returns pairing status", async () => {
+      const ctx = buildCtx("GET", "/api/auth/status");
+      const handled = await handleAuthRoutes(ctx);
+      expect(handled).toBe(true);
+      expect(ctx.json).toHaveBeenCalledOnce();
+      const payload = (ctx.json as ReturnType<typeof vi.fn>).mock.calls[0][1];
+      expect(payload).toHaveProperty("pairingEnabled", true);
+      expect(payload).toHaveProperty("required");
+      expect(payload).toHaveProperty("expiresAt");
+    });
+
+    test("returns pairingEnabled false when disabled", async () => {
+      const ctx = buildCtx("GET", "/api/auth/status", {
+        pairingEnabled: () => false,
+      });
+      await handleAuthRoutes(ctx);
+      const payload = (ctx.json as ReturnType<typeof vi.fn>).mock.calls[0][1];
+      expect(payload.pairingEnabled).toBe(false);
+      expect(payload.expiresAt).toBeNull();
+    });
+  });
+
+  describe("POST /api/auth/pair", () => {
+    test("succeeds with valid code and returns token", async () => {
+      const ctx = buildCtx("POST", "/api/auth/pair", {
+        readJsonBody: vi.fn(async () => ({ code: "ABC123" })),
+      });
+      const handled = await handleAuthRoutes(ctx);
+      expect(handled).toBe(true);
+      expect(ctx.json).toHaveBeenCalledOnce();
+      const payload = (ctx.json as ReturnType<typeof vi.fn>).mock.calls[0][1];
+      expect(payload).toHaveProperty("token");
+      expect(ctx.clearPairing).toHaveBeenCalled();
+    });
+
+    test("rejects when pairing disabled", async () => {
+      const ctx = buildCtx("POST", "/api/auth/pair", {
+        pairingEnabled: () => false,
+        readJsonBody: vi.fn(async () => ({ code: "ABC123" })),
+        rateLimitPairing: () => true,
+      });
+      await handleAuthRoutes(ctx);
+      expect(ctx.error).toHaveBeenCalled();
+      const args = (ctx.error as ReturnType<typeof vi.fn>).mock.calls[0];
+      expect(args[2]).toBe(403);
+    });
+
+    test("rejects when rate limited", async () => {
+      const ctx = buildCtx("POST", "/api/auth/pair", {
+        rateLimitPairing: () => false,
+        readJsonBody: vi.fn(async () => ({ code: "ABC123" })),
+      });
+      await handleAuthRoutes(ctx);
+      expect(ctx.error).toHaveBeenCalled();
+      const args = (ctx.error as ReturnType<typeof vi.fn>).mock.calls[0];
+      expect(args[2]).toBe(429);
+    });
+
+    test("rejects with wrong code", async () => {
+      const ctx = buildCtx("POST", "/api/auth/pair", {
+        readJsonBody: vi.fn(async () => ({ code: "WRONG" })),
+      });
+      await handleAuthRoutes(ctx);
+      expect(ctx.error).toHaveBeenCalled();
+      const args = (ctx.error as ReturnType<typeof vi.fn>).mock.calls[0];
+      expect(args[2]).toBe(403);
+    });
+
+    test("rejects with no API token set", async () => {
+      delete process.env.MILADY_API_TOKEN;
+      const ctx = buildCtx("POST", "/api/auth/pair", {
+        readJsonBody: vi.fn(async () => ({ code: "ABC123" })),
+      });
+      await handleAuthRoutes(ctx);
+      expect(ctx.error).toHaveBeenCalled();
+      const args = (ctx.error as ReturnType<typeof vi.fn>).mock.calls[0];
+      expect(args[2]).toBe(400);
+    });
+
+    test("rejects expired code", async () => {
+      const ctx = buildCtx("POST", "/api/auth/pair", {
+        getPairingExpiresAt: () => Date.now() - 1000,
+        readJsonBody: vi.fn(async () => ({ code: "ABC123" })),
+      });
+      await handleAuthRoutes(ctx);
+      expect(ctx.error).toHaveBeenCalled();
+      const args = (ctx.error as ReturnType<typeof vi.fn>).mock.calls[0];
+      expect(args[2]).toBe(410);
+    });
+  });
+
+  describe("routing", () => {
+    test("unrelated path returns false", async () => {
+      const ctx = buildCtx("GET", "/api/other");
+      expect(await handleAuthRoutes(ctx)).toBe(false);
+    });
+
+    test("/api/auth/ prefix but unknown sub-path returns false", async () => {
+      const ctx = buildCtx("GET", "/api/auth/unknown");
+      expect(await handleAuthRoutes(ctx)).toBe(false);
+    });
+  });
+});

package/test/api/bug-report-routes.test.ts

@@ -0,0 +1,88 @@
+import { describe, test, expect, vi } from "vitest";
+import {
+  createMockIncomingMessage,
+  createMockHttpResponse,
+} from "../../src/test-support/test-helpers";
+import {
+  handleBugReportRoutes,
+  rateLimitBugReport,
+  resetBugReportRateLimit,
+  sanitize,
+} from "../../src/api/bug-report-routes";
+import type { RouteRequestContext } from "../../src/api/route-helpers";
+
+function buildCtx(
+  overrides: Partial<RouteRequestContext> = {},
+): RouteRequestContext {
+  const { res } = createMockHttpResponse();
+  return {
+    req: createMockIncomingMessage({ method: "GET", url: "/" }),
+    res,
+    method: "GET",
+    pathname: "/",
+    json: vi.fn((r, data, status = 200) => {
+      r.writeHead(status);
+      r.end(JSON.stringify(data));
+    }),
+    error: vi.fn((r, message, status = 500) => {
+      r.writeHead(status);
+      r.end(JSON.stringify({ error: message }));
+    }),
+    readJsonBody: vi.fn(async () => null),
+    ...overrides,
+  };
+}
+
+describe("handleBugReportRoutes", () => {
+  test("returns false for unrelated path", async () => {
+    const ctx = buildCtx({ pathname: "/api/other" });
+    const handled = await handleBugReportRoutes(ctx);
+    expect(handled).toBe(false);
+  });
+
+  test("GET /api/bug-report/info returns node version and platform", async () => {
+    const { res, getStatus, getJson } = createMockHttpResponse();
+    const ctx = buildCtx({
+      method: "GET",
+      pathname: "/api/bug-report/info",
+      res,
+    });
+
+    const handled = await handleBugReportRoutes(ctx);
+
+    expect(handled).toBe(true);
+    expect(getStatus()).toBe(200);
+    const json = getJson<{ nodeVersion: string; platform: string }>();
+    expect(json.nodeVersion).toBe(process.version);
+    expect(typeof json.platform).toBe("string");
+  });
+});
+
+describe("rateLimitBugReport", () => {
+  test("allows first submission", () => {
+    resetBugReportRateLimit();
+    expect(rateLimitBugReport("127.0.0.1")).toBe(true);
+  });
+
+  test("blocks after max submissions", () => {
+    resetBugReportRateLimit();
+    const ip = "10.0.0.1";
+    for (let i = 0; i < 5; i++) {
+      rateLimitBugReport(ip);
+    }
+    expect(rateLimitBugReport(ip)).toBe(false);
+  });
+});
+
+describe("sanitize", () => {
+  test("strips HTML tags", () => {
+    expect(sanitize("<script>alert('xss')</script>hello")).toBe(
+      "alert('xss')hello",
+    );
+  });
+
+  test("truncates to maxLen", () => {
+    const long = "a".repeat(200);
+    expect(sanitize(long, 50).length).toBe(50);
+  });
+});

package/test/api/knowledge-routes.test.ts

@@ -0,0 +1,73 @@
+import { describe, test, expect, vi } from "vitest";
+import {
+  createMockIncomingMessage,
+  createMockHttpResponse,
+} from "../../src/test-support/test-helpers";
+import { handleKnowledgeRoutes } from "../../src/api/knowledge-routes";
+import type { KnowledgeRouteContext } from "../../src/api/knowledge-routes";
+
+function buildCtx(
+  method: string,
+  pathname: string,
+  query = "",
+  overrides?: Partial<KnowledgeRouteContext>,
+): KnowledgeRouteContext {
+  const fullUrl = query ? `${pathname}?${query}` : pathname;
+  const { res } = createMockHttpResponse();
+  return {
+    req: createMockIncomingMessage({ method, url: fullUrl }),
+    res,
+    method,
+    pathname,
+    url: new URL(fullUrl, "http://localhost:2138"),
+    json: vi.fn((r, data, status = 200) => {
+      r.writeHead(status);
+      r.end(JSON.stringify(data));
+    }),
+    error: vi.fn((r, msg, status = 500) => {
+      r.writeHead(status);
+      r.end(JSON.stringify({ error: msg }));
+    }),
+    readJsonBody: vi.fn(async () => ({})),
+    runtime: null,
+    ...overrides,
+  } as KnowledgeRouteContext;
+}
+
+describe("knowledge-routes", () => {
+  describe("GET /api/knowledge", () => {
+    test("requires runtime", async () => {
+      const ctx = buildCtx("GET", "/api/knowledge");
+      const handled = await handleKnowledgeRoutes(ctx);
+      expect(handled).toBe(true);
+      expect(ctx.error).toHaveBeenCalled();
+    });
+  });
+
+  describe("GET /api/knowledge/search", () => {
+    test("requires runtime", async () => {
+      const ctx = buildCtx("GET", "/api/knowledge/search", "q=test");
+      const handled = await handleKnowledgeRoutes(ctx);
+      expect(handled).toBe(true);
+      expect(ctx.error).toHaveBeenCalled();
+    });
+  });
+
+  describe("POST /api/knowledge", () => {
+    test("requires runtime for upload", async () => {
+      const ctx = buildCtx("POST", "/api/knowledge", "", {
+        readJsonBody: vi.fn(async () => ({ title: "test", content: "data" })),
+      });
+      const handled = await handleKnowledgeRoutes(ctx);
+      expect(handled).toBe(true);
+      expect(ctx.error).toHaveBeenCalled();
+    });
+  });
+
+  describe("routing", () => {
+    test("unrelated path returns false", async () => {
+      const ctx = buildCtx("GET", "/api/other");
+      expect(await handleKnowledgeRoutes(ctx)).toBe(false);
+    });
+  });
+});