@m-kopa/launchpad-cli 0.23.0

package/skills/marquee-share/tests/pkce.test.ts

@@ -0,0 +1,121 @@
+// PKCE primitive tests for the Marquee share skill auth layer.
+//
+// Covers: verifier/challenge shape, the S256 relationship, the
+// Cloudflare "challenge must start with [a-zA-Z0-9]" regeneration
+// quirk, and the regeneration cap.
+
+import { describe, expect, test } from "vitest";
+import {
+  generatePkcePair,
+  sha256Base64Url,
+  MAX_PKCE_REGEN_ATTEMPTS,
+  PkceGenerationError,
+} from "../src/auth/pkce.js";
+
+const BASE64URL = /^[A-Za-z0-9_-]+$/;
+
+describe("pkce — pair shape", () => {
+  test("verifier is unpadded base64url, 43 chars (32 bytes of entropy)", () => {
+    const { verifier } = generatePkcePair();
+    expect(verifier).toMatch(BASE64URL);
+    expect(verifier).toHaveLength(43);
+    expect(verifier).not.toContain("=");
+  });
+
+  test("challenge is unpadded base64url", () => {
+    const { challenge } = generatePkcePair();
+    expect(challenge).toMatch(BASE64URL);
+    expect(challenge).not.toContain("=");
+  });
+
+  test("challenge is the S256 hash of the verifier", () => {
+    const { verifier, challenge } = generatePkcePair();
+    expect(challenge).toBe(sha256Base64Url(verifier));
+  });
+
+  test("each call produces a fresh, distinct pair", () => {
+    const a = generatePkcePair();
+    const b = generatePkcePair();
+    expect(a.verifier).not.toBe(b.verifier);
+    expect(a.challenge).not.toBe(b.challenge);
+  });
+});
+
+describe("pkce — Cloudflare leading-char quirk", () => {
+  test("challenge always starts with [a-zA-Z0-9]", () => {
+    // Many real draws — the regeneration loop must hold every time.
+    for (let i = 0; i < 200; i++) {
+      const { challenge } = generatePkcePair();
+      expect(challenge[0]).toMatch(/[a-zA-Z0-9]/);
+    }
+  });
+
+  test("a verifier whose challenge starts with '-' or '_' is discarded", () => {
+    // Inject a deterministic RNG that first yields a verifier whose
+    // S256 challenge has a non-alphanumeric leading char, then a
+    // good one. The pair returned must be the SECOND draw (the
+    // verifier is thrown away wholesale, not salted/reused).
+    const draws: Uint8Array[] = [];
+    // Search for one 32-byte seed that hashes to a bad leading char
+    // and one that hashes to a good one.
+    let bad: Uint8Array | undefined;
+    let good: Uint8Array | undefined;
+    for (let n = 0; n < 5000 && (!bad || !good); n++) {
+      const seed = new Uint8Array(32).fill(0);
+      seed[0] = n & 0xff;
+      seed[1] = (n >> 8) & 0xff;
+      const verifier = Buffer.from(seed)
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+      const challenge = sha256Base64Url(verifier);
+      if (!bad && /^[-_]/.test(challenge)) bad = seed;
+      if (!good && /^[a-zA-Z0-9]/.test(challenge)) good = seed;
+    }
+    expect(bad).toBeDefined();
+    expect(good).toBeDefined();
+    draws.push(bad as Uint8Array, good as Uint8Array);
+    let i = 0;
+    const rng = (_size: number): Uint8Array => {
+      const d = draws[i] ?? (good as Uint8Array);
+      i++;
+      return d;
+    };
+    const pair = generatePkcePair(rng);
+    // The challenge handed back is acceptable...
+    expect(pair.challenge[0]).toMatch(/[a-zA-Z0-9]/);
+    // ...and it is the second (good) draw, proving the bad verifier
+    // was discarded entirely rather than reused.
+    const goodVerifier = Buffer.from(good as Uint8Array)
+      .toString("base64")
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+    expect(pair.verifier).toBe(goodVerifier);
+    expect(i).toBe(2);
+  });
+
+  test("throws PkceGenerationError if the RNG can never produce a good challenge", () => {
+    // A pathological RNG that always yields the same bad seed.
+    let badSeed: Uint8Array | undefined;
+    for (let n = 0; n < 5000 && !badSeed; n++) {
+      const seed = new Uint8Array(32).fill(0);
+      seed[0] = n & 0xff;
+      seed[1] = (n >> 8) & 0xff;
+      const verifier = Buffer.from(seed)
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+      if (/^[-_]/.test(sha256Base64Url(verifier))) badSeed = seed;
+    }
+    expect(badSeed).toBeDefined();
+    const rng = (): Uint8Array => badSeed as Uint8Array;
+    expect(() => generatePkcePair(rng)).toThrow(PkceGenerationError);
+  });
+
+  test("regeneration cap is a sane positive number", () => {
+    expect(MAX_PKCE_REGEN_ATTEMPTS).toBeGreaterThan(0);
+  });
+});

package/skills/marquee-share/tests/session.test.ts

@@ -0,0 +1,173 @@
+// Session-storage tests for the Marquee share skill auth layer.
+//
+// Covers: write/read round-trip, the 0600 file mode (the requirement
+// that the cached credential is not world-readable), parse failure
+// modes, and logout (clearSession) idempotency.
+
+import { afterEach, beforeEach, describe, expect, test } from "vitest";
+import * as fs from "node:fs/promises";
+import * as os from "node:os";
+import * as path from "node:path";
+import {
+  readSession,
+  writeSession,
+  clearSession,
+  SESSION_VERSION,
+  SessionParseError,
+  type MarqueeSession,
+} from "../src/auth/session.js";
+
+let tmpDir: string;
+let sessionPath: string;
+
+beforeEach(async () => {
+  tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "marquee-skill-session-"));
+  sessionPath = path.join(tmpDir, "deeper", "session.json");
+});
+
+afterEach(async () => {
+  await fs.rm(tmpDir, { recursive: true, force: true });
+});
+
+function makeSession(): MarqueeSession {
+  return {
+    version: SESSION_VERSION,
+    accessToken: "access-aaa",
+    refreshToken: "refresh-bbb",
+    accessTokenExpiresAt: 1_700_000_000_000,
+    clientId: "client-ccc",
+    tokenEndpoint: "https://example/oauth/token",
+    resource: "https://marquee.launchpad.m-kopa.us",
+    issuedAt: "2026-05-17T12:00:00Z",
+  };
+}
+
+describe("session — read/write round-trip", () => {
+  test("write then read returns the exact same shape", async () => {
+    const s = makeSession();
+    await writeSession(sessionPath, s);
+    const back = await readSession(sessionPath);
+    expect(back).toEqual(s);
+  });
+
+  test("write creates parent dir if absent (mkdir -p)", async () => {
+    await writeSession(sessionPath, makeSession());
+    const stat = await fs.stat(path.dirname(sessionPath));
+    expect(stat.isDirectory()).toBe(true);
+  });
+
+  test("written file has mode 0600 (POSIX only)", async () => {
+    if (process.platform === "win32") return;
+    await writeSession(sessionPath, makeSession());
+    const stat = await fs.stat(sessionPath);
+    // Mask off the type bits, compare permission bits only.
+    expect(stat.mode & 0o777).toBe(0o600);
+  });
+
+  test("parent directory is created at mode 0700 (POSIX only)", async () => {
+    if (process.platform === "win32") return;
+    await writeSession(sessionPath, makeSession());
+    const stat = await fs.stat(path.dirname(sessionPath));
+    expect(stat.mode & 0o777).toBe(0o700);
+  });
+
+  test("readSession returns null when the file doesn't exist", async () => {
+    const back = await readSession(sessionPath);
+    expect(back).toBeNull();
+  });
+
+  test("a session without resource still parses (resource optional)", async () => {
+    const s = makeSession();
+    const { resource: _resource, ...withoutResource } = s;
+    await fs.mkdir(path.dirname(sessionPath), { recursive: true });
+    await fs.writeFile(sessionPath, JSON.stringify(withoutResource));
+    const back = await readSession(sessionPath);
+    expect(back?.resource).toBeUndefined();
+    expect(back?.accessToken).toBe("access-aaa");
+  });
+});
+
+describe("session — parse failure modes", () => {
+  test("non-JSON file throws SessionParseError", async () => {
+    await fs.mkdir(path.dirname(sessionPath), { recursive: true });
+    await fs.writeFile(sessionPath, "not json{", { mode: 0o600 });
+    await expect(readSession(sessionPath)).rejects.toBeInstanceOf(
+      SessionParseError,
+    );
+  });
+
+  test("non-object JSON throws SessionParseError", async () => {
+    await fs.mkdir(path.dirname(sessionPath), { recursive: true });
+    await fs.writeFile(sessionPath, "[]", { mode: 0o600 });
+    await expect(readSession(sessionPath)).rejects.toBeInstanceOf(
+      SessionParseError,
+    );
+  });
+
+  test("wrong schema version throws SessionParseError", async () => {
+    const bad = { ...makeSession(), version: 99 };
+    await fs.mkdir(path.dirname(sessionPath), { recursive: true });
+    await fs.writeFile(sessionPath, JSON.stringify(bad));
+    await expect(readSession(sessionPath)).rejects.toThrow(
+      /unsupported session version 99/,
+    );
+  });
+
+  test("missing required string field throws SessionParseError", async () => {
+    const bad = { ...makeSession() } as Record<string, unknown>;
+    delete bad.refreshToken;
+    await fs.mkdir(path.dirname(sessionPath), { recursive: true });
+    await fs.writeFile(sessionPath, JSON.stringify(bad));
+    await expect(readSession(sessionPath)).rejects.toThrow(/refreshToken/);
+  });
+
+  test("non-numeric accessTokenExpiresAt throws SessionParseError", async () => {
+    const bad = { ...makeSession(), accessTokenExpiresAt: "soon" };
+    await fs.mkdir(path.dirname(sessionPath), { recursive: true });
+    await fs.writeFile(sessionPath, JSON.stringify(bad));
+    await expect(readSession(sessionPath)).rejects.toThrow(
+      /accessTokenExpiresAt/,
+    );
+  });
+
+  test("resource present but non-string throws SessionParseError", async () => {
+    const bad = { ...makeSession(), resource: 123 };
+    await fs.mkdir(path.dirname(sessionPath), { recursive: true });
+    await fs.writeFile(sessionPath, JSON.stringify(bad));
+    await expect(readSession(sessionPath)).rejects.toThrow(/resource/);
+  });
+});
+
+describe("session — expiry semantics", () => {
+  test("accessTokenExpiresAt round-trips as a number for expiry math", async () => {
+    const future = Date.now() + 900_000;
+    await writeSession(sessionPath, {
+      ...makeSession(),
+      accessTokenExpiresAt: future,
+    });
+    const back = await readSession(sessionPath);
+    expect(typeof back?.accessTokenExpiresAt).toBe("number");
+    expect(back?.accessTokenExpiresAt).toBe(future);
+  });
+});
+
+describe("session — clear (logout)", () => {
+  test("clearSession returns true when a session existed", async () => {
+    await writeSession(sessionPath, makeSession());
+    const had = await clearSession(sessionPath);
+    expect(had).toBe(true);
+    const back = await readSession(sessionPath);
+    expect(back).toBeNull();
+  });
+
+  test("clearSession returns false when nothing was there (idempotent)", async () => {
+    const had = await clearSession(sessionPath);
+    expect(had).toBe(false);
+  });
+
+  test("clearSession twice in a row is safe", async () => {
+    await writeSession(sessionPath, makeSession());
+    expect(await clearSession(sessionPath)).toBe(true);
+    expect(await clearSession(sessionPath)).toBe(false);
+  });
+});

package/skills/marquee-share/tests/template.test.ts

@@ -0,0 +1,170 @@
+// Tests for the branded HTML template + escaping-safe injection.
+//
+// The skill is a thin uploader: the AI produces the inner content
+// HTML, this layer wraps it into one M-KOPA-branded skeleton. The
+// security-load-bearing property here is that the title slot — a
+// plain string supplied by the caller — is HTML-escaped so a hostile
+// title cannot break out of the `<title>`/`<h1>` context and inject
+// markup or script into the document shell.
+//
+// The CONTENT slot is, by contract, already-rendered HTML and is
+// inserted verbatim into the document `<body>`. That trust decision
+// lives in the SKILL.md guidance (Task 5) and Marquee's own
+// sandboxed-iframe render isolation — NOT here. These tests pin the
+// behaviour we DO own: a valid self-contained document, an escaped
+// title, and a content slot that cannot subvert the SHELL'S OWN
+// structure (it cannot, e.g., close the document early and append
+// sibling markup to the shell — there is nothing after the slot that
+// a payload could escape INTO that isn't already inside <body>).
+
+import { describe, expect, test } from "vitest";
+import { renderBrandedDocument } from "../src/render/template.js";
+
+describe("renderBrandedDocument — document shape", () => {
+  test("produces one self-contained HTML document", () => {
+    const html = renderBrandedDocument({
+      title: "Quarterly Review",
+      contentHtml: "<p>Hello</p>",
+    });
+    // A single, well-formed document.
+    expect(html.startsWith("<!DOCTYPE html>")).toBe(true);
+    expect(html).toContain("<html");
+    expect(html).toContain("</html>");
+    // Exactly one document — no duplicated roots.
+    expect(html.match(/<!DOCTYPE html>/gi)?.length).toBe(1);
+    expect(html.match(/<html[\s>]/gi)?.length).toBe(1);
+    expect(html.match(/<\/html>/gi)?.length).toBe(1);
+  });
+
+  test("is self-contained — no external CSS/JS/font references", () => {
+    const html = renderBrandedDocument({
+      title: "T",
+      contentHtml: "<p>body</p>",
+    });
+    // No external resource references — the document must render
+    // offline / inside Marquee's sandboxed iframe with no network.
+    expect(html).not.toMatch(/<link[^>]+rel=["']?stylesheet/i);
+    expect(html).not.toMatch(/<script[^>]+\bsrc=/i);
+    expect(html).not.toMatch(/@import/i);
+    // The brand styling is inline in a <style> block.
+    expect(html).toContain("<style>");
+  });
+
+  test("places the content verbatim inside the document body", () => {
+    const marker = "<section data-test=\"content-marker\">unique-payload-xyz</section>";
+    const html = renderBrandedDocument({ title: "T", contentHtml: marker });
+    expect(html).toContain(marker);
+    // The content sits inside <body>, after the opening tag.
+    const bodyOpen = html.indexOf("<body");
+    expect(bodyOpen).toBeGreaterThan(-1);
+    expect(html.indexOf(marker)).toBeGreaterThan(bodyOpen);
+  });
+
+  test("renders the title in both the <title> and the visible header", () => {
+    const html = renderBrandedDocument({
+      title: "Migration Plan",
+      contentHtml: "<p>x</p>",
+    });
+    expect(html).toContain("<title>Migration Plan</title>");
+    expect(html).toContain("Migration Plan");
+  });
+
+  test("carries the M-KOPA brand palette (white background, green accent)", () => {
+    const html = renderBrandedDocument({ title: "T", contentHtml: "<p>x</p>" });
+    // White background somewhere in the inline style.
+    expect(html.toLowerCase()).toMatch(/background[^;}]*#fff|background[^;}]*#ffffff/);
+    // The green brand accent token is present.
+    expect(html).toContain("--brand-green");
+  });
+});
+
+describe("renderBrandedDocument — escaping-safe title injection", () => {
+  test("a hostile title cannot break out of the <title> element", () => {
+    const html = renderBrandedDocument({
+      title: "</title><script>alert(1)</script>",
+      contentHtml: "<p>x</p>",
+    });
+    // The raw closing tag + script must NOT appear — they are escaped.
+    expect(html).not.toContain("</title><script>");
+    // The escaped form is what lands in the document.
+    expect(html).toContain("&lt;/title&gt;&lt;script&gt;");
+  });
+
+  test("a hostile title cannot inject an attribute or new element into the header", () => {
+    const html = renderBrandedDocument({
+      title: '"><img src=x onerror=alert(1)>',
+      contentHtml: "<p>x</p>",
+    });
+    // No live <img> element from the title.
+    expect(html).not.toContain("<img src=x onerror=alert(1)>");
+    // Quotes and angle brackets are entity-encoded.
+    expect(html).toContain("&lt;img");
+    expect(html).toContain("&gt;");
+  });
+
+  test("escapes the full set of HTML-significant characters in the title", () => {
+    const html = renderBrandedDocument({
+      title: `& < > " '`,
+      contentHtml: "<p>x</p>",
+    });
+    expect(html).toContain("&amp;");
+    expect(html).toContain("&lt;");
+    expect(html).toContain("&gt;");
+    expect(html).toContain("&quot;");
+    expect(html).toContain("&#39;");
+  });
+
+  test("an ordinary title is rendered readably (not over-escaped)", () => {
+    const html = renderBrandedDocument({
+      title: "Q3 Results",
+      contentHtml: "<p>x</p>",
+    });
+    expect(html).toContain("<title>Q3 Results</title>");
+  });
+
+  test("a missing/empty title falls back to a default and still escapes", () => {
+    const html = renderBrandedDocument({ title: "", contentHtml: "<p>x</p>" });
+    // Document is still valid with a non-empty <title>.
+    expect(html).toMatch(/<title>[^<][^]*<\/title>/);
+  });
+});
+
+describe("renderBrandedDocument — content slot cannot subvert the shell", () => {
+  test("a hostile payload lands strictly inside the body, after the real shell open", () => {
+    // A maximally hostile content payload that tries to close
+    // <body>/<html> and append its own document. The content slot is
+    // verbatim HTML by contract, so the payload's BYTES (including a
+    // literal "<!DOCTYPE html>") do appear — what matters is WHERE:
+    // the template's OWN structural opening tags come first and are
+    // untouched, so the payload is always parsed as content inside
+    // <body>, never as a peer root.
+    const payload =
+      "</body></html><!DOCTYPE html><html><body><h1>evil shell</h1>";
+    const html = renderBrandedDocument({ title: "T", contentHtml: payload });
+    // The template's real shell opens exactly once and FIRST.
+    const docType = html.indexOf("<!DOCTYPE html>");
+    const htmlOpen = html.indexOf("<html");
+    const bodyOpen = html.indexOf("<body");
+    expect(docType).toBe(0);
+    // The payload bytes are present verbatim…
+    expect(html).toContain(payload);
+    // …and sit AFTER the template's own <html> and <body> opens — the
+    // shell prefix the parser uses to build the document is the
+    // template's, not the payload's.
+    expect(html.indexOf(payload)).toBeGreaterThan(htmlOpen);
+    expect(html.indexOf(payload)).toBeGreaterThan(bodyOpen);
+  });
+
+  test("the shell's structural markup is fixed regardless of content", () => {
+    const a = renderBrandedDocument({ title: "T", contentHtml: "<p>plain</p>" });
+    const b = renderBrandedDocument({
+      title: "T",
+      contentHtml: "</body></html>",
+    });
+    // The shell prefix (everything up to the content slot) is byte
+    // identical — the content cannot reach back and alter it.
+    const prefixA = a.slice(0, a.indexOf("<p>plain</p>"));
+    const prefixB = b.slice(0, b.indexOf("</body></html>"));
+    expect(prefixA).toBe(prefixB);
+  });
+});