@lovenyberg/ove 0.7.0 → 0.9.0

package/src/adapters/http.test.ts

@@ -1,10 +1,12 @@
 import { Database } from "bun:sqlite";
+import { createHmac } from "node:crypto";
 import { describe, test, expect, beforeAll, afterAll } from "bun:test";
 import { TraceStore } from "../trace";
 import { TaskQueue } from "../queue";
 import type { IncomingEvent } from "./types";
 
 let adapter: any;
+let queue: TaskQueue;
 let receivedEvents: IncomingEvent[];
 const TEST_PORT = 19876;
 const API_KEY = "test-key-123";
@@ -15,7 +17,7 @@ describe("HttpApiAdapter", () => {
     receivedEvents = [];
     const db = new Database(":memory:");
     const trace = new TraceStore(db);
-    const queue = new TaskQueue(db);
+    queue = new TaskQueue(db);
     adapter = new HttpApiAdapter(TEST_PORT, API_KEY, trace, queue);
     await adapter.start((event: IncomingEvent) => {
       receivedEvents.push(event);
@@ -84,10 +86,604 @@ describe("HttpApiAdapter", () => {
     expect(result.result).toBe("Done. Fixed it.");
   });
 
+  test("GET /api/tasks includes priority field", async () => {
+    // Enqueue a task with a specific priority via the queue directly
+    const db = new Database(":memory:");
+    const queue = new TaskQueue(db);
+    const taskId = queue.enqueue({ userId: "u1", repo: "test/repo", prompt: "do stuff", priority: 5 });
+
+    // Create a separate adapter with this queue
+    const { HttpApiAdapter } = await import("./http");
+    const trace = new TraceStore(db);
+    const taskAdapter = new HttpApiAdapter(19877, API_KEY, trace, queue);
+    await taskAdapter.start(() => {});
+
+    try {
+      const res = await fetch(`http://localhost:19877/api/tasks`, {
+        headers: { "X-API-Key": API_KEY },
+      });
+      expect(res.status).toBe(200);
+      const tasks = await res.json();
+      expect(tasks.length).toBeGreaterThan(0);
+      const task = tasks.find((t: any) => t.id === taskId);
+      expect(task).toBeDefined();
+      expect(task.priority).toBe(5);
+    } finally {
+      await taskAdapter.stop();
+    }
+  });
+
   test("serves web UI at /", async () => {
     const res = await fetch(`http://localhost:${TEST_PORT}/`);
     expect(res.status).toBe(200);
     const html = await res.text();
     expect(html).toContain("<html");
   });
+
+  test("GET /api/metrics requires auth", async () => {
+    const res = await fetch(`http://localhost:${TEST_PORT}/api/metrics`);
+    expect(res.status).toBe(401);
+  });
+
+  test("GET /api/metrics returns metrics data", async () => {
+    const res = await fetch(`http://localhost:${TEST_PORT}/api/metrics`, {
+      headers: { "X-API-Key": API_KEY },
+    });
+    expect(res.status).toBe(200);
+    const data = await res.json();
+    expect(data.counts).toBeDefined();
+    expect(data.counts.pending).toBeGreaterThanOrEqual(0);
+    expect(data.counts.running).toBeGreaterThanOrEqual(0);
+    expect(data.counts.completed).toBeGreaterThanOrEqual(0);
+    expect(data.counts.failed).toBeGreaterThanOrEqual(0);
+    expect(data.avgDurationByRepo).toBeInstanceOf(Array);
+    expect(data.throughput).toBeDefined();
+    expect(typeof data.throughput.lastHour).toBe("number");
+    expect(typeof data.throughput.last24h).toBe("number");
+    expect(typeof data.errorRate).toBe("number");
+    expect(data.repoBreakdown).toBeInstanceOf(Array);
+    expect(data.adapters).toBeInstanceOf(Array);
+    expect(typeof data.uptime).toBe("number");
+    expect(data.timestamp).toBeDefined();
+  });
+
+  test("GET /metrics serves metrics page", async () => {
+    const res = await fetch(`http://localhost:${TEST_PORT}/metrics`);
+    expect(res.status).toBe(200);
+    const html = await res.text();
+    expect(html).toContain("<html");
+    expect(html).toContain("metrics");
+  });
+
+  // ── Cancel API tests ──
+
+  test("POST /api/tasks/:id/cancel rejects without API key", async () => {
+    const res = await fetch(`http://localhost:${TEST_PORT}/api/tasks/fake-id/cancel`, {
+      method: "POST",
+    });
+    expect(res.status).toBe(401);
+  });
+
+  test("POST /api/tasks/:id/cancel returns 404 for unknown task", async () => {
+    const res = await fetch(`http://localhost:${TEST_PORT}/api/tasks/nonexistent-task-id/cancel`, {
+      method: "POST",
+      headers: { "X-API-Key": API_KEY },
+    });
+    expect(res.status).toBe(404);
+    const body = await res.json();
+    expect(body.error).toBe("Task not found");
+  });
+
+  test("POST /api/tasks/:id/cancel cancels a pending task", async () => {
+    const taskId = queue.enqueue({
+      userId: "http:web",
+      repo: "test-repo",
+      prompt: "test cancel pending",
+    });
+
+    const res = await fetch(`http://localhost:${TEST_PORT}/api/tasks/${taskId}/cancel`, {
+      method: "POST",
+      headers: { "X-API-Key": API_KEY },
+    });
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.ok).toBe(true);
+    expect(body.cancelled).toBe(true);
+    expect(body.taskId).toBe(taskId);
+
+    // Verify it's cancelled in the queue
+    const task = queue.get(taskId);
+    expect(task?.status).toBe("failed");
+    expect(task?.result).toBe("Cancelled");
+  });
+
+  test("POST /api/tasks/:id/cancel returns 409 for already completed task", async () => {
+    const taskId = queue.enqueue({
+      userId: "http:web",
+      repo: "test-repo",
+      prompt: "test cancel completed",
+    });
+    // Complete the task
+    queue.complete(taskId, "done");
+
+    const res = await fetch(`http://localhost:${TEST_PORT}/api/tasks/${taskId}/cancel`, {
+      method: "POST",
+      headers: { "X-API-Key": API_KEY },
+    });
+    expect(res.status).toBe(409);
+    const body = await res.json();
+    expect(body.error).toBe("Task is not cancellable");
+  });
+
+  test("POST /api/tasks/:id/cancel aborts a running task", async () => {
+    const taskId = queue.enqueue({
+      userId: "http:web",
+      repo: "cancel-repo",
+      prompt: "test cancel running",
+    });
+    // Dequeue to make it running
+    queue.dequeue();
+
+    const task = queue.get(taskId);
+    expect(task?.status).toBe("running");
+
+    // Register a mock running process
+    const abortController = new AbortController();
+    const runningProcesses = new Map();
+    runningProcesses.set(taskId, { abort: abortController, task });
+    adapter.setRunningProcesses(runningProcesses);
+
+    const res = await fetch(`http://localhost:${TEST_PORT}/api/tasks/${taskId}/cancel`, {
+      method: "POST",
+      headers: { "X-API-Key": API_KEY },
+    });
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.ok).toBe(true);
+    expect(body.cancelled).toBe(true);
+
+    // Verify abort was called
+    expect(abortController.signal.aborted).toBe(true);
+
+    // Verify queue status
+    const updated = queue.get(taskId);
+    expect(updated?.status).toBe("failed");
+    expect(updated?.result).toBe("Cancelled");
+  });
+});
+
+// --- Webhook tests ---
+
+const WEBHOOK_PORT = 19879;
+const WEBHOOK_API_KEY = "webhook-test-key";
+const WEBHOOK_SECRET = "test-webhook-secret-123";
+const BOT_NAME = "ove";
+
+function signPayload(secret: string, body: string): string {
+  return "sha256=" + createHmac("sha256", secret).update(body).digest("hex");
+}
+
+function makeIssueCommentPayload(overrides?: Record<string, any>) {
+  return {
+    action: "created",
+    comment: {
+      body: `@${BOT_NAME} fix the flaky test`,
+      user: { login: "testuser" },
+      id: 12345,
+    },
+    issue: {
+      number: 42,
+      pull_request: undefined,
+    },
+    repository: {
+      full_name: "acme/my-app",
+    },
+    ...overrides,
+  };
+}
+
+function makePRReviewCommentPayload(overrides?: Record<string, any>) {
+  return {
+    action: "created",
+    comment: {
+      body: `@${BOT_NAME} refactor this function`,
+      user: { login: "reviewer" },
+      id: 67890,
+    },
+    pull_request: {
+      number: 99,
+    },
+    repository: {
+      full_name: "acme/my-app",
+    },
+    ...overrides,
+  };
+}
+
+describe("GitHub webhook endpoint", () => {
+  let webhookAdapter: any;
+  let webhookEvents: IncomingEvent[];
+
+  beforeAll(async () => {
+    const { HttpApiAdapter } = await import("./http");
+    webhookEvents = [];
+    const db = new Database(":memory:");
+    const trace = new TraceStore(db);
+    const queue = new TaskQueue(db);
+    webhookAdapter = new HttpApiAdapter(
+      WEBHOOK_PORT, WEBHOOK_API_KEY, trace, queue,
+      undefined, "127.0.0.1", WEBHOOK_SECRET, BOT_NAME
+    );
+    await webhookAdapter.start((event: IncomingEvent) => {
+      webhookEvents.push(event);
+    });
+  });
+
+  afterAll(async () => {
+    await webhookAdapter.stop();
+  });
+
+  test("accepts issue_comment with valid signature", async () => {
+    const payload = makeIssueCommentPayload();
+    const body = JSON.stringify(payload);
+    const signature = signPayload(WEBHOOK_SECRET, body);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": signature,
+        "X-GitHub-Event": "issue_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(200);
+    const result = await res.json();
+    expect(result.ok).toBe(true);
+    expect(result.eventId).toBe("github:acme/my-app:issue:42");
+
+    expect(webhookEvents.length).toBe(1);
+    expect(webhookEvents[0].text).toBe("fix the flaky test");
+    expect(webhookEvents[0].userId).toBe("github:testuser");
+    expect(webhookEvents[0].platform).toBe("github");
+    expect(webhookEvents[0].source).toEqual({ type: "issue", repo: "acme/my-app", number: 42 });
+  });
+
+  test("accepts pull_request_review_comment with valid signature", async () => {
+    webhookEvents.length = 0;
+    const payload = makePRReviewCommentPayload();
+    const body = JSON.stringify(payload);
+    const signature = signPayload(WEBHOOK_SECRET, body);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": signature,
+        "X-GitHub-Event": "pull_request_review_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(200);
+    const result = await res.json();
+    expect(result.ok).toBe(true);
+    expect(result.eventId).toBe("github:acme/my-app:pr:99");
+
+    expect(webhookEvents.length).toBe(1);
+    expect(webhookEvents[0].text).toBe("refactor this function");
+    expect(webhookEvents[0].userId).toBe("github:reviewer");
+    expect(webhookEvents[0].source).toEqual({ type: "pr", repo: "acme/my-app", number: 99 });
+  });
+
+  test("rejects GitHub webhook with invalid signature", async () => {
+    webhookEvents.length = 0;
+    const payload = makeIssueCommentPayload();
+    const body = JSON.stringify(payload);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": "sha256=invalid_signature_here",
+        "X-GitHub-Event": "issue_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(401);
+    const result = await res.json();
+    expect(result.error).toBe("Invalid signature");
+    expect(webhookEvents.length).toBe(0);
+  });
+
+  test("rejects GitHub webhook without signature header", async () => {
+    const payload = makeIssueCommentPayload();
+    const body = JSON.stringify(payload);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-GitHub-Event": "issue_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(401);
+    const result = await res.json();
+    expect(result.error).toBe("Missing signature");
+  });
+
+  test("skips comments without @mention", async () => {
+    webhookEvents.length = 0;
+    const payload = makeIssueCommentPayload({
+      comment: { body: "just a regular comment", user: { login: "testuser" }, id: 111 },
+    });
+    const body = JSON.stringify(payload);
+    const signature = signPayload(WEBHOOK_SECRET, body);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": signature,
+        "X-GitHub-Event": "issue_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(200);
+    const result = await res.json();
+    expect(result.skipped).toBe(true);
+    expect(result.reason).toBe("No mention found");
+    expect(webhookEvents.length).toBe(0);
+  });
+
+  test("skips unsupported GitHub event types", async () => {
+    const payload = makeIssueCommentPayload();
+    const body = JSON.stringify(payload);
+    const signature = signPayload(WEBHOOK_SECRET, body);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": signature,
+        "X-GitHub-Event": "push",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(200);
+    const result = await res.json();
+    expect(result.skipped).toBe(true);
+    expect(result.reason).toContain("Unsupported event");
+  });
+
+  test("skips bot's own comments to prevent infinite loops", async () => {
+    webhookEvents.length = 0;
+    const payload = makeIssueCommentPayload({
+      comment: { body: `@${BOT_NAME} fix the flaky test`, user: { login: BOT_NAME }, id: 99999 },
+    });
+    const body = JSON.stringify(payload);
+    const signature = signPayload(WEBHOOK_SECRET, body);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": signature,
+        "X-GitHub-Event": "issue_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(200);
+    const result = await res.json();
+    expect(result.ok).toBe(true);
+    expect(result.skipped).toBe(true);
+    expect(result.reason).toBe("Own comment");
+    expect(webhookEvents.length).toBe(0);
+  });
+
+  test("rejects oversized GitHub webhook payload", async () => {
+    webhookEvents.length = 0;
+    // Create a payload larger than 1MB
+    const payload = makeIssueCommentPayload({
+      comment: { body: `@${BOT_NAME} ${"x".repeat(1_100_000)}`, user: { login: "testuser" }, id: 88888 },
+    });
+    const body = JSON.stringify(payload);
+    const signature = signPayload(WEBHOOK_SECRET, body);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": signature,
+        "X-GitHub-Event": "issue_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(413);
+    const result = await res.json();
+    expect(result.error).toContain("Payload too large");
+    expect(webhookEvents.length).toBe(0);
+  });
+
+  test("detects PR from issue_comment on a pull request", async () => {
+    webhookEvents.length = 0;
+    const payload = makeIssueCommentPayload({
+      issue: { number: 55, pull_request: { url: "https://api.github.com/repos/acme/my-app/pulls/55" } },
+    });
+    const body = JSON.stringify(payload);
+    const signature = signPayload(WEBHOOK_SECRET, body);
+
+    const res = await fetch(`http://localhost:${WEBHOOK_PORT}/api/webhooks/github`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Hub-Signature-256": signature,
+        "X-GitHub-Event": "issue_comment",
+      },
+      body,
+    });
+
+    expect(res.status).toBe(200);
+    expect(webhookEvents.length).toBe(1);
+    expect(webhookEvents[0].source).toEqual({ type: "pr", repo: "acme/my-app", number: 55 });
+  });
+});
+
+describe("Generic webhook endpoint", () => {
+  let genericAdapter: any;
+  let genericEvents: IncomingEvent[];
+  const GENERIC_PORT = 19880;
+
+  beforeAll(async () => {
+    const { HttpApiAdapter } = await import("./http");
+    genericEvents = [];
+    const db = new Database(":memory:");
+    const trace = new TraceStore(db);
+    const queue = new TaskQueue(db);
+    genericAdapter = new HttpApiAdapter(GENERIC_PORT, WEBHOOK_API_KEY, trace, queue);
+    await genericAdapter.start((event: IncomingEvent) => {
+      genericEvents.push(event);
+    });
+  });
+
+  afterAll(async () => {
+    await genericAdapter.stop();
+  });
+
+  test("accepts generic webhook with valid API key", async () => {
+    const res = await fetch(`http://localhost:${GENERIC_PORT}/api/webhooks/generic`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": WEBHOOK_API_KEY,
+      },
+      body: JSON.stringify({
+        repo: "my-app",
+        text: "run tests",
+        userId: "webhook:ci",
+      }),
+    });
+
+    expect(res.status).toBe(202);
+    const result = await res.json();
+    expect(result.ok).toBe(true);
+    expect(result.eventId).toBeDefined();
+
+    expect(genericEvents.length).toBe(1);
+    expect(genericEvents[0].text).toBe("run tests");
+    expect(genericEvents[0].userId).toBe("webhook:ci");
+    expect(genericEvents[0].platform).toBe("webhook");
+  });
+
+  test("rejects generic webhook without API key", async () => {
+    genericEvents.length = 0;
+    const res = await fetch(`http://localhost:${GENERIC_PORT}/api/webhooks/generic`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        repo: "my-app",
+        text: "run tests",
+      }),
+    });
+
+    expect(res.status).toBe(401);
+    expect(genericEvents.length).toBe(0);
+  });
+
+  test("rejects generic webhook with missing repo", async () => {
+    const res = await fetch(`http://localhost:${GENERIC_PORT}/api/webhooks/generic`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": WEBHOOK_API_KEY,
+      },
+      body: JSON.stringify({ text: "run tests" }),
+    });
+
+    expect(res.status).toBe(400);
+    const result = await res.json();
+    expect(result.error).toContain("repo");
+  });
+
+  test("rejects generic webhook with missing text", async () => {
+    const res = await fetch(`http://localhost:${GENERIC_PORT}/api/webhooks/generic`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": WEBHOOK_API_KEY,
+      },
+      body: JSON.stringify({ repo: "my-app" }),
+    });
+
+    expect(res.status).toBe(400);
+    const result = await res.json();
+    expect(result.error).toContain("text");
+  });
+
+  test("passes repo field through in EventSource", async () => {
+    genericEvents.length = 0;
+    const res = await fetch(`http://localhost:${GENERIC_PORT}/api/webhooks/generic`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": WEBHOOK_API_KEY,
+      },
+      body: JSON.stringify({
+        repo: "acme/my-service",
+        text: "deploy to staging",
+      }),
+    });
+
+    expect(res.status).toBe(202);
+    expect(genericEvents.length).toBe(1);
+    expect(genericEvents[0].source).toMatchObject({ type: "http", repo: "acme/my-service" });
+    expect((genericEvents[0].source as any).repo).toBe("acme/my-service");
+  });
+
+  test("rejects oversized generic webhook payload", async () => {
+    genericEvents.length = 0;
+    const res = await fetch(`http://localhost:${GENERIC_PORT}/api/webhooks/generic`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": WEBHOOK_API_KEY,
+      },
+      body: JSON.stringify({
+        repo: "my-app",
+        text: "x".repeat(1_100_000),
+      }),
+    });
+
+    expect(res.status).toBe(413);
+    const result = await res.json();
+    expect(result.error).toContain("Payload too large");
+    expect(genericEvents.length).toBe(0);
+  });
+
+  test("uses default userId when not provided", async () => {
+    genericEvents.length = 0;
+    const res = await fetch(`http://localhost:${GENERIC_PORT}/api/webhooks/generic`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": WEBHOOK_API_KEY,
+      },
+      body: JSON.stringify({
+        repo: "my-app",
+        text: "deploy",
+      }),
+    });
+
+    expect(res.status).toBe(202);
+    expect(genericEvents.length).toBe(1);
+    expect(genericEvents[0].userId).toBe("webhook:generic");
+  });
 });