@kya-os/mcp-i-core 1.2.3-canary.7 → 1.3.0-canary.clientinfo.20251126003544

package/src/services/__tests__/provider-resolver.test.ts

@@ -0,0 +1,217 @@
+/**
+ * Provider Resolver Tests
+ *
+ * @package @kya-os/mcp-i-core
+ */
+
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { ProviderResolver } from "../provider-resolver.js";
+import { OAuthProviderRegistry } from "../oauth-provider-registry.js";
+import { OAuthConfigService } from "../oauth-config.service.js";
+import type { ToolProtection } from "@kya-os/contracts/tool-protection";
+import type { OAuthConfig } from "@kya-os/contracts/config";
+
+describe("ProviderResolver", () => {
+  let mockConfigService: OAuthConfigService;
+  let mockRegistry: OAuthProviderRegistry;
+  let resolver: ProviderResolver;
+
+  const mockOAuthConfig: OAuthConfig = {
+    providers: {
+      github: {
+        clientId: "github_client_id",
+        authorizationUrl: "https://github.com/login/oauth/authorize",
+        tokenUrl: "https://github.com/login/oauth/access_token",
+        supportsPKCE: true,
+        requiresClientSecret: false,
+      },
+      google: {
+        clientId: "google_client_id",
+        authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+        tokenUrl: "https://oauth2.googleapis.com/token",
+        supportsPKCE: true,
+        requiresClientSecret: false,
+      },
+    },
+  };
+
+  beforeEach(() => {
+    mockConfigService = {
+      getOAuthConfig: vi.fn().mockResolvedValue(mockOAuthConfig),
+    } as any;
+
+    mockRegistry = {
+      hasProvider: vi.fn(),
+      getAllProviders: vi.fn().mockReturnValue([]),
+      getProviderNames: vi.fn().mockReturnValue([]),
+      loadFromAgentShield: vi.fn().mockResolvedValue(undefined),
+    } as any;
+
+    resolver = new ProviderResolver(mockRegistry, mockConfigService);
+  });
+
+  describe("resolveProvider - Priority 1: Tool-specific provider", () => {
+    it("should return tool-specific oauthProvider when specified", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: ["repo:read"],
+        oauthProvider: "github",
+      };
+
+      (mockRegistry.hasProvider as any).mockReturnValue(true);
+
+      const provider = await resolver.resolveProvider(
+        toolProtection,
+        "test-project"
+      );
+
+      expect(provider).toBe("github");
+      expect(mockRegistry.hasProvider).toHaveBeenCalledWith("github");
+    });
+
+    it("should throw error if tool-specific provider not configured", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: ["repo:read"],
+        oauthProvider: "nonexistent",
+      };
+
+      (mockRegistry.hasProvider as any).mockReturnValue(false);
+
+      await expect(
+        resolver.resolveProvider(toolProtection, "test-project")
+      ).rejects.toThrow(/not configured for project/);
+    });
+  });
+
+  describe("resolveProvider - Priority 2: Scope inference", () => {
+    it("should infer provider from github scope prefix", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: ["github:repo:read"],
+      };
+
+      (mockRegistry.hasProvider as any).mockImplementation((name: string) => {
+        return name === "github";
+      });
+
+      const provider = await resolver.resolveProvider(
+        toolProtection,
+        "test-project"
+      );
+
+      expect(provider).toBe("github");
+    });
+
+    it("should infer provider from gmail scope prefix (maps to google)", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: ["gmail:read"],
+      };
+
+      (mockRegistry.hasProvider as any).mockImplementation((name: string) => {
+        return name === "google";
+      });
+
+      const provider = await resolver.resolveProvider(
+        toolProtection,
+        "test-project"
+      );
+
+      expect(provider).toBe("google");
+    });
+
+    it("should return null for ambiguous scopes", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: ["github:read", "google:read"],
+      };
+
+      (mockRegistry.hasProvider as any).mockReturnValue(true);
+
+      // Should fall through to Priority 3
+      (mockRegistry.getAllProviders as any).mockReturnValue([
+        { clientId: "github_client_id" },
+      ]);
+      (mockRegistry.getProviderNames as any).mockReturnValue(["github"]);
+
+      const provider = await resolver.resolveProvider(
+        toolProtection,
+        "test-project"
+      );
+
+      // Falls back to first configured provider
+      expect(provider).toBe("github");
+    });
+  });
+
+  describe("resolveProvider - Priority 3: First configured provider", () => {
+    it("should use first configured provider as fallback", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: ["custom:scope"],
+      };
+
+      (mockRegistry.hasProvider as any).mockReturnValue(false);
+      (mockRegistry.getAllProviders as any).mockReturnValue([
+        { clientId: "github_client_id" },
+      ]);
+      (mockRegistry.getProviderNames as any).mockReturnValue(["github"]);
+
+      const consoleSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
+
+      const provider = await resolver.resolveProvider(
+        toolProtection,
+        "test-project"
+      );
+
+      expect(provider).toBe("github");
+      expect(consoleSpy).toHaveBeenCalledWith(
+        expect.stringContaining("deprecated")
+      );
+
+      consoleSpy.mockRestore();
+    });
+
+    it("should log deprecation warning when using fallback", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: [],
+      };
+
+      (mockRegistry.hasProvider as any).mockReturnValue(false);
+      (mockRegistry.getAllProviders as any).mockReturnValue([
+        { clientId: "github_client_id" },
+      ]);
+      (mockRegistry.getProviderNames as any).mockReturnValue(["github"]);
+
+      const consoleSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
+
+      await resolver.resolveProvider(toolProtection, "test-project");
+
+      expect(consoleSpy).toHaveBeenCalledWith(
+        expect.stringContaining("deprecated")
+      );
+
+      consoleSpy.mockRestore();
+    });
+  });
+
+  describe("resolveProvider - Priority 4: Error if no provider", () => {
+    it("should throw error if no provider can be resolved", async () => {
+      const toolProtection: ToolProtection = {
+        requiresDelegation: true,
+        requiredScopes: [],
+      };
+
+      (mockRegistry.hasProvider as any).mockReturnValue(false);
+      (mockRegistry.getAllProviders as any).mockReturnValue([]);
+      (mockRegistry.getProviderNames as any).mockReturnValue([]);
+
+      await expect(
+        resolver.resolveProvider(toolProtection, "test-project")
+      ).rejects.toThrow(/no provider could be resolved/);
+    });
+  });
+});
+

package/src/services/__tests__/storage.service.test.ts

@@ -0,0 +1,358 @@
+/**
+ * Unit Tests for StorageService
+ *
+ * Comprehensive test coverage for storage service factory and key helpers.
+ * Tests provider selection, key formatting, and migration utilities.
+ */
+
+import { describe, it, expect, vi } from 'vitest';
+import {
+  createStorageProviders,
+  StorageKeyHelpers,
+  migrateLegacyKeys,
+  type StorageServiceConfig,
+} from '../storage.service.js';
+import {
+  MemoryStorageProvider,
+  MemoryNonceCacheProvider,
+} from '../../providers/memory.js';
+
+describe('StorageService', () => {
+  describe('createStorageProviders', () => {
+    it('should use memory provider when no external storage configured', async () => {
+      const config: StorageServiceConfig = {
+        fallbackToMemory: true,
+      };
+
+      const providers = await createStorageProviders(config);
+
+      expect(providers.storageProvider).toBeInstanceOf(MemoryStorageProvider);
+      expect(providers.nonceCacheProvider).toBeInstanceOf(
+        MemoryNonceCacheProvider
+      );
+    });
+
+    it('should throw error when fallbackToMemory is false and no storage configured', async () => {
+      const config: StorageServiceConfig = {
+        fallbackToMemory: false,
+      };
+
+      await expect(createStorageProviders(config)).rejects.toThrow(
+        'No storage provider configured'
+      );
+    });
+
+    it('should prefer Redis over KV when both are configured', async () => {
+      const mockRedisClient = {
+        connect: vi.fn().mockResolvedValue(undefined),
+        ping: vi.fn().mockResolvedValue('PONG'),
+        get: vi.fn(),
+        set: vi.fn(),
+        setEx: vi.fn(),
+        del: vi.fn(),
+        exists: vi.fn(),
+        keys: vi.fn().mockResolvedValue([]),
+      };
+
+      // Mock redis import
+      vi.mock('redis', () => ({
+        createClient: vi.fn().mockReturnValue(mockRedisClient),
+      }));
+
+      const config: StorageServiceConfig = {
+        redisUrl: 'redis://localhost:6379',
+        kvNamespace: {
+          get: vi.fn(),
+          put: vi.fn(),
+          delete: vi.fn(),
+          list: vi.fn().mockResolvedValue({ keys: [] }),
+        },
+      };
+
+      // Note: This test would require actual Redis connection or better mocking
+      // For now, we'll test the fallback behavior
+      try {
+        const providers = await createStorageProviders(config);
+        expect(providers.storageProvider).toBeDefined();
+      } catch (error) {
+        // If Redis connection fails, should fall back to KV or memory
+        expect(error).toBeDefined();
+      }
+    });
+
+    it('should fall back to memory when Redis connection fails', async () => {
+      const config: StorageServiceConfig = {
+        redisUrl: 'redis://invalid:6379',
+        fallbackToMemory: true,
+      };
+
+      const providers = await createStorageProviders(config);
+
+      // Should fall back to memory
+      expect(providers.storageProvider).toBeInstanceOf(MemoryStorageProvider);
+    });
+
+    it('should use KV namespace when provided', async () => {
+      const mockKV = {
+        get: vi.fn().mockResolvedValue(null),
+        put: vi.fn().mockResolvedValue(undefined),
+        delete: vi.fn().mockResolvedValue(undefined),
+        list: vi.fn().mockResolvedValue({ keys: [] }),
+      };
+
+      const config: StorageServiceConfig = {
+        kvNamespace: mockKV as any,
+      };
+
+      const providers = await createStorageProviders(config);
+
+      expect(providers.storageProvider).toBeDefined();
+      expect(providers.nonceCacheProvider).toBeDefined();
+    });
+
+    it('should use Durable Object state when provided', async () => {
+      const mockDOState = {
+        storage: {
+          get: vi.fn().mockResolvedValue(undefined),
+          put: vi.fn().mockResolvedValue(undefined),
+          delete: vi.fn().mockResolvedValue(undefined),
+          list: vi.fn().mockResolvedValue(new Map()),
+        },
+      };
+
+      const config: StorageServiceConfig = {
+        durableObjectState: mockDOState as any,
+      };
+
+      const providers = await createStorageProviders(config);
+
+      expect(providers.storageProvider).toBeDefined();
+      expect(providers.nonceCacheProvider).toBeDefined();
+    });
+  });
+
+  describe('StorageKeyHelpers', () => {
+    describe('buildDelegationKey', () => {
+      it('should build delegation key with composite format', () => {
+        const key = StorageKeyHelpers.buildDelegationKey(
+          'did:key:user123',
+          'did:key:agent456',
+          'project-789'
+        );
+
+        expect(key).toBe('delegation:did:key:user123:did:key:agent456:project-789');
+      });
+
+      it('should handle special characters in DIDs', () => {
+        const key = StorageKeyHelpers.buildDelegationKey(
+          'did:web:example.com:user',
+          'did:key:z123',
+          'project-abc'
+        );
+
+        expect(key).toBe(
+          'delegation:did:web:example.com:user:did:key:z123:project-abc'
+        );
+      });
+    });
+
+    describe('buildSessionKey', () => {
+      it('should build session key', () => {
+        const key = StorageKeyHelpers.buildSessionKey('session-123');
+
+        expect(key).toBe('session:session-123');
+      });
+    });
+
+    describe('buildNonceKey', () => {
+      it('should build nonce key', () => {
+        const key = StorageKeyHelpers.buildNonceKey(
+          'did:key:z123',
+          'nonce-abc'
+        );
+
+        expect(key).toBe('nonce:did:key:z123:nonce-abc');
+      });
+    });
+
+    describe('parseDelegationKey', () => {
+      it('should parse valid delegation key', () => {
+        const key = 'delegation:did:key:user123:did:key:agent456:project-789';
+        const parsed = StorageKeyHelpers.parseDelegationKey(key);
+
+        expect(parsed).toEqual({
+          userDid: 'did:key:user123',
+          agentDid: 'did:key:agent456',
+          projectId: 'project-789',
+        });
+      });
+
+      it('should return null for invalid key format', () => {
+        const invalidKeys = [
+          'invalid-key',
+          'delegation:incomplete',
+          'session:session-123',
+          'delegation:one:two', // Not enough parts
+        ];
+
+        for (const key of invalidKeys) {
+          expect(StorageKeyHelpers.parseDelegationKey(key)).toBeNull();
+        }
+      });
+
+      it('should handle keys with extra colons in DIDs', () => {
+        const key =
+          'delegation:did:web:example.com:user:did:key:z123:project-abc';
+        const parsed = StorageKeyHelpers.parseDelegationKey(key);
+
+        expect(parsed).toEqual({
+          userDid: 'did:web:example.com:user',
+          agentDid: 'did:key:z123',
+          projectId: 'project-abc',
+        });
+      });
+    });
+  });
+
+  describe('migrateLegacyKeys', () => {
+    it('should migrate legacy keys to new format', async () => {
+      const storageProvider = new MemoryStorageProvider();
+
+      // Set up old format keys
+      await storageProvider.set('agent:did:key:z123:delegation', 'old-value-1');
+      await storageProvider.set('agent:did:key:z456:delegation', 'old-value-2');
+
+      // Migration function: convert old format to new format
+      const migrationFn = (oldKey: string) => {
+        const match = oldKey.match(/^agent:(.+):delegation$/);
+        if (!match) return null;
+
+        const agentDid = match[1];
+        // Convert to new format: delegation:userDid:agentDid:projectId
+        // For this test, we'll use a placeholder userDid and projectId
+        return StorageKeyHelpers.buildDelegationKey(
+          'did:key:user',
+          agentDid,
+          'default-project'
+        );
+      };
+
+      const migrated = await migrateLegacyKeys(
+        'agent:',
+        migrationFn,
+        storageProvider,
+        10
+      );
+
+      expect(migrated).toBe(2);
+
+      // Verify new keys exist
+      const newKey1 = StorageKeyHelpers.buildDelegationKey(
+        'did:key:user',
+        'did:key:z123',
+        'default-project'
+      );
+      const newKey2 = StorageKeyHelpers.buildDelegationKey(
+        'did:key:user',
+        'did:key:z456',
+        'default-project'
+      );
+
+      expect(await storageProvider.get(newKey1)).toBe('old-value-1');
+      expect(await storageProvider.get(newKey2)).toBe('old-value-2');
+    });
+
+    it('should skip keys that already exist in new format', async () => {
+      const storageProvider = new MemoryStorageProvider();
+
+      const oldKey = 'agent:did:key:z123:delegation';
+      const newKey = StorageKeyHelpers.buildDelegationKey(
+        'did:key:user',
+        'did:key:z123',
+        'default-project'
+      );
+
+      // Set both old and new keys
+      await storageProvider.set(oldKey, 'old-value');
+      await storageProvider.set(newKey, 'new-value');
+
+      const migrationFn = (oldKey: string) => {
+        const match = oldKey.match(/^agent:(.+):delegation$/);
+        if (!match) return null;
+        return StorageKeyHelpers.buildDelegationKey(
+          'did:key:user',
+          match[1],
+          'default-project'
+        );
+      };
+
+      const migrated = await migrateLegacyKeys(
+        'agent:',
+        migrationFn,
+        storageProvider
+      );
+
+      // Should skip since new key already exists
+      expect(migrated).toBe(0);
+      // Old value should remain unchanged
+      expect(await storageProvider.get(newKey)).toBe('new-value');
+    });
+
+    it('should handle migration function returning null', async () => {
+      const storageProvider = new MemoryStorageProvider();
+
+      await storageProvider.set('agent:did:key:z123:delegation', 'value');
+      await storageProvider.set('invalid-key', 'value');
+
+      const migrationFn = (oldKey: string) => {
+        // Only migrate agent: keys, return null for others
+        if (oldKey.startsWith('agent:')) {
+          return StorageKeyHelpers.buildDelegationKey(
+            'did:key:user',
+            'did:key:z123',
+            'default-project'
+          );
+        }
+        return null;
+      };
+
+      const migrated = await migrateLegacyKeys(
+        '',
+        migrationFn,
+        storageProvider
+      );
+
+      // Should only migrate valid keys
+      expect(migrated).toBeGreaterThan(0);
+    });
+
+    it('should handle batch size limit', async () => {
+      const storageProvider = new MemoryStorageProvider();
+
+      // Create many old keys
+      for (let i = 0; i < 50; i++) {
+        await storageProvider.set(`agent:did:key:z${i}:delegation`, `value-${i}`);
+      }
+
+      const migrationFn = (oldKey: string) => {
+        const match = oldKey.match(/^agent:did:key:z(\d+):delegation$/);
+        if (!match) return null;
+        return StorageKeyHelpers.buildDelegationKey(
+          'did:key:user',
+          `did:key:z${match[1]}`,
+          'default-project'
+        );
+      };
+
+      const migrated = await migrateLegacyKeys(
+        'agent:',
+        migrationFn,
+        storageProvider,
+        10 // Small batch size
+      );
+
+      expect(migrated).toBe(50);
+    });
+  });
+});
+