@firstpick/pi-package-webui 0.3.6 → 0.3.8

package/tests/native-parity-harness.test.mjs

@@ -0,0 +1,147 @@
+import assert from "node:assert/strict";
+import { readFile } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import {
+  assertNativeCommandTrust,
+  evaluateDispatchTrustGuards,
+  evaluateTrustGuards,
+  guardsForNativeCommand,
+  isLocalAddress,
+  isLocalRequest,
+  LOCALHOST_ONLY_POST_ROUTES,
+  remoteShellTrustWarning,
+  requireLocalhost,
+  requireLocalhostRoute,
+  TRUST_GUARD_TYPES,
+} from "../lib/trust-boundaries.mjs";
+import {
+  nativeCommandBlocked,
+  nativeCommandResponse,
+  nativeCommandUnavailable,
+  nativeParitySurfaceForCommand,
+  nativeSlashCommandEntries,
+  NATIVE_COMMAND_STATUSES,
+  NATIVE_REFRESH_TARGETS,
+  parseSlashCommand,
+  rpcSuccess,
+} from "../lib/native-command-adapter.mjs";
+
+const root = join(dirname(fileURLToPath(import.meta.url)), "..");
+const parity = JSON.parse(await readFile(join(root, "WEBUI_TUI_NATIVE_PARITY.json"), "utf8"));
+
+const localReq = { socket: { remoteAddress: "127.0.0.1" } };
+const remoteReq = { socket: { remoteAddress: "192.168.1.50" } };
+
+assert.equal(isLocalAddress("127.0.0.1"), true);
+assert.equal(isLocalAddress("::ffff:127.0.0.1"), true);
+assert.equal(isLocalAddress("::1"), true);
+assert.equal(isLocalAddress("192.168.1.50"), false);
+assert.equal(isLocalRequest(localReq), true);
+assert.equal(isLocalRequest(remoteReq), false);
+
+assert.throws(() => requireLocalhost(remoteReq, "blocked"), (error) => error.statusCode === 403);
+assert.throws(() => requireLocalhostRoute(remoteReq, "/api/update"), (error) => error.statusCode === 403);
+assert.doesNotThrow(() => requireLocalhostRoute(localReq, "/api/update"));
+
+for (const pathname of LOCALHOST_ONLY_POST_ROUTES.keys()) {
+  assert.match(pathname, /^\/api\//, `${pathname} should be an API route`);
+}
+
+for (const guard of parity.guardTaxonomy) {
+  assert.ok(TRUST_GUARD_TYPES.has(guard), `trust-boundaries should know parity guard ${guard}`);
+}
+
+const exportGuards = guardsForNativeCommand("export", parity);
+assert.ok(exportGuards.includes("localhost"), "export should declare localhost guard in parity matrix");
+
+const exportDispatchLocal = evaluateDispatchTrustGuards(exportGuards, { isLocal: true, confirmed: false });
+const exportDispatchRemote = evaluateDispatchTrustGuards(exportGuards, { isLocal: false, confirmed: false, networkOpen: true });
+assert.equal(exportDispatchLocal.allowed, true);
+assert.equal(exportDispatchRemote.allowed, false);
+assert.ok(exportDispatchRemote.blocked.includes("localhost"));
+
+const exportFullLocal = evaluateTrustGuards(exportGuards, { isLocal: true, confirmed: false });
+assert.equal(exportFullLocal.allowed, false);
+assert.ok(exportFullLocal.blocked.includes("confirmation"));
+
+// Dispatch enforcement is guards-driven: every slash command declaring a
+// localhost/trusted-context guard must block remote contexts, sensitive or not.
+for (const surface of parity.surfaces) {
+  if (surface.kind !== "slash-command") continue;
+  const guards = guardsForNativeCommand(surface.command.name, parity);
+  const dispatchGuarded = guards.some((guard) => guard === "localhost" || guard === "trusted-context");
+  const remoteEvaluation = evaluateDispatchTrustGuards(guards, { isLocal: false, confirmed: true, networkOpen: true });
+  assert.equal(
+    remoteEvaluation.allowed,
+    !dispatchGuarded,
+    `/${surface.command.name} remote dispatch should be ${dispatchGuarded ? "blocked" : "allowed"} based on its guards`,
+  );
+  const localEvaluation = evaluateDispatchTrustGuards(guards, { isLocal: true, confirmed: true, networkOpen: false });
+  assert.equal(localEvaluation.allowed, true, `/${surface.command.name} localhost dispatch should be allowed`);
+}
+
+assert.throws(
+  () => assertNativeCommandTrust(remoteReq, "export", parity),
+  (error) => error.statusCode === 403 && error.trust?.command === "export",
+);
+
+const parsedExport = parseSlashCommand("/export out.html", new Set(["export", "copy"]));
+assert.deepEqual(parsedExport, { name: "export", args: "out.html", text: "/export out.html" });
+assert.equal(parseSlashCommand("/copy", new Set(["export"])), undefined);
+
+const success = nativeCommandResponse(
+  "copy",
+  { status: "succeeded", message: "Copied the last assistant message.", copyText: "hello" },
+  parity,
+);
+assert.equal(success.command, "native_slash_command");
+assert.equal(success.success, true);
+assert.equal(success.data.command, "copy");
+assert.equal(success.data.status, "succeeded");
+assert.ok(Array.isArray(success.data.cards) && success.data.cards.length === 1);
+assert.equal(success.data.cards[0].content, "Copied the last assistant message.");
+assert.deepEqual(success.data.refresh, ["state"]);
+
+const unavailable = nativeCommandUnavailable("import", {}, parity);
+assert.equal(unavailable.data.status, "unavailable");
+assert.ok(unavailable.data.message.includes("/import is not available"));
+assert.ok(Array.isArray(unavailable.data.cards));
+
+const blocked = nativeCommandBlocked("export", remoteReq, parity, { networkOpen: true });
+assert.equal(blocked.data.status, "blocked");
+assert.match(blocked.data.message, /blocked/i);
+
+const hotkeysSurface = nativeParitySurfaceForCommand("hotkeys", parity);
+assert.equal(hotkeysSurface.webStatus, "degraded");
+const hotkeys = nativeCommandResponse("hotkeys", { status: "degraded", message: "keys" }, parity);
+assert.equal(hotkeys.data.status, "degraded");
+
+const reload = nativeCommandResponse("reload", { status: "succeeded", message: "ok", tab: { id: "t1" }, refresh: ["tabs", "state", "commands"] }, parity);
+assert.deepEqual(reload.data.refresh, ["tabs", "state", "commands"]);
+
+for (const status of ["succeeded", "degraded", "unavailable", "confirmation_required", "blocked"]) {
+  assert.ok(NATIVE_COMMAND_STATUSES.has(status), `adapter should support status ${status}`);
+}
+
+for (const target of ["state", "tabs", "commands", "themes", "workspace"]) {
+  assert.ok(NATIVE_REFRESH_TARGETS.has(target), `adapter should support refresh target ${target}`);
+}
+
+const slashCommands = nativeSlashCommandEntries(parity);
+assert.equal(slashCommands.length, 24);
+assert.equal(slashCommands[0].name, "settings");
+assert.equal(slashCommands.at(-1).name, "quit");
+
+const warning = remoteShellTrustWarning(remoteReq, true);
+assert.match(warning, /not on localhost/i);
+assert.equal(remoteShellTrustWarning(localReq, true), undefined);
+
+assert.deepEqual(rpcSuccess("get_state", { ok: true }), {
+  type: "response",
+  command: "get_state",
+  success: true,
+  data: { ok: true },
+});
+
+console.log("native-parity-harness.test.mjs passed");

package/tests/native-parity.test.mjs

@@ -108,14 +108,28 @@ for (const id of [
   const surface = parity.surfaces.find((item) => item.id === id);
   assert.ok(surface, `P0 foundation surface ${id} should be tracked`);
   assert.equal(surface.priority, "P0", `${id} should remain P0`);
+  assert.equal(surface.webStatus, "implemented", `${id} should be implemented`);
 }
 
 assert.match(server, /WEBUI_TUI_NATIVE_PARITY\.json/, "server should load the native parity matrix file");
-assert.match(server, /function nativeSlashCommandEntries\(matrix = nativeParityMatrix\)/, "server should derive native slash commands from the parity matrix");
-assert.match(server, /const NATIVE_SLASH_COMMANDS = nativeSlashCommandEntries\(\)/, "native slash commands should use the matrix-derived source of truth");
-assert.match(server, /function nativeCommandResponse\(command, data = \{\}\)/, "server should define a centralized native command adapter response helper");
-assert.match(server, /function nativeCommandUnavailable\(command, details = \{\}\)/, "server should define structured unavailable native command output");
-assert.match(server, /default:\n\s+return nativeCommandUnavailable\(parsed\.name\)/, "unsupported native commands should return structured unavailable cards instead of raw HTTP errors");
+assert.match(server, /from "\.\.\/lib\/native-command-adapter\.mjs"/, "server should import the native command adapter module");
+assert.match(server, /from "\.\.\/lib\/trust-boundaries\.mjs"/, "server should import the shared trust-boundaries module");
+assert.match(server, /const NATIVE_SLASH_COMMANDS = nativeSlashCommandEntries\(nativeParityMatrix\)/, "native slash commands should use the matrix-derived source of truth");
+assert.match(server, /const respondNative = \(command, data = \{\}\) => nativeCommandResponse\(command, data, nativeParityMatrix\)/, "server should bind native command responses to the parity matrix");
+assert.match(server, /default:\n\s+return unavailableNative\(parsed\.name\)/, "unsupported native commands should return structured unavailable cards instead of raw HTTP errors");
+assert.match(server, /return nativeCommandBlocked\(parsed\.name, req, nativeParityMatrix/, "guarded native commands should return blocked adapter cards for failed trust checks");
+assert.match(
+  server,
+  /const evaluation = evaluateDispatchTrustGuards\(guardsForNativeCommand\(parsed\.name, nativeParityMatrix\)/,
+  "native command dispatch should evaluate matrix guards for every command, not only sensitive ones",
+);
+assert.doesNotMatch(server, /if \(surface\?\.sensitive\)/, "native command dispatch must not key trust checks on the sensitive flag");
+assert.match(server, /requireLocalhostRoute\(req, url\.pathname\)/, "localhost-only API routes should use the shared trust-boundaries helper");
+assert.match(server, /remoteShellTrustWarning\(req, networkStatus\(\)\.open\)/, "remote bash clients should receive LAN shell trust warnings");
+assert.match(server, /url\.pathname === "\/api\/session-rename" && req\.method === "POST"/, "server should expose POST /api/session-rename for resume metadata rename");
+assert.match(server, /url\.pathname === "\/api\/session-delete" && req\.method === "POST"/, "server should expose localhost-only POST /api/session-delete");
+assert.match(server, /url\.pathname === "\/api\/auth-providers" && req\.method === "GET"/, "server should expose GET /api/auth-providers");
+assert.match(server, /url\.pathname === "\/api\/auth-logout" && req\.method === "POST"/, "server should expose localhost-only POST /api/auth-logout");
 assert.match(server, /url\.pathname === "\/api\/native-parity" && req\.method === "GET"/, "server should expose the native parity matrix for clients/tests");
 assert.match(server, /const NATIVE_DOWNLOAD_TOKEN_TTL_MS = 10 \* 60 \* 1000/, "native downloads should use short-lived tokens");
 assert.match(server, /const WEBUI_HELPER_COMMAND = "webui-helper"/, "server should declare the hidden Web UI RPC helper command");
@@ -136,7 +150,9 @@ assert.match(server, /tab\.rpc\.send\(\{ type: "export_html", outputPath \}\)/,
 assert.match(server, /registerNativeDownload\(exportedPath/, "no-path /export should return a short-lived browser download token");
 assert.match(server, /copyFile\(sessionFile, targetPath\)/, "explicit .jsonl /export should copy the active session file");
 assert.match(app, /function triggerNativeDownload\(download\)/, "frontend should know how to trigger native command downloads");
-assert.match(app, /response\?\.command === "native_slash_command" && response\.data\?\.download/, "frontend should handle download responses from native commands");
+assert.match(app, /function applyNativeSlashCommandEffects\(response, message, tabContext/, "frontend should apply centralized native slash-command adapter effects");
+assert.match(app, /data\.download && triggerNativeDownload\(data\.download\)/, "frontend should handle download responses from native commands");
+assert.match(app, /for \(const warning of response\.warnings/, "frontend should surface remote bash trust warnings");
 assert.match(server, /case "\/api\/bash": \{[\s\S]*?return \{ type: "bash", command, excludeFromContext: body\.excludeFromContext === true \}/, "server should expose RPC bash with include/exclude context semantics");
 assert.match(server, /case "\/api\/abort-bash":[\s\S]*?return \{ type: "abort_bash" \}/, "server should expose abort_bash for user bash cancellation");
 assert.match(app, /function parseUserBashInput\(message\)[\s\S]*?text\.startsWith\("!!"\)/, "frontend should detect !! bash commands before prompt forwarding");
@@ -166,4 +182,7 @@ assert.match(app, /enqueueUserBashCommand\(parsed, \{ usesPromptInput, targetTab
 assert.match(server, /function sendQueuedBashCommand\(tab, command\)/, "server should serialize user bash commands per tab");
 assert.match(server, /command\.type === "bash"[\s\S]*?await sendQueuedBashCommand\(tab, command\)[\s\S]*?: await tab\.rpc\.send\(command\)/, "generic POST handling should route bash through the FIFO queue");
 assert.ok(pkg.files.includes("WEBUI_TUI_NATIVE_PARITY.json"), "published package should include the native parity matrix");
+assert.ok(pkg.files.includes("lib"), "published package should include shared Web UI foundation modules");
 assert.ok(pkg.files.includes("webui-rpc-helper.mjs"), "published package should include the Web UI RPC helper extension");
+
+console.log("native-parity.test.mjs passed");

package/tests/run-all.mjs

@@ -0,0 +1,19 @@
+import { spawnSync } from "node:child_process";
+import { readdir } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const testsDir = dirname(fileURLToPath(import.meta.url));
+const files = (await readdir(testsDir)).filter((name) => name.endsWith(".test.mjs")).sort();
+
+const failures = [];
+for (const file of files) {
+  const result = spawnSync(process.execPath, [join(testsDir, file)], { stdio: "inherit" });
+  if (result.status !== 0) failures.push(`${file} (exit ${result.status ?? "signal"})`);
+}
+
+if (failures.length) {
+  console.error(`\n${failures.length}/${files.length} test file(s) failed:\n  ${failures.join("\n  ")}`);
+  process.exit(1);
+}
+console.log(`\nall ${files.length} test files passed`);

package/tests/session-auth-harness.test.mjs

@@ -0,0 +1,140 @@
+import assert from "node:assert/strict";
+import { existsSync } from "node:fs";
+import { mkdtemp, rm, writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { SessionManager } from "@earendil-works/pi-coding-agent";
+import { authProvidersPayload, createAuthContext } from "../lib/auth-actions.mjs";
+import {
+  collectOpenSessionFiles,
+  deleteSessionFile,
+  isSessionPathAllowed,
+  renameSessionMetadata,
+  validateSessionDelete,
+} from "../lib/session-actions.mjs";
+import { LOCALHOST_ONLY_POST_ROUTES } from "../lib/trust-boundaries.mjs";
+
+function sessionHeaderLine(cwd, id = "sample-session") {
+  return `${JSON.stringify({
+    type: "session",
+    version: 3,
+    id,
+    timestamp: new Date().toISOString(),
+    cwd,
+  })}\n`;
+}
+
+const tempDir = await mkdtemp(path.join(tmpdir(), "pi-webui-session-auth-"));
+const outsideDir = await mkdtemp(path.join(tmpdir(), "pi-webui-session-outside-"));
+try {
+  const createdPath = path.join(tempDir, "sample.jsonl");
+  await writeFile(createdPath, sessionHeaderLine(tempDir), "utf8");
+
+  const renamed = await renameSessionMetadata(createdPath, "Live test session", tempDir);
+  assert.equal(renamed.name, "Live test session");
+
+  const reopened = SessionManager.open(createdPath, tempDir);
+  assert.equal(reopened.getSessionName(), "Live test session");
+
+  const openFiles = collectOpenSessionFiles([
+    { sessionFile: createdPath },
+    { lastState: { sessionFile: "/other/session.jsonl" } },
+  ]);
+  assert.ok(openFiles.has(path.resolve(createdPath)));
+
+  const needsConfirm = validateSessionDelete(createdPath, {
+    openSessionFiles: new Set(),
+    currentSessionFile: undefined,
+    confirmed: false,
+  });
+  assert.equal(needsConfirm.allowed, false);
+  assert.equal(needsConfirm.reason, "confirmation_required");
+
+  const blockedActive = validateSessionDelete(createdPath, {
+    openSessionFiles: new Set(),
+    currentSessionFile: createdPath,
+    confirmed: true,
+  });
+  assert.equal(blockedActive.allowed, false);
+  assert.equal(blockedActive.reason, "active_session");
+
+  const blockedOpenTab = validateSessionDelete(createdPath, {
+    openSessionFiles: new Set([path.resolve(createdPath)]),
+    currentSessionFile: undefined,
+    confirmed: true,
+  });
+  assert.equal(blockedOpenTab.allowed, false);
+  assert.equal(blockedOpenTab.reason, "session_in_use");
+
+  // Session-directory confinement (path traversal hardening).
+  const outsidePath = path.join(outsideDir, "outside.jsonl");
+  await writeFile(outsidePath, sessionHeaderLine(outsideDir, "outside-session"), "utf8");
+
+  assert.equal(isSessionPathAllowed(createdPath, [tempDir]), true);
+  assert.equal(isSessionPathAllowed(outsidePath, [tempDir]), false);
+  assert.equal(isSessionPathAllowed(path.join(tempDir, "..", "escape.jsonl"), [tempDir]), false);
+  assert.equal(isSessionPathAllowed(outsidePath, []), true, "empty allowedDirs must mean no confinement");
+
+  const blockedOutside = validateSessionDelete(outsidePath, {
+    openSessionFiles: new Set(),
+    currentSessionFile: undefined,
+    confirmed: true,
+    allowedDirs: [tempDir],
+  });
+  assert.equal(blockedOutside.allowed, false);
+  assert.equal(blockedOutside.reason, "outside_session_dir");
+
+  const allowedInside = validateSessionDelete(createdPath, {
+    openSessionFiles: new Set(),
+    currentSessionFile: undefined,
+    confirmed: true,
+    allowedDirs: [tempDir],
+  });
+  assert.equal(allowedInside.allowed, true);
+
+  await assert.rejects(
+    renameSessionMetadata(outsidePath, "blocked rename", tempDir, { allowedDirs: [tempDir] }),
+    /session directory/i,
+    "rename outside the session dir must be rejected",
+  );
+
+  await assert.rejects(
+    deleteSessionFile(outsidePath, { allowedDirs: [tempDir] }),
+    /session directory/i,
+    "delete outside the session dir must be rejected",
+  );
+  assert.ok(existsSync(outsidePath), "blocked delete must not remove the file");
+
+  // Unlink fallback: force `trash` lookup failure via empty PATH, file must still go away.
+  const deletablePath = path.join(tempDir, "deletable.jsonl");
+  await writeFile(deletablePath, sessionHeaderLine(tempDir, "deletable-session"), "utf8");
+  const savedPath = process.env.PATH;
+  process.env.PATH = path.join(tempDir, "no-bin");
+  let deleted;
+  try {
+    deleted = await deleteSessionFile(deletablePath, { allowedDirs: [tempDir] });
+  } finally {
+    process.env.PATH = savedPath;
+  }
+  assert.equal(deleted.method, "unlink");
+  assert.equal(existsSync(deletablePath), false);
+
+  const auth = createAuthContext();
+  const payload = authProvidersPayload(auth.modelRegistry);
+  assert.ok(Array.isArray(payload.loginProviders));
+  assert.ok(Array.isArray(payload.logoutProviders));
+  assert.equal(payload.browserLoginSupported, false);
+  assert.match(payload.guidance, /Pi TUI/i);
+
+  assert.ok(LOCALHOST_ONLY_POST_ROUTES.has("/api/session-delete"));
+  assert.ok(LOCALHOST_ONLY_POST_ROUTES.has("/api/auth-logout"));
+  assert.ok(
+    LOCALHOST_ONLY_POST_ROUTES.has("/api/network/close"),
+    "closing network access must be localhost-only like opening it",
+  );
+} finally {
+  await rm(tempDir, { recursive: true, force: true });
+  await rm(outsideDir, { recursive: true, force: true });
+}
+
+console.log("session-auth-harness.test.mjs passed");

package/tests/temp-artifacts-harness.test.mjs

@@ -0,0 +1,38 @@
+import assert from "node:assert/strict";
+import { mkdir, mkdtemp, readdir, rm, utimes, writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { sweepStaleTempEntries } from "../lib/temp-artifacts.mjs";
+
+const root = await mkdtemp(path.join(tmpdir(), "pi-webui-temp-sweep-"));
+try {
+  const missing = await sweepStaleTempEntries(path.join(root, "missing"), { ttlMs: 1_000 });
+  assert.deepEqual(missing, [], "missing directory must sweep to nothing without throwing");
+
+  const staleDir = path.join(root, "stale-upload");
+  await mkdir(staleDir, { recursive: true });
+  await writeFile(path.join(staleDir, "attachment.txt"), "old", "utf8");
+  const freshDir = path.join(root, "fresh-upload");
+  await mkdir(freshDir, { recursive: true });
+  const staleFile = path.join(root, "stale-export.html");
+  await writeFile(staleFile, "old", "utf8");
+  const freshFile = path.join(root, "fresh-export.html");
+  await writeFile(freshFile, "new", "utf8");
+
+  const past = new Date(Date.now() - 60_000);
+  await utimes(staleDir, past, past);
+  await utimes(staleFile, past, past);
+
+  const removed = await sweepStaleTempEntries(root, { ttlMs: 30_000 });
+  assert.deepEqual(new Set(removed), new Set([staleDir, staleFile]), "only entries older than the TTL are removed");
+
+  const remaining = (await readdir(root)).sort();
+  assert.deepEqual(remaining, ["fresh-export.html", "fresh-upload"], "fresh entries must survive the sweep");
+
+  const repeat = await sweepStaleTempEntries(root, { ttlMs: 30_000 });
+  assert.deepEqual(repeat, [], "repeat sweep with no stale entries removes nothing");
+} finally {
+  await rm(root, { recursive: true, force: true });
+}
+
+console.log("temp-artifacts-harness.test.mjs passed");