@junwu168/openshell 0.1.3 → 0.1.4

package/tests/integration/ssh-runtime.test.ts

@@ -1,122 +0,0 @@
-import { afterAll, beforeAll, describe, expect, test } from "bun:test"
-import { startFakeSshServer } from "./fake-ssh-server"
-
-let createSshRuntime: typeof import("../../src/core/ssh/ssh-runtime").createSshRuntime
-
-describe("ssh runtime", () => {
-  let server: Awaited<ReturnType<typeof startFakeSshServer>> | undefined
-  let runtime: ReturnType<typeof createSshRuntime>
-
-  beforeAll(async () => {
-    server = await startFakeSshServer()
-    createSshRuntime = (await import("../../src/core/ssh/ssh-runtime?integration-real")).createSshRuntime
-    runtime = createSshRuntime()
-  }, { timeout: 60_000 })
-
-  afterAll(async () => {
-    await server?.stop()
-  }, { timeout: 30_000 })
-
-  test("executes a safe remote command", async () => {
-    const result = await runtime.exec(server.connection, "cat /tmp/open-code/hosts")
-    expect(result.stdout).toContain("localhost")
-  })
-
-  test("executes commands from a cwd that contains spaces", async () => {
-    await runtime.exec(server.connection, "mkdir -p '/tmp/open code'")
-
-    const result = await runtime.exec(server.connection, "pwd", { cwd: "/tmp/open code" })
-
-    expect(result.stdout.trim()).toBe("/tmp/open code")
-  })
-
-  test("supports relative cwd values that start with a dash", async () => {
-    const home = (await runtime.exec(server.connection, "pwd")).stdout.trim()
-    await runtime.exec(server.connection, "mkdir -- -cwd")
-
-    const result = await runtime.exec(server.connection, "pwd", { cwd: "-cwd" })
-
-    expect(result.stdout.trim()).toBe(`${home}/-cwd`)
-  })
-
-  test("times out long-running commands", async () => {
-    await expect(runtime.exec(server.connection, "sleep 2", { timeout: 50 })).rejects.toThrow(
-      "command timed out after 50ms",
-    )
-  })
-
-  test("reports signal-terminated commands as non-zero exits", async () => {
-    const result = await runtime.exec(server.connection, "sh -lc 'kill -TERM $$'")
-
-    expect(result.exitCode).toBe(143)
-  })
-
-  test("does not allow timed out commands to mutate remote state later", async () => {
-    await runtime.writeFile(server.connection, "/tmp/open-code/app.conf", "port=80\n")
-
-    await expect(
-      runtime.exec(
-        server.connection,
-        "sh -lc \"sleep 1; echo late >> /tmp/open-code/app.conf\"",
-        { timeout: 100 },
-      ),
-    ).rejects.toThrow("command timed out after 100ms")
-
-    await Bun.sleep(1_500)
-
-    expect(await runtime.readFile(server.connection, "/tmp/open-code/app.conf")).toBe("port=80\n")
-  })
-
-  test("writes and reads a remote file through sftp", async () => {
-    await runtime.writeFile(server.connection, "/tmp/open-code/app.conf", "port=80\n")
-
-    expect(await runtime.readFile(server.connection, "/tmp/open-code/app.conf")).toBe("port=80\n")
-  })
-
-  test("lists and stats remote paths", async () => {
-    const entries = await runtime.listDir(server.connection, "/tmp/open-code", false, 50)
-    const recursiveEntries = await runtime.listDir(server.connection, "/tmp/open-code", true, 50)
-
-    expect(entries.some((entry) => entry.name === "hosts")).toBe(true)
-    expect(entries.some((entry) => entry.name === "app.conf")).toBe(true)
-    expect(recursiveEntries).toContain("/tmp/open-code/hosts")
-    await expect(runtime.listDir(server.connection, "/tmp/does-not-exist", true, 50)).rejects.toThrow()
-    expect(await runtime.stat(server.connection, "/tmp/open-code/hosts")).toMatchObject({ isFile: true })
-  })
-
-  test("enforces list limits in both listing modes", async () => {
-    const entries = await runtime.listDir(server.connection, "/tmp/open-code", false, 1)
-    const recursiveEntries = await runtime.listDir(server.connection, "/tmp/open-code", true, 1)
-
-    expect(entries).toHaveLength(1)
-    expect(recursiveEntries).toHaveLength(1)
-  })
-
-  test("times out stalled sftp operations", async () => {
-    const impatientRuntime = createSshRuntime({ operationTimeoutMs: 0 })
-
-    await expect(impatientRuntime.readFile(server.connection, "/tmp/open-code/app.conf")).rejects.toThrow(
-      "ssh operation timed out after 0ms",
-    )
-  })
-
-  test("applies a unified patch before writing the updated file", async () => {
-    const { applyUnifiedPatch } = await import("../../src/core/patch")
-    const current = await runtime.readFile(server.connection, "/tmp/open-code/app.conf")
-    const next = applyUnifiedPatch(
-      current,
-      [
-        "--- app.conf",
-        "+++ app.conf",
-        "@@ -1 +1 @@",
-        "-port=80",
-        "+port=8080",
-        "",
-      ].join("\n"),
-    )
-
-    await runtime.writeFile(server.connection, "/tmp/open-code/app.conf", next)
-
-    expect(await runtime.readFile(server.connection, "/tmp/open-code/app.conf")).toBe("port=8080\n")
-  })
-})

package/tests/unit/audit.test.ts

@@ -1,221 +0,0 @@
-import { describe, expect, test } from "bun:test"
-import { mkdtemp, readFile, readdir, stat } from "node:fs/promises"
-import { join } from "node:path"
-import { tmpdir } from "node:os"
-import { createAuditLogStore } from "../../src/core/audit/log-store"
-import { createGitAuditRepo } from "../../src/core/audit/git-audit-repo"
-import { redactSecrets } from "../../src/core/audit/redact"
-
-const runGit = async (cwd: string, args: string[]) => {
-  const proc = Bun.spawn(["git", ...args], { cwd, stdout: "pipe", stderr: "pipe" })
-  const exitCode = await proc.exited
-  if (exitCode !== 0) throw new Error(await new Response(proc.stderr).text())
-  return (await new Response(proc.stdout).text()).trim()
-}
-
-const exists = async (path: string) => {
-  try {
-    await stat(path)
-    return true
-  } catch {
-    return false
-  }
-}
-
-describe("audit engine", () => {
-  test("preflight prepares the audit log target", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "open-code-audit-preflight-"))
-    const file = join(dir, "actions.jsonl")
-    const store = createAuditLogStore(file)
-
-    await store.preflight()
-
-    const pathStat = await stat(file)
-    expect(pathStat.isFile()).toBe(true)
-  })
-
-  test("redacts secret-looking values before writing JSONL entries", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "open-code-audit-"))
-    const store = createAuditLogStore(join(dir, "actions.jsonl"))
-    await store.preflight()
-    await store.append({ command: "psql postgresql://user:secret@db/app" })
-    const disk = await readFile(join(dir, "actions.jsonl"), "utf8")
-    expect(disk.includes("secret")).toBe(false)
-  })
-
-  test("preserves trailing non-secret query data when redacting key/value values", () => {
-    expect(redactSecrets("token=abc&mode=ro")).toBe("token=[REDACTED]&mode=ro")
-  })
-
-  test("stamps a fresh timestamp even when the entry includes one", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "open-code-audit-timestamp-"))
-    const file = join(dir, "actions.jsonl")
-    const store = createAuditLogStore(file)
-
-    await store.preflight()
-    await store.append({ timestamp: "1999-01-01T00:00:00.000Z", command: "whoami" })
-
-    const [disk] = (await readFile(file, "utf8")).trim().split("\n")
-    const entry = JSON.parse(disk) as { timestamp: string; command: string }
-
-    expect(entry.timestamp).not.toBe("1999-01-01T00:00:00.000Z")
-    expect(entry.command).toBe("whoami")
-  })
-
-  test("keeps traversal inputs inside the audit repo", async () => {
-    const tempRoot = await mkdtemp(join(tmpdir(), "open-code-git-audit-traversal-"))
-    const repoDir = join(tempRoot, "repo")
-    const repo = createGitAuditRepo(repoDir)
-
-    await repo.preflight()
-    await repo.captureChange({
-      server: "../escape",
-      path: "/loot",
-      before: "before\n",
-      after: "after\n",
-    })
-
-    expect(await exists(join(tempRoot, "escape", "loot.before"))).toBe(false)
-    expect(await exists(join(tempRoot, "escape", "loot.after"))).toBe(false)
-
-    let foundAuditArtifact = false
-    const walk = async (dir: string) => {
-      for (const entry of await readdir(dir, { withFileTypes: true })) {
-        const child = join(dir, entry.name)
-        if (entry.isDirectory()) {
-          await walk(child)
-        } else if (entry.name.endsWith(".before") || entry.name.endsWith(".after")) {
-          foundAuditArtifact = true
-        }
-      }
-    }
-    await walk(repoDir)
-
-    expect(foundAuditArtifact).toBe(true)
-  })
-
-  test("stages only the current snapshot artifacts", async () => {
-    const tempRoot = await mkdtemp(join(tmpdir(), "open-code-git-audit-stage-"))
-    const repoDir = join(tempRoot, "repo")
-    const repo = createGitAuditRepo(repoDir)
-
-    await repo.preflight()
-    await Bun.write(join(repoDir, "unrelated.txt"), "keep-out\n")
-    await repo.captureChange({
-      server: "prod-a",
-      path: "/etc/app.conf",
-      before: "port=80\n",
-      after: "port=81\n",
-    })
-
-    const files = await runGit(repoDir, ["show", "--pretty=format:", "--name-only", "HEAD"])
-    expect(files.includes("unrelated.txt")).toBe(false)
-  })
-
-  test("encodes distinct logical targets into distinct repo paths", async () => {
-    const tempRoot = await mkdtemp(join(tmpdir(), "open-code-git-audit-unique-"))
-    const repoDir = join(tempRoot, "repo")
-    const repo = createGitAuditRepo(repoDir)
-
-    await repo.preflight()
-    await repo.captureChange({
-      server: "prod:a",
-      path: "/etc/a?b",
-      before: "one\n",
-      after: "two\n",
-    })
-    await repo.captureChange({
-      server: "prod/a",
-      path: "/etc/a:b",
-      before: "three\n",
-      after: "four\n",
-    })
-
-    let artifactCount = 0
-    const walk = async (dir: string) => {
-      for (const entry of await readdir(dir, { withFileTypes: true })) {
-        const child = join(dir, entry.name)
-        if (entry.isDirectory()) {
-          await walk(child)
-        } else if (entry.name.endsWith(".before") || entry.name.endsWith(".after")) {
-          artifactCount++
-        }
-      }
-    }
-    await walk(repoDir)
-
-    expect(artifactCount).toBe(4)
-  })
-
-  test("keeps hostile path segments inside the repo and distinct", async () => {
-    const tempRoot = await mkdtemp(join(tmpdir(), "open-code-git-audit-hostile-"))
-    const repoDir = join(tempRoot, "repo")
-    const repo = createGitAuditRepo(repoDir)
-
-    await repo.preflight()
-    await repo.captureChange({
-      server: "../escape",
-      path: "/../loot?mode=ro",
-      before: "before\n",
-      after: "after\n",
-    })
-
-    expect(await exists(join(tempRoot, "escape"))).toBe(false)
-
-    let artifactCount = 0
-    const walk = async (dir: string) => {
-      for (const entry of await readdir(dir, { withFileTypes: true })) {
-        const child = join(dir, entry.name)
-        if (entry.isDirectory()) {
-          await walk(child)
-        } else if (entry.name.endsWith(".before") || entry.name.endsWith(".after")) {
-          artifactCount++
-        }
-      }
-    }
-    await walk(repoDir)
-
-    expect(artifactCount).toBe(2)
-  })
-
-  test("records repeated identical captures as distinct commits", async () => {
-    const tempRoot = await mkdtemp(join(tmpdir(), "open-code-git-audit-repeat-"))
-    const repoDir = join(tempRoot, "repo")
-    const repo = createGitAuditRepo(repoDir)
-
-    await repo.preflight()
-    await repo.captureChange({
-      server: "prod-a",
-      path: "/etc/app.conf",
-      before: "port=80\n",
-      after: "port=81\n",
-    })
-
-    const firstCount = await runGit(repoDir, ["rev-list", "--count", "HEAD"])
-
-    await repo.captureChange({
-      server: "prod-a",
-      path: "/etc/app.conf",
-      before: "port=80\n",
-      after: "port=81\n",
-    })
-
-    const secondCount = await runGit(repoDir, ["rev-list", "--count", "HEAD"])
-
-    expect(firstCount).toBe("1")
-    expect(secondCount).toBe("2")
-  })
-
-  test("creates a git commit for before and after snapshots", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "open-code-git-audit-"))
-    const repo = createGitAuditRepo(dir)
-    await repo.preflight()
-    await repo.captureChange({
-      server: "prod-a",
-      path: "/etc/app.conf",
-      before: "port=80\n",
-      after: "port=81\n",
-    })
-    expect(await repo.lastCommitMessage()).toContain("prod-a")
-  })
-})

package/tests/unit/build-layout.test.ts

@@ -1,28 +0,0 @@
-import { describe, expect, test } from "bun:test"
-import { readFile } from "node:fs/promises"
-
-describe("build layout", () => {
-  test("package metadata no longer declares keytar", async () => {
-    const packageJson = JSON.parse(await readFile(new URL("../../package.json", import.meta.url), "utf8"))
-
-    expect(packageJson.dependencies.keytar).toBeUndefined()
-  })
-
-  test("package metadata publishes openshell with a bin entry", async () => {
-    const packageJson = JSON.parse(await readFile(new URL("../../package.json", import.meta.url), "utf8"))
-
-    expect(packageJson.name).toBe("@junwu168/openshell")
-    expect(packageJson.private).not.toBe(true)
-    expect(packageJson.bin).toEqual({
-      openshell: "./dist/cli/openshell.js",
-    })
-  })
-
-  test("emits the package entry at dist/index.js", async () => {
-    const packageJson = JSON.parse(await readFile(new URL("../../package.json", import.meta.url), "utf8"))
-    const tsconfig = JSON.parse(await readFile(new URL("../../tsconfig.json", import.meta.url), "utf8"))
-
-    expect(packageJson.exports["."].default).toBe("./dist/index.js")
-    expect(tsconfig.compilerOptions.rootDir).toBe("src")
-  })
-})

package/tests/unit/opencode-config.test.ts

@@ -1,100 +0,0 @@
-import { afterEach, describe, expect, test } from "bun:test"
-import { mkdtemp, readFile, rm, writeFile } from "node:fs/promises"
-import { tmpdir } from "node:os"
-import { join } from "node:path"
-
-const tempDirs: string[] = []
-
-afterEach(async () => {
-  await Promise.all(tempDirs.splice(0).map((dir) => rm(dir, { recursive: true, force: true })))
-})
-
-describe("opencode config integration", () => {
-  test("install merges openshell into the global OpenCode plugin list", async () => {
-    const tempDir = await mkdtemp(join(tmpdir(), "openshell-opencode-config-"))
-    tempDirs.push(tempDir)
-    const opencodeConfigFile = join(tempDir, "opencode.json")
-    await writeFile(
-      opencodeConfigFile,
-      JSON.stringify({
-        plugin: ["existing-plugin"],
-        permission: {
-          edit: "ask",
-          bash: {
-            "kubectl *": "ask",
-          },
-        },
-      }),
-    )
-
-    const { installIntoOpenCodeConfig, defaultBashPermissions } = await import("../../src/product/opencode-config")
-    await installIntoOpenCodeConfig(opencodeConfigFile)
-
-    const merged = JSON.parse(await readFile(opencodeConfigFile, "utf8"))
-    expect(merged).toMatchObject({
-      plugin: ["existing-plugin", "@junwu168/openshell"],
-      permission: {
-        edit: "ask",
-        bash: expect.objectContaining({
-          ...defaultBashPermissions,
-          "kubectl *": "ask",
-        }),
-      },
-    })
-  })
-
-  test("uninstall removes openshell registration while preserving unrelated plugins", async () => {
-    const tempDir = await mkdtemp(join(tmpdir(), "openshell-opencode-config-"))
-    tempDirs.push(tempDir)
-    const opencodeConfigFile = join(tempDir, "opencode.json")
-    await writeFile(
-      opencodeConfigFile,
-      JSON.stringify({
-        plugin: ["existing-plugin", "@junwu168/openshell"],
-        permission: {
-          edit: "ask",
-          bash: {
-            "kubectl *": "ask",
-            "cat *": "allow",
-            "grep *": "allow",
-          },
-        },
-      }),
-    )
-
-    const { uninstallFromOpenCodeConfig } = await import("../../src/product/opencode-config")
-    await uninstallFromOpenCodeConfig(opencodeConfigFile)
-
-    const merged = JSON.parse(await readFile(opencodeConfigFile, "utf8"))
-    expect(merged.plugin).toEqual(["existing-plugin"])
-    expect(merged.permission.bash).toEqual({
-      "kubectl *": "ask",
-    })
-  })
-
-  test("uninstall removes the plugin key when openshell was the only registered plugin", async () => {
-    const tempDir = await mkdtemp(join(tmpdir(), "openshell-opencode-config-"))
-    tempDirs.push(tempDir)
-    const opencodeConfigFile = join(tempDir, "opencode.json")
-    await writeFile(
-      opencodeConfigFile,
-      JSON.stringify({
-        plugin: ["@junwu168/openshell"],
-        permission: {
-          edit: "ask",
-          bash: {
-            "*": "ask",
-            "cat *": "allow",
-          },
-        },
-      }),
-    )
-
-    const { uninstallFromOpenCodeConfig } = await import("../../src/product/opencode-config")
-    await uninstallFromOpenCodeConfig(opencodeConfigFile)
-
-    const merged = JSON.parse(await readFile(opencodeConfigFile, "utf8"))
-    expect(merged.plugin).toBeUndefined()
-    expect(merged.permission).toBeUndefined()
-  })
-})