@jira-deploy/core 1.0.5 → 1.0.7

package/constants/users.js

@@ -5,12 +5,12 @@
  */
 export const USER_MAP = {
   // 格式：'名稱/暱稱（不分大小寫）': 'accountId'
-  'Solar Chen': 'BK00619',
-  'Rex Li': 'BK00619',
-  'James Yu': 'BK00619',
-  'Alvin Wang': 'BK00619',
-  'Chester Kuo': 'BK00619',
-  'Riemann Tseng': 'BK00619',
+  'Solar Chen': 'BK00325',
+  'Rex Li': 'BK00325',
+  'James Yu': 'BK00325',
+  'Alvin Wang': 'BK00325',
+  'Chester Kuo': 'BK00325',
+  'Riemann Tseng': 'BK00325',
   // 'Solar Chen': 'BK00129',
   // 'Rex Li': 'BK00136',
   // 'James Yu': 'BK00178',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jira-deploy/core",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "type": "module",
   "main": "./index.js",
   "repository": {
@@ -21,6 +21,7 @@
   },
   "files": [
     "constants/**/*.js",
+    "scripts/**/*.py",
     "tools/**/*.js",
     "*.js"
   ],
@@ -29,6 +30,6 @@
     "dotenv": "^16.3.0"
   },
   "scripts": {
-    "test": "node --test tools.test.js"
+    "test": "node --test tools.test.js tools/jabber.test.js"
   }
 }

package/scripts/jabber_notify.py

@@ -0,0 +1,298 @@
+#!/usr/bin/env python3
+"""
+jabber_notify.py — Send a Jabber message to a MUC room or a specific user.
+
+Usage:
+    python3 src/scripts/jabber_notify.py "<message>"
+
+Required environment variables:
+    JABBER_SERVER
+    JABBER_USER
+    JABBER_DOMAIN
+    JABBER_KEYCHAIN_SERVICE
+    JABBER_KEYCHAIN_ACCOUNT
+
+One of the following must be set:
+    JABBER_ROOM   — MUC room JID (e.g. webqa@conference.linebank.com.tw)
+    JABBER_TO     — Direct message recipient JID (e.g. BK00178@linebank.com.tw)
+
+Optional environment variables:
+    JABBER_PORT (defaults to 5222)
+    JABBER_RESOURCE (defaults to copilot)
+    JABBER_NICK (defaults to Copilot)  — only used for MUC
+
+To add or update Keychain entry:
+    security add-generic-password -a "$JABBER_KEYCHAIN_ACCOUNT" -s "$JABBER_KEYCHAIN_SERVICE" -w
+"""
+
+import base64
+import os
+import socket
+import ssl
+import subprocess
+import sys
+import time
+
+
+def required_env(key: str) -> str:
+    value = os.getenv(key, "").strip()
+    if not value:
+        raise RuntimeError(f"Missing required environment variable: {key}")
+    return value
+
+
+def load_config() -> dict:
+    room = os.getenv("JABBER_ROOM", "").strip()
+    to = os.getenv("JABBER_TO", "").strip()
+    if not room and not to:
+        raise RuntimeError("Either JABBER_ROOM or JABBER_TO must be set")
+    return {
+        "server": required_env("JABBER_SERVER"),
+        "port": int(os.getenv("JABBER_PORT", "5222")),
+        "user": required_env("JABBER_USER"),
+        "domain": required_env("JABBER_DOMAIN"),
+        "resource": os.getenv("JABBER_RESOURCE", "copilot").strip() or "copilot",
+        "room": room,
+        "to": to,
+        "nick": os.getenv("JABBER_NICK", "Copilot").strip() or "Copilot",
+        "keychain_service": required_env("JABBER_KEYCHAIN_SERVICE"),
+        "keychain_account": required_env("JABBER_KEYCHAIN_ACCOUNT"),
+    }
+
+
+def recv_all(sock, timeout=2):
+    sock.settimeout(timeout)
+    data = b""
+    try:
+        while True:
+            chunk = sock.recv(8192)
+            if not chunk:
+                break
+            data += chunk
+    except socket.timeout:
+        pass
+    return data.decode(errors="replace")
+
+
+def get_jabber_password(keychain_service: str, keychain_account: str) -> str:
+    # Keychain credential must be created before using this script.
+    # Example setup:
+    # security add-generic-password -a "$JABBER_KEYCHAIN_ACCOUNT" -s "$JABBER_KEYCHAIN_SERVICE" -w
+    result = subprocess.run(
+        [
+            "security",
+            "find-generic-password",
+            "-s",
+            keychain_service,
+            "-a",
+            keychain_account,
+            "-w",
+        ],
+        capture_output=True,
+        text=True,
+    )
+    if result.returncode != 0:
+        raise RuntimeError(
+            "Cannot read Jabber password from Keychain. "
+            "Check JABBER_KEYCHAIN_SERVICE and JABBER_KEYCHAIN_ACCOUNT."
+        )
+    return result.stdout.strip()
+
+
+def _extract_error_reason(xml_text: str) -> str:
+    reasons = [
+        "not-authorized",
+        "forbidden",
+        "conflict",
+        "service-unavailable",
+        "item-not-found",
+        "not-allowed",
+        "registration-required",
+        "remote-server-not-found",
+        "internal-server-error",
+    ]
+    for reason in reasons:
+        if f"<{reason}" in xml_text:
+            return reason
+    if "<error" in xml_text:
+        return "unknown"
+    return ""
+
+
+def _wait_for_join_confirmation(tls, room: str, nick: str, timeout_seconds: int = 10) -> None:
+    deadline = time.time() + timeout_seconds
+    self_presence_markers = [
+        '<status code="110"',
+        "<status code='110'",
+    ]
+    explicit_nick_markers = [
+        f'from="{room}/{nick}"',
+        f"from='{room}/{nick}'",
+    ]
+    room_presence_markers = [
+        f'from="{room}/',
+        f"from='{room}/",
+    ]
+    saw_room_presence = False
+
+    while time.time() < deadline:
+        chunk = recv_all(tls, 1)
+        if not chunk:
+            continue
+
+        error_reason = _extract_error_reason(chunk)
+        if error_reason:
+            raise RuntimeError(f"Jabber room join failed: {error_reason}")
+
+        if "<presence" in chunk and any(marker in chunk for marker in room_presence_markers):
+            saw_room_presence = True
+            if "type=\"error\"" in chunk or "type='error'" in chunk:
+                raise RuntimeError("Jabber room join failed: error")
+            if "type=\"unavailable\"" in chunk or "type='unavailable'" in chunk:
+                continue
+
+            if any(marker in chunk for marker in self_presence_markers):
+                return
+
+            if any(marker in chunk for marker in explicit_nick_markers):
+                return
+
+    if saw_room_presence:
+        return
+    raise RuntimeError("Jabber room join not confirmed")
+
+
+def _wait_for_message_confirmation(
+    tls,
+    room: str,
+    msg_id: str,
+    timeout_seconds: int = 5,
+) -> None:
+    deadline = time.time() + timeout_seconds
+    id_markers = [f'id="{msg_id}"', f"id='{msg_id}'"]
+
+    while time.time() < deadline:
+        chunk = recv_all(tls, 1)
+        if not chunk:
+            continue
+
+        if "<message" in chunk and any(marker in chunk for marker in id_markers):
+            if "type=\"error\"" in chunk or "type='error'" in chunk:
+                error_reason = _extract_error_reason(chunk) or "error"
+                raise RuntimeError(f"Jabber message rejected: {error_reason}")
+
+        if "<message" in chunk and (
+            "type=\"error\"" in chunk or "type='error'" in chunk
+        ):
+            error_reason = _extract_error_reason(chunk) or "error"
+            raise RuntimeError(f"Jabber message rejected: {error_reason}")
+
+    return
+
+
+def send_to_room(message: str) -> None:
+    config = load_config()
+    password = get_jabber_password(
+        config["keychain_service"],
+        config["keychain_account"],
+    )
+
+    sasl_plain = base64.b64encode(f"\x00{config['user']}\x00{password}".encode()).decode()
+
+    ctx = ssl.create_default_context()
+    ctx.check_hostname = False
+    ctx.verify_mode = ssl.CERT_NONE
+
+    raw = None
+    tls = None
+    try:
+        # ── TCP connect ──────────────────────────────────────────────────────
+        raw = socket.create_connection((config["server"], config["port"]), timeout=10)
+        raw.sendall(
+            f"<?xml version='1.0'?><stream:stream xmlns='jabber:client' version='1.0' "
+            f"xmlns:stream='http://etherx.jabber.org/streams' to='{config['domain']}'>".encode()
+        )
+        time.sleep(0.3)
+        recv_all(raw, 1)
+
+        # ── STARTTLS ─────────────────────────────────────────────────────────
+        raw.sendall(b"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>")
+        time.sleep(0.3)
+        recv_all(raw, 1)
+        tls = ctx.wrap_socket(raw, server_hostname=config["server"])
+
+        # ── Re-open stream over TLS ──────────────────────────────────────────
+        tls.sendall(
+            f"<?xml version='1.0'?><stream:stream xmlns='jabber:client' version='1.0' "
+            f"xmlns:stream='http://etherx.jabber.org/streams' to='{config['domain']}'>".encode()
+        )
+        time.sleep(0.3)
+        recv_all(tls, 1)
+
+        # ── SASL PLAIN auth ──────────────────────────────────────────────────
+        tls.sendall(
+            f"<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>{sasl_plain}</auth>".encode()
+        )
+        time.sleep(1)
+        auth_resp = recv_all(tls, 2)
+        if "success" not in auth_resp:
+            raise RuntimeError("Jabber authentication failed")
+
+        # ── Re-open stream after auth ────────────────────────────────────────
+        tls.sendall(
+            f"<?xml version='1.0'?><stream:stream xmlns='jabber:client' version='1.0' "
+            f"xmlns:stream='http://etherx.jabber.org/streams' to='{config['domain']}'>".encode()
+        )
+        time.sleep(0.5)
+        recv_all(tls, 1)
+
+        # ── Resource bind ────────────────────────────────────────────────────
+        tls.sendall(
+            f'<iq type="set" id="b1"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">'
+            f'<resource>{config["resource"]}</resource></bind></iq>'.encode()
+        )
+        time.sleep(0.5)
+        bind_resp = recv_all(tls, 2)
+        bind_error = _extract_error_reason(bind_resp)
+        if bind_error:
+            raise RuntimeError(f"Jabber resource bind failed: {bind_error}")
+
+        safe_msg = message.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
+        msg_id = f"notify-{int(time.time() * 1000)}"
+
+        if config["to"]:
+            # ── Direct message ───────────────────────────────────────────────
+            tls.sendall(
+                f'<message id="{msg_id}" to="{config["to"]}" type="chat"><body>{safe_msg}</body></message>'.encode()
+            )
+            time.sleep(0.5)
+        else:
+            # ── Join MUC room ────────────────────────────────────────────────
+            tls.sendall(
+                f'<presence to="{config["room"]}/{config["nick"]}"><x xmlns="http://jabber.org/protocol/muc"/></presence>'.encode()
+            )
+            _wait_for_join_confirmation(tls, config["room"], config["nick"], timeout_seconds=20)
+
+            # ── Send MUC message ─────────────────────────────────────────────
+            tls.sendall(
+                f'<message id="{msg_id}" to="{config["room"]}" type="groupchat"><body>{safe_msg}</body></message>'.encode()
+            )
+            _wait_for_message_confirmation(tls, config["room"], msg_id, timeout_seconds=5)
+
+            # ── Leave room ───────────────────────────────────────────────────
+            tls.sendall(f'<presence to="{config["room"]}/{config["nick"]}" type="unavailable"/>'.encode())
+            time.sleep(0.3)
+    finally:
+        if tls is not None:
+            tls.close()
+        elif raw is not None:
+            raw.close()
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print("Usage: python3 src/scripts/jabber_notify.py '<message>'")
+        sys.exit(1)
+    msg = sys.argv[1]
+    send_to_room(msg)
+    print("Jabber message sent")

package/tools/jabber.js

@@ -7,11 +7,36 @@ import fs from 'fs';
 import path from 'path';
 import {error, ok} from './helpers.js';
 
-function getDefaultScriptPath() {
+function realpathOrNull(filePath) {
+  try {
+    return fs.realpathSync(filePath);
+  } catch {
+    return null;
+  }
+}
+
+function unique(values) {
+  return [...new Set(values.filter(Boolean))];
+}
+
+export function resolveJabberNotifyScriptPath({
+  env = process.env,
+  execPath = process.execPath,
+  cwd = process.cwd(),
+} = {}) {
+  if (env.JABBER_NOTIFY_SCRIPT) {
+    return env.JABBER_NOTIFY_SCRIPT;
+  }
+
+  const resolvedExecPath = realpathOrNull(execPath);
   const candidates = [
-    path.resolve(process.cwd(), 'packages/jira-core/scripts/jabber_notify.py'),
-    path.resolve(process.cwd(), 'scripts/jabber_notify.py'),
+    ...unique([resolvedExecPath, execPath]).map((candidate) =>
+      path.resolve(path.dirname(candidate), 'scripts/jabber_notify.py')
+    ),
+    path.resolve(cwd, 'packages/jira-core/scripts/jabber_notify.py'),
+    path.resolve(cwd, 'scripts/jabber_notify.py'),
   ];
+
   return candidates.find((candidate) => fs.existsSync(candidate)) ?? candidates[0];
 }
 
@@ -49,7 +74,7 @@ export function getJabberToolDefinitions() {
 // ── Handler ───────────────────────────────────────────────────────
 
 export async function handleSendJabberMessage(args, _ctx) {
-  const scriptPath = process.env.JABBER_NOTIFY_SCRIPT ?? getDefaultScriptPath();
+  const scriptPath = resolveJabberNotifyScriptPath();
 
   // dryRun 模式：不實際發送，直接回傳預覽
   if (args.dryRun) {

package/tools/jabber.test.js

@@ -0,0 +1,35 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import {mkdtempSync, mkdirSync, writeFileSync} from 'node:fs';
+import {tmpdir} from 'node:os';
+import {join} from 'node:path';
+
+import {resolveJabberNotifyScriptPath} from './jabber.js';
+
+test('resolveJabberNotifyScriptPath ignores empty env and prefers packaged script beside binary', () => {
+  const root = mkdtempSync(join(tmpdir(), 'ares-jabber-'));
+  const binDir = join(root, 'app');
+  const scriptPath = join(binDir, 'scripts', 'jabber_notify.py');
+  mkdirSync(join(binDir, 'scripts'), {recursive: true});
+  writeFileSync(scriptPath, '#!/usr/bin/env python3\n');
+
+  assert.equal(
+    resolveJabberNotifyScriptPath({
+      env: {JABBER_NOTIFY_SCRIPT: ''},
+      execPath: join(binDir, 'ares'),
+      cwd: join(root, 'work'),
+    }),
+    scriptPath,
+  );
+});
+
+test('resolveJabberNotifyScriptPath keeps explicit env override', () => {
+  assert.equal(
+    resolveJabberNotifyScriptPath({
+      env: {JABBER_NOTIFY_SCRIPT: '/custom/jabber_notify.py'},
+      execPath: '/opt/ares/ares',
+      cwd: '/tmp',
+    }),
+    '/custom/jabber_notify.py',
+  );
+});

package/tools.test.js

@@ -1666,7 +1666,7 @@ describe('auto_grayrelease — approval payload handling', () => {
       assert.ok(!result.content[0].text.startsWith('❌'), 'STG approval should continue');
       const data = JSON.parse(result.content[0].text);
       assert.equal(data.finalStatus, 'VERIFY');
-      assert.deepEqual(jira.calls.updateAssignee, [{ issueKey: 'CID-100', accountId: 'BK00619' }]);
+      assert.deepEqual(jira.calls.updateAssignee, [{ issueKey: 'CID-100', accountId: 'BK00325' }]);
     } finally {
       await new Promise((resolve, reject) => {
         server.close((err) => (err ? reject(err) : resolve()));
@@ -1683,7 +1683,7 @@ describe('auto_grayrelease — approval payload handling', () => {
       process.env.POLL_TIMEOUT_MS = '10';
 
       const jira = makeApprovalJira('uat', {
-        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00619', displayName: 'James Yu' } }],
+        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00325', displayName: 'James Yu' } }],
       });
       const result = await executeTool(
         'auto_grayrelease',
@@ -1695,8 +1695,8 @@ describe('auto_grayrelease — approval payload handling', () => {
       const data = JSON.parse(result.content[0].text);
       assert.equal(data.finalStatus, 'VERIFY');
       assert.deepEqual(jira.calls.updateAssignee, [
-        { issueKey: 'CID-101', accountId: 'BK00619' },
-        { issueKey: 'CID-101', accountId: 'BK00619' },
+        { issueKey: 'CID-101', accountId: 'BK00325' },
+        { issueKey: 'CID-101', accountId: 'BK00325' },
       ]);
     } finally {
       restoreEnv();
@@ -1711,7 +1711,7 @@ describe('auto_grayrelease — approval payload handling', () => {
       process.env.POLL_TIMEOUT_MS = '10';
 
       const jira = makeApprovalJira('uat', {
-        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00619', displayName: 'James Yu' } }],
+        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00325', displayName: 'James Yu' } }],
       });
       const result = await executeTool(
         'auto_grayrelease',