@lobu/core 3.0.12 → 3.0.13

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobu/core",
-  "version": "3.0.12",
+  "version": "3.0.13",
   "license": "Apache-2.0",
   "description": "Core types and utilities for Lobu agent platform",
   "main": "dist/index.js",
@@ -8,12 +8,12 @@
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
-      "bun": "./dist/index.js",
+      "bun": "./src/index.ts",
       "import": "./dist/index.js",
       "require": "./dist/index.js"
     },
     "./testing": {
-      "bun": "./dist/__tests__/fixtures/index.js"
+      "bun": "./src/__tests__/fixtures/index.ts"
     }
   },
   "scripts": {

package/src/__tests__/encryption.test.ts

@@ -0,0 +1,103 @@
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { decrypt, encrypt } from "../utils/encryption";
+
+describe("encryption", () => {
+  let originalKey: string | undefined;
+
+  beforeEach(() => {
+    originalKey = process.env.ENCRYPTION_KEY;
+    // 32-byte hex key
+    process.env.ENCRYPTION_KEY =
+      "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+  });
+
+  afterEach(() => {
+    if (originalKey !== undefined) {
+      process.env.ENCRYPTION_KEY = originalKey;
+    } else {
+      delete process.env.ENCRYPTION_KEY;
+    }
+  });
+
+  test("encrypt/decrypt round-trip preserves plaintext", () => {
+    const plaintext = "hello world";
+    const encrypted = encrypt(plaintext);
+    expect(decrypt(encrypted)).toBe(plaintext);
+  });
+
+  test("encrypt/decrypt works with empty string", () => {
+    const encrypted = encrypt("");
+    expect(decrypt(encrypted)).toBe("");
+  });
+
+  test("encrypt/decrypt works with unicode", () => {
+    const text = "こんにちは 🌍 émojis";
+    expect(decrypt(encrypt(text))).toBe(text);
+  });
+
+  test("encrypt/decrypt works with long text", () => {
+    const text = "x".repeat(10_000);
+    expect(decrypt(encrypt(text))).toBe(text);
+  });
+
+  test("each encryption produces different ciphertext (random IV)", () => {
+    const plaintext = "same input";
+    const a = encrypt(plaintext);
+    const b = encrypt(plaintext);
+    expect(a).not.toBe(b);
+    // Both should still decrypt to the same value
+    expect(decrypt(a)).toBe(plaintext);
+    expect(decrypt(b)).toBe(plaintext);
+  });
+
+  test("encrypted format is iv:tag:ciphertext (3 hex parts)", () => {
+    const encrypted = encrypt("test");
+    const parts = encrypted.split(":");
+    expect(parts).toHaveLength(3);
+    // Each part should be valid hex
+    for (const part of parts) {
+      expect(part).toMatch(/^[0-9a-f]+$/);
+    }
+  });
+
+  test("decrypt throws on invalid format (wrong number of parts)", () => {
+    expect(() => decrypt("only-one-part")).toThrow("Invalid encrypted format");
+    expect(() => decrypt("a:b")).toThrow("Invalid encrypted format");
+    expect(() => decrypt("a:b:c:d")).toThrow("Invalid encrypted format");
+  });
+
+  test("decrypt throws on tampered ciphertext", () => {
+    const encrypted = encrypt("secret");
+    const parts = encrypted.split(":");
+    // Tamper with the ciphertext
+    parts[2] = "ff".repeat(parts[2]!.length / 2);
+    expect(() => decrypt(parts.join(":"))).toThrow();
+  });
+
+  test("throws when ENCRYPTION_KEY is missing", () => {
+    delete process.env.ENCRYPTION_KEY;
+    expect(() => encrypt("test")).toThrow(
+      "ENCRYPTION_KEY environment variable is required"
+    );
+  });
+
+  test("throws when ENCRYPTION_KEY has wrong length", () => {
+    process.env.ENCRYPTION_KEY = "too-short";
+    expect(() => encrypt("test")).toThrow("base64 or hex encoded 32-byte key");
+  });
+
+  test("accepts base64-encoded 32-byte key", () => {
+    // 32 bytes → 44 chars in base64
+    process.env.ENCRYPTION_KEY = Buffer.alloc(32, 7).toString("base64");
+    const encrypted = encrypt("base64 key test");
+    expect(decrypt(encrypted)).toBe("base64 key test");
+  });
+
+  test("rejects utf8 32-byte key (only base64 and hex accepted)", () => {
+    process.env.ENCRYPTION_KEY = "abcdefghijklmnopqrstuvwxyz012345";
+    // 32 ASCII chars = 32 bytes in utf8, but utf8 keys are no longer accepted
+    expect(() => encrypt("utf8 key test")).toThrow(
+      "base64 or hex encoded 32-byte key"
+    );
+  });
+});

package/src/__tests__/fixtures/factories.ts

@@ -0,0 +1,76 @@
+/**
+ * Shared factory functions for test data.
+ *
+ * All factories accept a partial override object so tests only specify
+ * the fields they care about while getting sensible defaults for the rest.
+ */
+
+import type { InstructionContext } from "../../types";
+
+// Re-export WorkerConfig shape (worker package owns the interface).
+// We duplicate a minimal version here to avoid a circular dependency.
+export interface TestWorkerConfig {
+  sessionKey: string;
+  userId: string;
+  agentId: string;
+  channelId: string;
+  conversationId: string;
+  userPrompt: string;
+  responseChannel: string;
+  responseId: string;
+  platform: string;
+  agentOptions: string;
+  teamId?: string;
+  workspace: { baseDirectory: string };
+}
+
+export function createWorkerConfig(
+  overrides: Partial<TestWorkerConfig> = {}
+): TestWorkerConfig {
+  return {
+    sessionKey: "test-session-key",
+    userId: "U1234567890",
+    agentId: "agent-test",
+    channelId: "C1234567890",
+    conversationId: "1234567890.123456",
+    userPrompt: Buffer.from("Test user prompt").toString("base64"),
+    responseChannel: "C1234567890",
+    responseId: "1234567890.123457",
+    platform: "slack",
+    agentOptions: JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      max_tokens: 8192,
+    }),
+    teamId: "T1234567890",
+    workspace: { baseDirectory: "/tmp/test-workspace" },
+    ...overrides,
+  };
+}
+
+export function createInstructionContext(
+  overrides: Partial<InstructionContext> = {}
+): InstructionContext {
+  return {
+    userId: "U1234567890",
+    agentId: "agent-test",
+    sessionKey: "test-session-key",
+    workingDirectory: "/tmp/test-workspace/test-thread",
+    availableProjects: [],
+    ...overrides,
+  };
+}
+
+export function createMockJob(overrides: Record<string, any> = {}): {
+  id: string;
+  data: Record<string, any>;
+} {
+  return {
+    id: `job-${Date.now()}-${Math.random().toString(36).substring(7)}`,
+    data: {
+      sessionKey: "test-session-key",
+      userId: "U123",
+      prompt: "test prompt",
+      ...overrides,
+    },
+  };
+}

package/src/__tests__/fixtures/index.ts

@@ -0,0 +1,9 @@
+export {
+  createInstructionContext,
+  createMockJob,
+  createWorkerConfig,
+  type TestWorkerConfig,
+} from "./factories";
+export { mockFetch } from "./mock-fetch";
+export { MockMessageQueue } from "./mock-queue";
+export { MockRedisClient } from "./mock-redis";

package/src/__tests__/fixtures/mock-fetch.ts

@@ -0,0 +1,32 @@
+/**
+ * Unified fetch mock for testing.
+ * Replaces TestHelpers.mockFetch from worker setup.ts.
+ */
+
+/**
+ * Install a mock global.fetch that returns pre-configured responses.
+ * Returns a cleanup function that restores the original fetch.
+ *
+ * @param responses - Map of URL → response body (JSON-serialisable).
+ *                    Unmatched URLs return `{ success: true }`.
+ */
+export function mockFetch(responses: Record<string, any> = {}): () => void {
+  const originalFetch = globalThis.fetch;
+
+  globalThis.fetch = (async (
+    url: string | URL | Request,
+    _options?: RequestInit
+  ) => {
+    const urlString = url instanceof Request ? url.url : url.toString();
+
+    const body = responses[urlString] ?? { success: true };
+    return new Response(JSON.stringify(body), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }) as typeof fetch;
+
+  return () => {
+    globalThis.fetch = originalFetch;
+  };
+}

package/src/__tests__/fixtures/mock-queue.ts

@@ -0,0 +1,50 @@
+/**
+ * Unified mock message queue for testing.
+ * Replaces MockMessageQueue from gateway setup.ts.
+ */
+
+import { MockRedisClient } from "./mock-redis";
+
+export class MockMessageQueue {
+  private queues = new Map<string, any[]>();
+  private workers = new Map<string, (job: any) => Promise<void>>();
+  private redisClient = new MockRedisClient();
+
+  async createQueue(queueName: string): Promise<void> {
+    if (!this.queues.has(queueName)) {
+      this.queues.set(queueName, []);
+    }
+  }
+
+  async work(
+    queueName: string,
+    handler: (job: any) => Promise<void>,
+    _options?: { startPaused?: boolean }
+  ): Promise<void> {
+    this.workers.set(queueName, handler);
+  }
+
+  async addJob(queueName: string, job: any): Promise<void> {
+    const queue = this.queues.get(queueName);
+    if (!queue) throw new Error(`Queue ${queueName} does not exist`);
+    queue.push(job);
+
+    const handler = this.workers.get(queueName);
+    if (handler) await handler(job);
+  }
+
+  getRedisClient(): MockRedisClient {
+    return this.redisClient;
+  }
+
+  // --- Test helpers ---
+
+  getQueue(queueName: string): any[] | undefined {
+    return this.queues.get(queueName);
+  }
+
+  clearQueues(): void {
+    this.queues.clear();
+    this.workers.clear();
+  }
+}

package/src/__tests__/fixtures/mock-redis.ts

@@ -0,0 +1,300 @@
+/**
+ * Unified in-memory Redis mock for testing.
+ *
+ * Replaces three duplicated implementations:
+ *   - MockRedisClient in gateway setup.ts
+ *   - FakeRedis in system-message-limiter.test.ts
+ *   - queue mock getRedisClient
+ *
+ * Supports string, set, list, and hash operations with TTL tracking.
+ */
+
+type SetMode = "NX" | undefined;
+
+export class MockRedisClient {
+  private store = new Map<string, { value: string; ttl?: number }>();
+  private sets = new Map<string, Set<string>>();
+  private lists = new Map<string, string[]>();
+  private currentTime = Date.now();
+
+  // --- String operations ---
+
+  async exists(key: string): Promise<number> {
+    const entry = this.store.get(key);
+    if (!entry) return 0;
+    if (entry.ttl && entry.ttl < this.currentTime) {
+      this.store.delete(key);
+      return 0;
+    }
+    return 1;
+  }
+
+  async get(key: string): Promise<string | null> {
+    const entry = this.store.get(key);
+    if (!entry) return null;
+    if (entry.ttl && entry.ttl < this.currentTime) {
+      this.store.delete(key);
+      return null;
+    }
+    return entry.value;
+  }
+
+  /**
+   * ioredis-compatible set with optional EX / NX flags.
+   * Supports: set(key, value), set(key, value, "EX", sec), set(key, value, "EX", sec, "NX")
+   */
+  async set(
+    key: string,
+    value: string,
+    exTokenOrTtl?: "EX" | number,
+    exSeconds?: number,
+    mode?: SetMode
+  ): Promise<"OK" | null> {
+    // NX check must be synchronous to avoid TOCTOU race
+    if (mode === "NX") {
+      const entry = this.store.get(key);
+      const alive = entry && (!entry.ttl || entry.ttl >= this.currentTime);
+      if (alive) return null;
+    }
+
+    let ttl: number | undefined;
+    if (exTokenOrTtl === "EX" && typeof exSeconds === "number") {
+      ttl = this.currentTime + exSeconds * 1000;
+    } else if (typeof exTokenOrTtl === "number") {
+      ttl = this.currentTime + exTokenOrTtl * 1000;
+    }
+
+    this.store.set(key, { value, ttl });
+    return "OK";
+  }
+
+  async setex(key: string, ttlSeconds: number, value: string): Promise<void> {
+    const ttl = this.currentTime + ttlSeconds * 1000;
+    this.store.set(key, { value, ttl });
+  }
+
+  async incr(key: string): Promise<number> {
+    const current = await this.get(key);
+    const nextValue = (current ? Number.parseInt(current, 10) : 0) + 1;
+    const entry = this.store.get(key);
+    this.store.set(key, {
+      value: String(nextValue),
+      ttl: entry?.ttl,
+    });
+    return nextValue;
+  }
+
+  async del(...keys: string[]): Promise<number> {
+    let deleted = 0;
+    for (const key of keys) {
+      const existed =
+        this.store.has(key) || this.sets.has(key) || this.lists.has(key);
+      this.store.delete(key);
+      this.sets.delete(key);
+      this.lists.delete(key);
+      if (existed) deleted++;
+    }
+    return deleted;
+  }
+
+  async getdel(key: string): Promise<string | null> {
+    const value = await this.get(key);
+    if (value !== null) {
+      await this.del(key);
+    }
+    return value;
+  }
+
+  async expire(key: string, seconds: number): Promise<number> {
+    if (this.store.has(key)) {
+      const entry = this.store.get(key)!;
+      entry.ttl = this.currentTime + seconds * 1000;
+      return 1;
+    }
+    return 0;
+  }
+
+  async ttl(key: string): Promise<number> {
+    const entry = this.store.get(key);
+    if (!entry) return -2;
+    if (!entry.ttl) return -1;
+    if (entry.ttl < this.currentTime) {
+      this.store.delete(key);
+      return -2;
+    }
+    return Math.max(0, Math.ceil((entry.ttl - this.currentTime) / 1000));
+  }
+
+  // --- Set operations ---
+
+  async sadd(key: string, ...members: string[]): Promise<number> {
+    if (!this.sets.has(key)) this.sets.set(key, new Set());
+    const set = this.sets.get(key)!;
+    let added = 0;
+    for (const m of members) {
+      if (!set.has(m)) {
+        set.add(m);
+        added++;
+      }
+    }
+    return added;
+  }
+
+  async srem(key: string, ...members: string[]): Promise<number> {
+    const set = this.sets.get(key);
+    if (!set) return 0;
+    let removed = 0;
+    for (const m of members) {
+      if (set.delete(m)) removed++;
+    }
+    return removed;
+  }
+
+  async smembers(key: string): Promise<string[]> {
+    const set = this.sets.get(key);
+    return set ? Array.from(set) : [];
+  }
+
+  async sismember(key: string, member: string): Promise<number> {
+    const set = this.sets.get(key);
+    return set?.has(member) ? 1 : 0;
+  }
+
+  // --- List operations ---
+
+  async rpush(key: string, ...values: string[]): Promise<number> {
+    if (!this.lists.has(key)) this.lists.set(key, []);
+    const list = this.lists.get(key)!;
+    list.push(...values);
+    return list.length;
+  }
+
+  async lrange(key: string, start: number, stop: number): Promise<string[]> {
+    const list = this.lists.get(key);
+    if (!list) return [];
+    const end = stop === -1 ? list.length : stop + 1;
+    return list.slice(start, end);
+  }
+
+  // --- Scan ---
+
+  async scan(
+    _cursor: string,
+    ...args: (string | number)[]
+  ): Promise<[string, string[]]> {
+    // Extract pattern from args: "MATCH", pattern, "COUNT", count
+    let pattern = "*";
+    for (let i = 0; i < args.length - 1; i++) {
+      if (String(args[i]).toUpperCase() === "MATCH") {
+        pattern = String(args[i + 1]);
+        break;
+      }
+    }
+
+    const allKeys = new Set<string>();
+    for (const key of this.store.keys()) allKeys.add(key);
+    for (const key of this.sets.keys()) allKeys.add(key);
+    for (const key of this.lists.keys()) allKeys.add(key);
+
+    const matching: string[] = [];
+    for (const key of allKeys) {
+      if (pattern === "*") {
+        matching.push(key);
+      } else if (pattern.endsWith("*")) {
+        const prefix = pattern.slice(0, -1);
+        if (key.startsWith(prefix)) matching.push(key);
+      } else if (key === pattern) {
+        matching.push(key);
+      }
+    }
+
+    return ["0", matching];
+  }
+
+  // --- Batch get ---
+
+  async mget(...keys: string[]): Promise<(string | null)[]> {
+    return Promise.all(keys.map((key) => this.get(key)));
+  }
+
+  // --- Watch / Unwatch (no-ops) ---
+
+  async watch(..._keys: string[]): Promise<"OK"> {
+    return "OK";
+  }
+
+  async unwatch(): Promise<"OK"> {
+    return "OK";
+  }
+
+  // --- Multi ---
+
+  multi(): {
+    set(key: string, value: string): any;
+    exec(): Promise<[null, string][]>;
+  } {
+    const pending: Array<{ key: string; value: string }> = [];
+    const self = this;
+    const chain = {
+      set(key: string, value: string) {
+        pending.push({ key, value });
+        return chain;
+      },
+      async exec(): Promise<[null, string][]> {
+        const results: [null, string][] = [];
+        for (const op of pending) {
+          self.store.set(op.key, { value: op.value });
+          results.push([null, "OK"]);
+        }
+        return results;
+      },
+    };
+    return chain;
+  }
+
+  // --- Pipeline ---
+
+  pipeline(): {
+    setex(key: string, ttl: number, value: string): any;
+    del(...keys: string[]): any;
+    exec(): Promise<Array<[null, any]>>;
+  } {
+    const ops: Array<() => Promise<any>> = [];
+    const self = this;
+    const chain = {
+      setex(key: string, ttl: number, value: string) {
+        ops.push(() => self.setex(key, ttl, value));
+        return chain;
+      },
+      del(...keys: string[]) {
+        ops.push(() => self.del(...keys));
+        return chain;
+      },
+      async exec(): Promise<Array<[null, any]>> {
+        const results: Array<[null, any]> = [];
+        for (const op of ops) {
+          const result = await op();
+          results.push([null, result ?? "OK"]);
+        }
+        return results;
+      },
+    };
+    return chain;
+  }
+
+  // --- Test helpers ---
+
+  advanceTime(ms: number): void {
+    this.currentTime += ms;
+  }
+
+  has(key: string): boolean {
+    return this.store.has(key);
+  }
+
+  clear(): void {
+    this.store.clear();
+    this.sets.clear();
+    this.lists.clear();
+  }
+}