@kodelyth/msteams 2026.5.42 → 2026.6.1

package/src/pending-uploads-fs.test.ts

@@ -1,261 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { prepareFileConsentActivityFs } from "./file-consent-helpers.js";
-import {
-  getPendingUploadFs,
-  removePendingUploadFs,
-  setPendingUploadActivityIdFs,
-  storePendingUploadFs,
-} from "./pending-uploads-fs.js";
-import { clearPendingUploads } from "./pending-uploads.js";
-import { setMSTeamsRuntime } from "./runtime.js";
-import { msteamsRuntimeStub } from "./test-runtime.js";
-
-// Track temp dirs created by each test so afterEach can clean them up.
-const createdTempDirs: string[] = [];
-
-async function makeTempStateDir(): Promise<string> {
-  const dir = await fs.promises.mkdtemp(path.join(os.tmpdir(), "klaw-msteams-pending-"));
-  createdTempDirs.push(dir);
-  return dir;
-}
-
-function makeEnv(stateDir: string): NodeJS.ProcessEnv {
-  return { ...process.env, KLAW_STATE_DIR: stateDir };
-}
-
-async function requirePendingUpload(id: string, env: NodeJS.ProcessEnv) {
-  const upload = await getPendingUploadFs(id, { env });
-  if (!upload) {
-    throw new Error(`expected pending upload ${id}`);
-  }
-  return upload;
-}
-
-async function cleanupTempDirs(): Promise<void> {
-  while (createdTempDirs.length > 0) {
-    const dir = createdTempDirs.pop();
-    if (!dir) {
-      continue;
-    }
-    try {
-      await fs.promises.rm(dir, { recursive: true, force: true });
-    } catch {
-      // tmp dir may already be gone
-    }
-  }
-}
-
-describe("msteams pending uploads (fs-backed)", () => {
-  beforeEach(() => {
-    setMSTeamsRuntime(msteamsRuntimeStub);
-    clearPendingUploads();
-  });
-
-  afterEach(async () => {
-    await cleanupTempDirs();
-    vi.useRealTimers();
-  });
-
-  it("stores and retrieves a pending upload by id", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-
-    await storePendingUploadFs(
-      {
-        id: "upload-1",
-        buffer: Buffer.from("hello world"),
-        filename: "greeting.txt",
-        contentType: "text/plain",
-        conversationId: "19:conv@thread.v2",
-      },
-      { env },
-    );
-
-    const loaded = await requirePendingUpload("upload-1", env);
-    expect(loaded.id).toBe("upload-1");
-    expect(loaded.filename).toBe("greeting.txt");
-    expect(loaded.contentType).toBe("text/plain");
-    expect(loaded.conversationId).toBe("19:conv@thread.v2");
-    expect(loaded.buffer.toString("utf8")).toBe("hello world");
-  });
-
-  it("returns undefined for missing and undefined ids", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-
-    expect(await getPendingUploadFs(undefined, { env })).toBeUndefined();
-    expect(await getPendingUploadFs("does-not-exist", { env })).toBeUndefined();
-  });
-
-  it("persists so another reader finds the entry (simulates cross-process)", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-
-    // First "process": writer
-    await storePendingUploadFs(
-      {
-        id: "upload-x",
-        buffer: Buffer.from("top secret"),
-        filename: "secret.bin",
-        conversationId: "19:conv@thread.v2",
-      },
-      { env },
-    );
-
-    // Confirm the backing file actually exists on disk with expected shape
-    const storePath = path.join(stateDir, "msteams-pending-uploads.json");
-    const raw = await fs.promises.readFile(storePath, "utf-8");
-    const parsed = JSON.parse(raw) as {
-      version: number;
-      uploads: Record<string, { bufferBase64: string; filename: string }>;
-    };
-    expect(parsed.version).toBe(1);
-    expect(parsed.uploads["upload-x"]?.filename).toBe("secret.bin");
-    expect(Buffer.from(parsed.uploads["upload-x"].bufferBase64, "base64").toString("utf8")).toBe(
-      "top secret",
-    );
-
-    // Second "process": reader using the same state dir
-    const reader = await getPendingUploadFs("upload-x", { env });
-    expect(reader?.buffer.toString("utf8")).toBe("top secret");
-    expect(reader?.filename).toBe("secret.bin");
-  });
-
-  it("removes persisted entries", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-
-    await storePendingUploadFs(
-      {
-        id: "upload-rm",
-        buffer: Buffer.from("x"),
-        filename: "rm.bin",
-        conversationId: "19:conv@thread.v2",
-      },
-      { env },
-    );
-    const loaded = await requirePendingUpload("upload-rm", env);
-    expect(loaded.id).toBe("upload-rm");
-    expect(loaded.filename).toBe("rm.bin");
-    expect(loaded.contentType).toBeUndefined();
-    expect(loaded.conversationId).toBe("19:conv@thread.v2");
-    expect(loaded.consentCardActivityId).toBeUndefined();
-    expect(loaded.buffer.toString("utf8")).toBe("x");
-    expect(Number.isFinite(loaded.createdAt)).toBe(true);
-
-    await removePendingUploadFs("upload-rm", { env });
-    expect(await getPendingUploadFs("upload-rm", { env })).toBeUndefined();
-  });
-
-  it("remove is a no-op for unknown ids", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-
-    await expect(removePendingUploadFs("never-existed", { env })).resolves.toBeUndefined();
-    await expect(removePendingUploadFs(undefined, { env })).resolves.toBeUndefined();
-  });
-
-  it("expires entries past their ttl on read", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-    const now = new Date("2026-05-08T00:00:00.000Z");
-    vi.useFakeTimers({ now });
-
-    await storePendingUploadFs(
-      {
-        id: "upload-old",
-        buffer: Buffer.from("stale"),
-        filename: "stale.txt",
-        conversationId: "19:conv@thread.v2",
-      },
-      { env, ttlMs: 1 },
-    );
-    vi.setSystemTime(now.getTime() + 2);
-    expect(await getPendingUploadFs("upload-old", { env, ttlMs: 1 })).toBeUndefined();
-  });
-
-  it("updates consent card activity id on an existing entry", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-
-    await storePendingUploadFs(
-      {
-        id: "upload-a",
-        buffer: Buffer.from("payload"),
-        filename: "f.txt",
-        conversationId: "19:conv@thread.v2",
-      },
-      { env },
-    );
-
-    await setPendingUploadActivityIdFs("upload-a", "activity-xyz", { env });
-    const loaded = await getPendingUploadFs("upload-a", { env });
-    expect(loaded?.consentCardActivityId).toBe("activity-xyz");
-  });
-
-  it("ignores malformed or empty store files and returns undefined", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-    const storePath = path.join(stateDir, "msteams-pending-uploads.json");
-    await fs.promises.writeFile(storePath, "not valid json", "utf-8");
-
-    // Should not throw and should treat as empty
-    expect(await getPendingUploadFs("anything", { env })).toBeUndefined();
-
-    await fs.promises.writeFile(storePath, JSON.stringify({ version: 2, uploads: {} }), "utf-8");
-    expect(await getPendingUploadFs("anything", { env })).toBeUndefined();
-  });
-});
-
-describe("prepareFileConsentActivityFs end-to-end", () => {
-  beforeEach(() => {
-    setMSTeamsRuntime(msteamsRuntimeStub);
-    clearPendingUploads();
-  });
-
-  afterEach(async () => {
-    await cleanupTempDirs();
-  });
-
-  it("writes the pending upload to the fs store with the same id as the card", async () => {
-    const stateDir = await makeTempStateDir();
-    const env = makeEnv(stateDir);
-    // Redirect state dir via env so the helper's FS writes land under our tmp
-    const originalEnv = process.env.KLAW_STATE_DIR;
-    process.env.KLAW_STATE_DIR = stateDir;
-
-    try {
-      const result = await prepareFileConsentActivityFs({
-        media: {
-          buffer: Buffer.from("cli file"),
-          filename: "cli.bin",
-          contentType: "application/octet-stream",
-        },
-        conversationId: "19:victim@thread.v2",
-        description: "Sent via CLI",
-      });
-
-      expect(result.uploadId).toMatch(/[0-9a-f-]/);
-      const attachments = result.activity.attachments as Array<Record<string, unknown>>;
-      expect(attachments).toHaveLength(1);
-      const content = attachments[0]?.content as { acceptContext: { uploadId: string } };
-      expect(content.acceptContext.uploadId).toBe(result.uploadId);
-
-      // Reader in (simulated) other process finds the entry under the same key
-      const loaded = await requirePendingUpload(result.uploadId, env);
-      expect(loaded.filename).toBe("cli.bin");
-      expect(loaded.contentType).toBe("application/octet-stream");
-      expect(loaded.conversationId).toBe("19:victim@thread.v2");
-      expect(loaded.buffer.toString("utf8")).toBe("cli file");
-    } finally {
-      if (originalEnv === undefined) {
-        delete process.env.KLAW_STATE_DIR;
-      } else {
-        process.env.KLAW_STATE_DIR = originalEnv;
-      }
-    }
-  });
-});

package/src/pending-uploads-fs.ts

@@ -1,235 +0,0 @@
-/**
- * Filesystem-backed pending upload store for the FileConsentCard flow.
- *
- * The CLI `message send --media` path runs in a different process from the
- * gateway's bot monitor that receives the `fileConsent/invoke` callback.
- * An in-memory `pending-uploads.ts` store cannot bridge those processes, so
- * when the user clicks "Allow" the monitor handler's lookup misses and the
- * user sees "card action not supported".
- *
- * This FS store persists pending uploads to a JSON file (with the file buffer
- * base64-encoded) so any process that shares the Klaw state dir can read
- * them back. The in-memory store in `pending-uploads.ts` is still the fast
- * path for same-process flows (for example the messenger reply path); this FS
- * store is a cross-process fallback.
- */
-
-import { resolveMSTeamsStorePath } from "./storage.js";
-import { readJsonFile, withFileLock, writeJsonFile } from "./store-fs.js";
-
-/** TTL for persisted pending uploads (matches in-memory store). */
-const PENDING_UPLOAD_TTL_MS = 5 * 60 * 1000;
-
-/** Cap to avoid unbounded growth if a process crashes mid-flow. */
-const MAX_PENDING_UPLOADS = 100;
-
-const STORE_FILENAME = "msteams-pending-uploads.json";
-
-type PendingUploadFsRecord = {
-  id: string;
-  bufferBase64: string;
-  filename: string;
-  contentType?: string;
-  conversationId: string;
-  /** Activity ID of the original FileConsentCard, used to replace it after upload */
-  consentCardActivityId?: string;
-  createdAt: number;
-};
-
-type PendingUploadFs = {
-  id: string;
-  buffer: Buffer;
-  filename: string;
-  contentType?: string;
-  conversationId: string;
-  consentCardActivityId?: string;
-  createdAt: number;
-};
-
-type PendingUploadStoreData = {
-  version: 1;
-  uploads: Record<string, PendingUploadFsRecord>;
-};
-
-const empty: PendingUploadStoreData = { version: 1, uploads: {} };
-
-type PendingUploadsFsOptions = {
-  env?: NodeJS.ProcessEnv;
-  homedir?: () => string;
-  stateDir?: string;
-  storePath?: string;
-  ttlMs?: number;
-};
-
-function resolveFilePath(options: PendingUploadsFsOptions | undefined): string {
-  return resolveMSTeamsStorePath({
-    filename: STORE_FILENAME,
-    env: options?.env,
-    homedir: options?.homedir,
-    stateDir: options?.stateDir,
-    storePath: options?.storePath,
-  });
-}
-
-function pruneExpired(
-  uploads: Record<string, PendingUploadFsRecord>,
-  nowMs: number,
-  ttlMs: number,
-): Record<string, PendingUploadFsRecord> {
-  const kept: Record<string, PendingUploadFsRecord> = {};
-  for (const [id, record] of Object.entries(uploads)) {
-    if (nowMs - record.createdAt <= ttlMs) {
-      kept[id] = record;
-    }
-  }
-  return kept;
-}
-
-function pruneToLimit(
-  uploads: Record<string, PendingUploadFsRecord>,
-): Record<string, PendingUploadFsRecord> {
-  const entries = Object.entries(uploads);
-  if (entries.length <= MAX_PENDING_UPLOADS) {
-    return uploads;
-  }
-  // Oldest createdAt first; drop the oldest until we fit.
-  entries.sort((a, b) => a[1].createdAt - b[1].createdAt);
-  const keep = entries.slice(entries.length - MAX_PENDING_UPLOADS);
-  return Object.fromEntries(keep);
-}
-
-function recordToUpload(record: PendingUploadFsRecord): PendingUploadFs {
-  return {
-    id: record.id,
-    buffer: Buffer.from(record.bufferBase64, "base64"),
-    filename: record.filename,
-    contentType: record.contentType,
-    conversationId: record.conversationId,
-    consentCardActivityId: record.consentCardActivityId,
-    createdAt: record.createdAt,
-  };
-}
-
-function isValidStore(value: unknown): value is PendingUploadStoreData {
-  if (!value || typeof value !== "object") {
-    return false;
-  }
-  const candidate = value as Partial<PendingUploadStoreData>;
-  return (
-    candidate.version === 1 &&
-    typeof candidate.uploads === "object" &&
-    candidate.uploads !== null &&
-    !Array.isArray(candidate.uploads)
-  );
-}
-
-async function readStore(filePath: string, ttlMs: number): Promise<PendingUploadStoreData> {
-  const { value } = await readJsonFile<unknown>(filePath, empty);
-  if (!isValidStore(value)) {
-    return { version: 1, uploads: {} };
-  }
-  const uploads = pruneToLimit(pruneExpired(value.uploads, Date.now(), ttlMs));
-  return { version: 1, uploads };
-}
-
-/**
- * Persist a pending upload record so another process can read it back.
- * Pass in the pre-generated id (same as the one placed in the consent card
- * context) so the in-memory and FS stores share the same key.
- */
-export async function storePendingUploadFs(
-  upload: {
-    id: string;
-    buffer: Buffer;
-    filename: string;
-    contentType?: string;
-    conversationId: string;
-    consentCardActivityId?: string;
-  },
-  options?: PendingUploadsFsOptions,
-): Promise<void> {
-  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
-  const filePath = resolveFilePath(options);
-  await withFileLock(filePath, empty, async () => {
-    const store = await readStore(filePath, ttlMs);
-    store.uploads[upload.id] = {
-      id: upload.id,
-      bufferBase64: upload.buffer.toString("base64"),
-      filename: upload.filename,
-      contentType: upload.contentType,
-      conversationId: upload.conversationId,
-      consentCardActivityId: upload.consentCardActivityId,
-      createdAt: Date.now(),
-    };
-    store.uploads = pruneToLimit(pruneExpired(store.uploads, Date.now(), ttlMs));
-    await writeJsonFile(filePath, store);
-  });
-}
-
-/**
- * Retrieve a persisted pending upload. Expired entries are treated as absent.
- */
-export async function getPendingUploadFs(
-  id: string | undefined,
-  options?: PendingUploadsFsOptions,
-): Promise<PendingUploadFs | undefined> {
-  if (!id) {
-    return undefined;
-  }
-  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
-  const filePath = resolveFilePath(options);
-  const store = await readStore(filePath, ttlMs);
-  const record = store.uploads[id];
-  if (!record) {
-    return undefined;
-  }
-  if (Date.now() - record.createdAt > ttlMs) {
-    return undefined;
-  }
-  return recordToUpload(record);
-}
-
-/**
- * Remove a persisted pending upload (after successful upload or decline).
- * No-op if the entry is already gone.
- */
-export async function removePendingUploadFs(
-  id: string | undefined,
-  options?: PendingUploadsFsOptions,
-): Promise<void> {
-  if (!id) {
-    return;
-  }
-  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
-  const filePath = resolveFilePath(options);
-  await withFileLock(filePath, empty, async () => {
-    const store = await readStore(filePath, ttlMs);
-    if (!(id in store.uploads)) {
-      return;
-    }
-    delete store.uploads[id];
-    await writeJsonFile(filePath, store);
-  });
-}
-
-/**
- * Set the consent card activity ID on a persisted entry. Called after the
- * FileConsentCard activity is sent and we know its message id.
- */
-export async function setPendingUploadActivityIdFs(
-  id: string,
-  activityId: string,
-  options?: PendingUploadsFsOptions,
-): Promise<void> {
-  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
-  const filePath = resolveFilePath(options);
-  await withFileLock(filePath, empty, async () => {
-    const store = await readStore(filePath, ttlMs);
-    const record = store.uploads[id];
-    if (!record) {
-      return;
-    }
-    record.consentCardActivityId = activityId;
-    await writeJsonFile(filePath, store);
-  });
-}

package/src/pending-uploads.test.ts

@@ -1,186 +0,0 @@
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import {
-  clearPendingUploads,
-  getPendingUpload,
-  getPendingUploadCount,
-  removePendingUpload,
-  setPendingUploadActivityId,
-  storePendingUpload,
-} from "./pending-uploads.js";
-
-function requirePendingUpload(id: string) {
-  const upload = getPendingUpload(id);
-  if (!upload) {
-    throw new Error(`expected pending upload ${id}`);
-  }
-  return upload;
-}
-
-describe("pending-uploads", () => {
-  beforeEach(() => {
-    vi.useFakeTimers();
-    clearPendingUploads();
-  });
-
-  afterEach(() => {
-    clearPendingUploads();
-    vi.useRealTimers();
-  });
-
-  describe("storePendingUpload", () => {
-    it("stores and retrieves a pending upload", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        contentType: "text/plain",
-        conversationId: "conv-1",
-      });
-
-      const upload = requirePendingUpload(id);
-      expect(upload.id).toBe(id);
-      expect(upload.buffer.toString()).toBe("data");
-      expect(upload.filename).toBe("file.txt");
-      expect(upload.contentType).toBe("text/plain");
-      expect(upload.conversationId).toBe("conv-1");
-      expect(upload.createdAt).toBe(Date.now());
-    });
-
-    it("stores consentCardActivityId when provided", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-        consentCardActivityId: "activity-abc",
-      });
-
-      const upload = getPendingUpload(id);
-      expect(upload?.consentCardActivityId).toBe("activity-abc");
-    });
-
-    it("stores without consentCardActivityId when not provided", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-      });
-
-      const upload = getPendingUpload(id);
-      expect(upload?.consentCardActivityId).toBeUndefined();
-    });
-
-    it("auto-removes entry after TTL expires", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-      });
-
-      expect(requirePendingUpload(id).filename).toBe("file.txt");
-      vi.advanceTimersByTime(5 * 60 * 1000 + 1);
-      // After TTL the in-memory check also gates access
-      expect(getPendingUpload(id)).toBeUndefined();
-    });
-  });
-
-  describe("removePendingUpload", () => {
-    it("removes the entry immediately", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-      });
-
-      removePendingUpload(id);
-      expect(getPendingUpload(id)).toBeUndefined();
-    });
-
-    it("clears the TTL timer so it does not fire after explicit removal", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-      });
-
-      expect(getPendingUploadCount()).toBe(1);
-      removePendingUpload(id);
-      expect(getPendingUploadCount()).toBe(0);
-
-      // Advance past TTL — timer should have been cleared and count stays 0
-      vi.advanceTimersByTime(5 * 60 * 1000 + 1);
-      expect(getPendingUploadCount()).toBe(0);
-    });
-
-    it("leaves existing uploads untouched for undefined id", () => {
-      storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-      });
-
-      removePendingUpload(undefined);
-      expect(getPendingUploadCount()).toBe(1);
-    });
-
-    it("leaves the store empty for unknown ids", () => {
-      removePendingUpload("non-existent-id");
-      expect(getPendingUploadCount()).toBe(0);
-    });
-  });
-
-  describe("clearPendingUploads", () => {
-    it("removes all entries and cancels timers", () => {
-      storePendingUpload({ buffer: Buffer.from("a"), filename: "a.txt", conversationId: "c1" });
-      storePendingUpload({ buffer: Buffer.from("b"), filename: "b.txt", conversationId: "c2" });
-      expect(getPendingUploadCount()).toBe(2);
-
-      clearPendingUploads();
-      expect(getPendingUploadCount()).toBe(0);
-
-      // TTL timers should have been cleared — no side-effects after advance
-      vi.advanceTimersByTime(5 * 60 * 1000 + 1);
-      expect(getPendingUploadCount()).toBe(0);
-    });
-  });
-
-  describe("setPendingUploadActivityId", () => {
-    it("sets the consentCardActivityId on an existing upload", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-      });
-
-      expect(getPendingUpload(id)?.consentCardActivityId).toBeUndefined();
-
-      setPendingUploadActivityId(id, "activity-xyz");
-      expect(getPendingUpload(id)?.consentCardActivityId).toBe("activity-xyz");
-    });
-
-    it("leaves the store empty for unknown upload ids", () => {
-      setPendingUploadActivityId("non-existent", "activity-xyz");
-      expect(getPendingUploadCount()).toBe(0);
-    });
-  });
-
-  describe("getPendingUpload", () => {
-    it("returns undefined for undefined id", () => {
-      expect(getPendingUpload(undefined)).toBeUndefined();
-    });
-
-    it("returns undefined for unknown id", () => {
-      expect(getPendingUpload("no-such-id")).toBeUndefined();
-    });
-
-    it("returns undefined when entry is past TTL but timer has not yet fired", () => {
-      const id = storePendingUpload({
-        buffer: Buffer.from("data"),
-        filename: "file.txt",
-        conversationId: "conv-1",
-      });
-
-      // Manually advance time without firing timers to simulate stale entry
-      vi.setSystemTime(Date.now() + 5 * 60 * 1000 + 1);
-      expect(getPendingUpload(id)).toBeUndefined();
-    });
-  });
-});