@fusionkit/plane 0.1.0

package/dist/test/api.test.js

@@ -0,0 +1,179 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { after, before, test } from "node:test";
+import { generateEd25519KeyPair } from "@fusionkit/protocol";
+import { generateMasterKeyHex, masterKeyFromMaterial } from "../keys.js";
+import { Plane } from "../plane.js";
+import { defaultPolicy } from "../policy.js";
+import { SecretStore } from "../secrets.js";
+import { startPlaneServer } from "../server.js";
+const ADMIN = "api-test-admin";
+let dataDir;
+let baseUrl;
+let server;
+function manifestFixture() {
+    return {
+        version: "warrant.manifest.v1",
+        baseRef: "0".repeat(40),
+        bundleHash: "1".repeat(64),
+        untrackedFiles: [],
+        deniedPatterns: [],
+        deniedPaths: []
+    };
+}
+function requestFixture(overrides = {}) {
+    return {
+        requestedBy: { kind: "human", id: "api-tester" },
+        agentKind: "mock",
+        prompt: "api test task",
+        pool: "default",
+        secretNames: [],
+        workspace: manifestFixture(),
+        network: { defaultDeny: true, allowHosts: [] },
+        budget: {},
+        disclosure: "minimal-context",
+        ...overrides
+    };
+}
+async function http(method, path, options = {}) {
+    const headers = {};
+    if (options.token)
+        headers.authorization = `Bearer ${options.token}`;
+    if (options.body !== undefined)
+        headers["content-type"] = "application/json";
+    const response = await fetch(`${baseUrl}${path}`, {
+        method,
+        headers,
+        body: options.body === undefined ? undefined : JSON.stringify(options.body),
+        redirect: "manual"
+    });
+    const contentType = response.headers.get("content-type") ?? "";
+    const body = contentType.includes("application/json")
+        ? await response.json()
+        : await response.text();
+    return { status: response.status, body, contentType };
+}
+before(async () => {
+    dataDir = mkdtempSync(join(tmpdir(), "warrant-api-test-"));
+    const keys = generateEd25519KeyPair();
+    const policy = defaultPolicy();
+    policy.consent = [{ when: "agent-kind", match: "codex", approvers: ["sec"] }];
+    policy.agents.allow = ["mock", "codex"];
+    const plane = new Plane({
+        dataDir: join(dataDir, "data"),
+        policy,
+        planePrivateKeyPem: keys.privateKeyPem,
+        planePublicKeyPem: keys.publicKeyPem,
+        adminToken: ADMIN,
+        enrollToken: "api-test-enroll",
+        secretStore: new SecretStore(join(dataDir, "secrets.enc"), masterKeyFromMaterial(generateMasterKeyHex()))
+    });
+    const started = await startPlaneServer(plane, { port: 0 });
+    server = started.server;
+    baseUrl = `http://127.0.0.1:${started.port}`;
+});
+after(() => {
+    server.close(() => undefined);
+    rmSync(dataDir, { recursive: true, force: true });
+});
+test("health endpoint requires no auth", async () => {
+    const { status, body } = await http("GET", "/v1/health");
+    assert.equal(status, 200);
+    assert.deepEqual(body, { ok: true, service: "warrant-plane" });
+});
+test("root redirects to the control panel, which serves all assets", async () => {
+    const root = await fetch(`${baseUrl}/`, { redirect: "manual" });
+    assert.equal(root.status, 302);
+    assert.equal(root.headers.get("location"), "/ui/");
+    await root.arrayBuffer();
+    const page = await http("GET", "/ui/");
+    assert.equal(page.status, 200);
+    assert.match(page.contentType, /text\/html/);
+    assert.match(String(page.body), /Warrant — Control Panel/);
+    const css = await http("GET", "/ui/app.css");
+    assert.equal(css.status, 200);
+    assert.match(css.contentType, /text\/css/);
+    const js = await http("GET", "/ui/app.js");
+    assert.equal(js.status, 200);
+    assert.match(js.contentType, /text\/javascript/);
+    assert.match(String(js.body), /control panel/);
+});
+test("admin endpoints fail closed without the admin token", async () => {
+    for (const path of ["/v1/runs", "/v1/runners", "/v1/policy", "/v1/export"]) {
+        const { status } = await http("GET", path);
+        assert.equal(status, 401, `${path} must require auth`);
+    }
+    const { status } = await http("GET", "/v1/runs", { token: "wrong" });
+    assert.equal(status, 401);
+});
+test("policy endpoint returns the snapshot and its hash", async () => {
+    const { status, body } = await http("GET", "/v1/policy", { token: ADMIN });
+    assert.equal(status, 200);
+    const snapshot = body;
+    assert.equal(snapshot.policy.version, "warrant.policy.v1");
+    assert.match(snapshot.policyHash, /^[0-9a-f]{64}$/);
+});
+test("runs can be listed, and unclaimed runs can be cancelled", async () => {
+    const created = await http("POST", "/v1/runs", {
+        token: ADMIN,
+        body: { request: requestFixture() }
+    });
+    assert.equal(created.status, 200);
+    const { runId } = created.body;
+    const list = await http("GET", "/v1/runs", { token: ADMIN });
+    assert.equal(list.status, 200);
+    const { runs } = list.body;
+    const row = runs.find((r) => r.runId === runId);
+    assert.ok(row, "created run must appear in the list");
+    assert.equal(row.status, "created");
+    assert.equal(row.agentKind, "mock");
+    assert.equal(row.hasReceipt, false);
+    const cancelled = await http("POST", `/v1/runs/${runId}/cancel`, {
+        token: ADMIN,
+        body: { actor: { kind: "human", id: "api-tester" } }
+    });
+    assert.equal(cancelled.status, 200);
+    assert.deepEqual(cancelled.body, { runId, status: "cancelled" });
+    const again = await http("POST", `/v1/runs/${runId}/cancel`, {
+        token: ADMIN,
+        body: { actor: { kind: "human", id: "api-tester" } }
+    });
+    assert.equal(again.status, 400, "terminal runs cannot be cancelled twice");
+});
+test("awaiting-approval runs can be cancelled before any contract exists", async () => {
+    const created = await http("POST", "/v1/runs", {
+        token: ADMIN,
+        body: { request: requestFixture({ agentKind: "codex", pool: "default" }) }
+    });
+    assert.equal(created.status, 200);
+    const { runId, status } = created.body;
+    assert.equal(status, "awaiting_approval");
+    const cancelled = await http("POST", `/v1/runs/${runId}/cancel`, {
+        token: ADMIN,
+        body: { actor: { kind: "human", id: "sec" } }
+    });
+    assert.equal(cancelled.status, 200);
+    assert.deepEqual(cancelled.body, { runId, status: "cancelled" });
+});
+test("runner listing reports enrolled runners without token material", async () => {
+    const enrolled = await http("POST", "/v1/runners/enroll", {
+        body: {
+            enrollToken: "api-test-enroll",
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        }
+    });
+    assert.equal(enrolled.status, 200);
+    const { status, body } = await http("GET", "/v1/runners", { token: ADMIN });
+    assert.equal(status, 200);
+    const { runners } = body;
+    assert.ok(runners.length >= 1);
+    const runner = runners[0];
+    assert.ok(runner);
+    assert.match(runner.runnerId ?? "", /^rnr_/);
+    assert.match(runner.keyId ?? "", /^ed25519:/);
+    assert.equal(runner.tokenHash, undefined, "token hashes must not be exposed");
+    assert.equal(runner.publicKeyPem, undefined, "raw PEM is not part of the summary");
+});

package/dist/test/hardening.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/test/hardening.test.js

@@ -0,0 +1,259 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { test } from "node:test";
+import { generateEd25519KeyPair } from "@fusionkit/protocol";
+import { generateMasterKeyHex, masterKeyFromMaterial, open, seal } from "../keys.js";
+import { Plane } from "../plane.js";
+import { defaultPolicy } from "../policy.js";
+import { RateLimiter } from "../ratelimit.js";
+import { SecretStore } from "../secrets.js";
+import { SqliteStore } from "../sqlite-store.js";
+function manifest() {
+    return {
+        version: "warrant.manifest.v1",
+        baseRef: "0".repeat(40),
+        bundleHash: "1".repeat(64),
+        untrackedFiles: [],
+        deniedPatterns: [],
+        deniedPaths: []
+    };
+}
+function runRequest(pool) {
+    return {
+        requestedBy: { kind: "human", id: "tester" },
+        agentKind: "mock",
+        prompt: "hardening",
+        pool,
+        secretNames: [],
+        workspace: manifest(),
+        network: { defaultDeny: true, allowHosts: [] },
+        budget: {},
+        disclosure: "minimal-context"
+    };
+}
+function makePlane(options = {}) {
+    const dir = options.dataDir ?? mkdtempSync(join(tmpdir(), "warrant-hard-"));
+    const keys = generateEd25519KeyPair();
+    const policy = defaultPolicy();
+    const plane = new Plane({
+        dataDir: dir,
+        policy,
+        planePrivateKeyPem: keys.privateKeyPem,
+        planePublicKeyPem: keys.publicKeyPem,
+        adminToken: "admin-tok",
+        enrollToken: "enroll-tok",
+        secretStore: new SecretStore(join(dir, "secrets.enc"), masterKeyFromMaterial(generateMasterKeyHex()))
+    });
+    return {
+        plane,
+        dir,
+        stop: () => {
+            plane.close();
+            rmSync(dir, { recursive: true, force: true });
+        }
+    };
+}
+test("atomic claim: each created run is claimed exactly once", () => {
+    const { plane, stop } = makePlane();
+    try {
+        const a = plane.enrollRunner({
+            enrollToken: "enroll-tok",
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        });
+        const b = plane.enrollRunner({
+            enrollToken: "enroll-tok",
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        });
+        const runIds = new Set();
+        for (let i = 0; i < 20; i++) {
+            runIds.add(plane.requestRun(runRequest("default")).id);
+        }
+        // Two runners drain the queue; every claim must be a distinct run, and
+        // the total claimed must equal the number created (no double-claim, no loss).
+        const claimed = [];
+        for (;;) {
+            const fromA = plane.claim({ runnerToken: a.runnerToken, pool: "default" });
+            const fromB = plane.claim({ runnerToken: b.runnerToken, pool: "default" });
+            if (fromA)
+                claimed.push(fromA.runId);
+            if (fromB)
+                claimed.push(fromB.runId);
+            if (!fromA && !fromB)
+                break;
+        }
+        assert.equal(claimed.length, runIds.size);
+        assert.equal(new Set(claimed).size, claimed.length, "no run was claimed twice");
+        for (const id of claimed)
+            assert.ok(runIds.has(id));
+    }
+    finally {
+        stop();
+    }
+});
+test("plane state (runs, runners) is durable across a restart", () => {
+    const dir = mkdtempSync(join(tmpdir(), "warrant-restart-"));
+    let runId;
+    try {
+        const first = makePlane({ dataDir: dir });
+        first.plane.enrollRunner({
+            enrollToken: "enroll-tok",
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        });
+        runId = first.plane.requestRun(runRequest("default")).id;
+        first.plane.close();
+        // Reopen against the same database: a brand-new plane instance sees the
+        // run and the enrolled runner. (The nonce ledger lives in this same DB,
+        // which is what makes completion replay protection survive restarts.)
+        const second = makePlane({ dataDir: dir });
+        try {
+            assert.equal(second.plane.getRun(runId)?.status, "created");
+            assert.ok(second.plane.listRunners().length >= 1);
+        }
+        finally {
+            second.plane.close();
+        }
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+});
+test("durable nonce ledger rejects a replayed nonce, even after reopen", () => {
+    const dir = mkdtempSync(join(tmpdir(), "warrant-nonce-"));
+    try {
+        const store1 = new SqliteStore(join(dir, "plane.db"));
+        assert.equal(store1.recordClaimNonce("nonce-1", Date.now() + 100000), true);
+        assert.equal(store1.recordClaimNonce("nonce-1", Date.now() + 100000), false);
+        store1.close();
+        // Reopen: the nonce is still present and still rejected.
+        const store2 = new SqliteStore(join(dir, "plane.db"));
+        assert.equal(store2.recordClaimNonce("nonce-1", Date.now() + 100000), false);
+        // Pruning removes expired nonces.
+        assert.equal(store2.recordClaimNonce("nonce-2", Date.now() - 1), true);
+        assert.ok(store2.pruneClaimNonces(Date.now()) >= 1);
+        store2.close();
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+});
+test("principals: issue, role gating, rotation, and revocation", () => {
+    const { plane, stop } = makePlane();
+    try {
+        assert.equal(plane.authenticate("admin-tok")?.role, "admin");
+        assert.equal(plane.checkAdminToken("admin-tok"), true);
+        assert.equal(plane.authenticate("nope"), undefined);
+        const requester = plane.issuePrincipal("ci-bot", "requester");
+        const p = plane.authenticate(requester.token);
+        assert.equal(p?.role, "requester");
+        // requester can create runs but not manage principals.
+        assert.ok(plane.authorize(requester.token, "runs:create"));
+        assert.equal(plane.authorize(requester.token, "principals:manage"), undefined);
+        // Rotation invalidates the old token.
+        const rotated = plane.rotatePrincipal("ci-bot");
+        assert.equal(plane.authenticate(requester.token), undefined);
+        assert.equal(plane.authenticate(rotated.token)?.name, "ci-bot");
+        // Revocation invalidates entirely.
+        assert.equal(plane.revokePrincipal("ci-bot"), true);
+        assert.equal(plane.authenticate(rotated.token), undefined);
+        assert.throws(() => plane.issuePrincipal("admin", "admin"), /already exists/);
+    }
+    finally {
+        stop();
+    }
+});
+test("single-use enroll tokens are consumed exactly once and expire", () => {
+    const { plane, stop } = makePlane();
+    try {
+        const issued = plane.issueEnrollToken({ pool: "default" });
+        const first = plane.enrollRunner({
+            enrollToken: issued.token,
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        });
+        assert.match(first.runnerId, /^rnr_/);
+        // Second use of the same single-use token is rejected.
+        assert.throws(() => plane.enrollRunner({
+            enrollToken: issued.token,
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        }), /invalid enroll token/);
+        // Expired token is rejected.
+        const expired = plane.issueEnrollToken({ pool: "default", ttlMs: -1 });
+        assert.throws(() => plane.enrollRunner({
+            enrollToken: expired.token,
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        }), /invalid enroll token/);
+    }
+    finally {
+        stop();
+    }
+});
+test("rate limiter: token bucket and auth-failure lockout", () => {
+    let nowMs = 1_000_000;
+    const limiter = new RateLimiter({ ratePerSec: 1, burst: 3, authFailureLimit: 3, authFailureWindowMs: 1000 }, () => nowMs);
+    assert.equal(limiter.allow("k"), true);
+    assert.equal(limiter.allow("k"), true);
+    assert.equal(limiter.allow("k"), true);
+    assert.equal(limiter.allow("k"), false, "burst exhausted");
+    nowMs += 1100; // refill ~1 token
+    assert.equal(limiter.allow("k"), true);
+    assert.equal(limiter.isLockedOut("ip"), false);
+    limiter.recordAuthFailure("ip");
+    limiter.recordAuthFailure("ip");
+    assert.equal(limiter.isLockedOut("ip"), false);
+    limiter.recordAuthFailure("ip");
+    assert.equal(limiter.isLockedOut("ip"), true, "locked out after the limit");
+    limiter.recordAuthSuccess("ip");
+    assert.equal(limiter.isLockedOut("ip"), false, "success clears the lockout");
+});
+test("master-key sealing round-trips and rejects the wrong key", () => {
+    const master = masterKeyFromMaterial(generateMasterKeyHex());
+    const sealed = seal(master, Buffer.from("top secret", "utf8"));
+    assert.equal(open(master, sealed).toString("utf8"), "top secret");
+    const other = masterKeyFromMaterial(generateMasterKeyHex());
+    assert.throws(() => open(other, sealed));
+    // The sealed blob does not contain the plaintext.
+    assert.ok(!JSON.stringify(sealed).includes("top secret"));
+});
+test("secret store seals at rest and the master key is required to read", () => {
+    const dir = mkdtempSync(join(tmpdir(), "warrant-secret-"));
+    try {
+        const master = masterKeyFromMaterial(generateMasterKeyHex());
+        const store = new SecretStore(join(dir, "secrets.enc"), master);
+        store.set("API_KEY", "sk-live-do-not-leak");
+        assert.deepEqual(store.release(["API_KEY"]), [
+            { name: "API_KEY", value: "sk-live-do-not-leak" }
+        ]);
+        // A store opened with a different master key cannot read.
+        const wrong = new SecretStore(join(dir, "secrets.enc"), masterKeyFromMaterial(generateMasterKeyHex()));
+        assert.throws(() => wrong.names());
+        store.rotate("API_KEY", "sk-live-rotated");
+        assert.equal(store.release(["API_KEY"])[0]?.value, "sk-live-rotated");
+        assert.equal(store.remove("API_KEY"), true);
+        assert.throws(() => store.release(["API_KEY"]), /not in the store/);
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+});
+test("retention sweep deletes old terminal runs and GCs unreferenced blobs", () => {
+    const { plane, stop } = makePlane();
+    try {
+        // An orphan blob nothing references should be collected.
+        const orphan = plane.blobs.putBlob(Buffer.from("orphan", "utf8"));
+        // A referenced workspace bundle blob should survive.
+        plane.requestRun(runRequest("default"));
+        const result = plane.sweepRetention();
+        assert.ok(result.deletedBlobs >= 1, "orphan blob collected");
+        assert.equal(plane.blobs.getBlob(orphan), undefined);
+    }
+    finally {
+        stop();
+    }
+});

package/dist/test/policy.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/test/policy.test.js

@@ -0,0 +1,78 @@
+import assert from "node:assert/strict";
+import { test } from "node:test";
+import { defaultPolicy, evaluatePolicy } from "../policy.js";
+import { PolicyDeniedError } from "@fusionkit/protocol";
+function policyFixture() {
+    const policy = defaultPolicy();
+    policy.runners.allowPools = ["eng-prod"];
+    policy.agents.allow = ["mock", "claude-code"];
+    policy.network.allowHosts = ["registry.npmjs.org"];
+    policy.secrets.releasable = [
+        { name: "MOCK_SECRET", scope: "test", pools: ["eng-prod"] }
+    ];
+    return policy;
+}
+test("policy allows a compliant run", () => {
+    const decision = evaluatePolicy(policyFixture(), {
+        agentKind: "mock",
+        pool: "eng-prod",
+        secretNames: ["MOCK_SECRET"],
+        allowHosts: ["registry.npmjs.org"]
+    });
+    assert.equal(decision.decision, "allow");
+});
+test("policy fails closed on disallowed agent, pool, secret, host, and budget", () => {
+    const policy = policyFixture();
+    assert.throws(() => evaluatePolicy(policy, {
+        agentKind: "codex",
+        pool: "eng-prod",
+        secretNames: [],
+        allowHosts: []
+    }), PolicyDeniedError);
+    assert.throws(() => evaluatePolicy(policy, {
+        agentKind: "mock",
+        pool: "other-pool",
+        secretNames: [],
+        allowHosts: []
+    }), PolicyDeniedError);
+    assert.throws(() => evaluatePolicy(policy, {
+        agentKind: "mock",
+        pool: "eng-prod",
+        secretNames: ["UNKNOWN_SECRET"],
+        allowHosts: []
+    }), PolicyDeniedError);
+    assert.throws(() => evaluatePolicy(policy, {
+        agentKind: "mock",
+        pool: "eng-prod",
+        secretNames: [],
+        allowHosts: ["exfil.example.com"]
+    }), PolicyDeniedError);
+    assert.throws(() => evaluatePolicy(policy, {
+        agentKind: "mock",
+        pool: "eng-prod",
+        secretNames: [],
+        allowHosts: [],
+        maxSpendUsd: 10_000
+    }), PolicyDeniedError);
+});
+test("policy returns ask when a consent rule matches", () => {
+    const policy = policyFixture();
+    policy.consent = [{ when: "secret-release", approvers: ["security-team"] }];
+    const withSecret = evaluatePolicy(policy, {
+        agentKind: "mock",
+        pool: "eng-prod",
+        secretNames: ["MOCK_SECRET"],
+        allowHosts: []
+    });
+    assert.equal(withSecret.decision, "ask");
+    assert.deepEqual(withSecret.consentRequirements, [
+        "secret-release:MOCK_SECRET"
+    ]);
+    const withoutSecret = evaluatePolicy(policy, {
+        agentKind: "mock",
+        pool: "eng-prod",
+        secretNames: [],
+        allowHosts: []
+    });
+    assert.equal(withoutSecret.decision, "allow");
+});

package/dist/test/server-hardening.test.d.ts

@@ -0,0 +1 @@
+export {};