@onmars/lunar-core 0.1.0

package/src/__tests__/scheduler.test.ts

@@ -0,0 +1,469 @@
+/**
+ * Scheduler — Test Suite
+ *
+ * Tests the cron-based job scheduler.
+ * Covers: JobStore CRUD, schedule computation, tick execution,
+ * config sync, one-shot behavior, and error handling.
+ */
+
+import { Database } from 'bun:sqlite'
+import { afterEach, beforeEach, describe, expect, mock, test } from 'bun:test'
+import {
+  type DispatchFn,
+  type Job,
+  type JobPayload,
+  JobStore,
+  Scheduler,
+  type SchedulerConfig,
+} from '../lib/scheduler'
+
+// ════════════════════════════════════════════════════════════
+// Helpers
+// ════════════════════════════════════════════════════════════
+
+function createTestDb(): Database {
+  const db = new Database(':memory:')
+  db.exec('PRAGMA journal_mode = WAL')
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS jobs (
+      id TEXT PRIMARY KEY,
+      name TEXT,
+      schedule TEXT NOT NULL,
+      payload TEXT NOT NULL,
+      channel TEXT NOT NULL DEFAULT '',
+      moon TEXT,
+      enabled INTEGER NOT NULL DEFAULT 1,
+      one_shot INTEGER NOT NULL DEFAULT 0,
+      last_run INTEGER,
+      next_run INTEGER,
+      created_at INTEGER NOT NULL DEFAULT (unixepoch())
+    );
+    CREATE INDEX IF NOT EXISTS idx_jobs_next ON jobs(next_run) WHERE enabled = 1;
+  `)
+  return db
+}
+
+function makeJob(overrides: Partial<Job> = {}): Job {
+  return {
+    id: crypto.randomUUID(),
+    name: 'test-job',
+    schedule: { kind: 'cron', expr: '0 9 * * *' },
+    payload: { kind: 'message', text: 'Hello' },
+    channel: 'orbit',
+    enabled: true,
+    oneShot: false,
+    createdAt: Math.floor(Date.now() / 1000),
+    ...overrides,
+  }
+}
+
+function makeConfig(overrides: Partial<SchedulerConfig> = {}): SchedulerConfig {
+  return {
+    enabled: true,
+    pollIntervalMs: 60000,
+    timezone: 'UTC',
+    jobs: {},
+    ...overrides,
+  }
+}
+
+// ════════════════════════════════════════════════════════════
+// JobStore — CRUD
+// ════════════════════════════════════════════════════════════
+
+describe('JobStore — persistence layer', () => {
+  let db: Database
+  let store: JobStore
+
+  beforeEach(() => {
+    db = createTestDb()
+    store = new JobStore(db)
+  })
+
+  afterEach(() => {
+    db.close()
+  })
+
+  test('add and get a job', () => {
+    const job = makeJob()
+    store.add(job)
+    const retrieved = store.get(job.id)
+    expect(retrieved).not.toBeNull()
+    expect(retrieved!.id).toBe(job.id)
+    expect(retrieved!.name).toBe('test-job')
+    expect(retrieved!.channel).toBe('orbit')
+    expect(retrieved!.payload).toEqual({ kind: 'message', text: 'Hello' })
+  })
+
+  test('get by name', () => {
+    const job = makeJob({ name: 'morning-checkin' })
+    store.add(job)
+    const retrieved = store.get('morning-checkin')
+    expect(retrieved).not.toBeNull()
+    expect(retrieved!.id).toBe(job.id)
+  })
+
+  test('get returns null for missing job', () => {
+    expect(store.get('nonexistent')).toBeNull()
+  })
+
+  test('list all jobs', () => {
+    store.add(makeJob({ name: 'job-1' }))
+    store.add(makeJob({ id: crypto.randomUUID(), name: 'job-2' }))
+    const all = store.list()
+    expect(all.length).toBe(2)
+  })
+
+  test('list enabled only', () => {
+    store.add(makeJob({ name: 'enabled', enabled: true }))
+    store.add(makeJob({ id: crypto.randomUUID(), name: 'disabled', enabled: false }))
+    const enabled = store.list(true)
+    expect(enabled.length).toBe(1)
+    expect(enabled[0].name).toBe('enabled')
+  })
+
+  test('getDue returns jobs with next_run <= now', () => {
+    const pastJob = makeJob({ name: 'past', nextRun: 1000 })
+    const futureJob = makeJob({ id: crypto.randomUUID(), name: 'future', nextRun: 9999999999 })
+    store.add(pastJob)
+    store.add(futureJob)
+    const due = store.getDue(2000)
+    expect(due.length).toBe(1)
+    expect(due[0].name).toBe('past')
+  })
+
+  test('updateRun updates last_run and next_run', () => {
+    const job = makeJob()
+    store.add(job)
+    store.updateRun(job.id, 5000, 6000)
+    const updated = store.get(job.id)
+    expect(updated!.lastRun).toBe(5000)
+    expect(updated!.nextRun).toBe(6000)
+  })
+
+  test('disable and enable', () => {
+    const job = makeJob()
+    store.add(job)
+    store.disable(job.id)
+    expect(store.get(job.id)!.enabled).toBe(false)
+    store.enable(job.id)
+    expect(store.get(job.id)!.enabled).toBe(true)
+  })
+
+  test('remove by id', () => {
+    const job = makeJob()
+    store.add(job)
+    expect(store.remove(job.id)).toBe(true)
+    expect(store.get(job.id)).toBeNull()
+  })
+
+  test('remove by name', () => {
+    const job = makeJob({ name: 'removable' })
+    store.add(job)
+    expect(store.remove('removable')).toBe(true)
+    expect(store.get(job.id)).toBeNull()
+  })
+
+  test('remove returns false for missing job', () => {
+    expect(store.remove('nonexistent')).toBe(false)
+  })
+
+  test('oneShot flag persists', () => {
+    const job = makeJob({ oneShot: true })
+    store.add(job)
+    expect(store.get(job.id)!.oneShot).toBe(true)
+  })
+
+  test('moon field persists', () => {
+    const job = makeJob({ moon: 'athena' })
+    store.add(job)
+    expect(store.get(job.id)!.moon).toBe('athena')
+  })
+})
+
+// ════════════════════════════════════════════════════════════
+// Scheduler — Schedule computation
+// ════════════════════════════════════════════════════════════
+
+describe('Scheduler — computeNextRun', () => {
+  let db: Database
+  let store: JobStore
+  let scheduler: Scheduler
+
+  beforeEach(() => {
+    db = createTestDb()
+    store = new JobStore(db)
+    const dispatch: DispatchFn = async () => {}
+    scheduler = new Scheduler(store, dispatch, makeConfig())
+  })
+
+  afterEach(() => {
+    db.close()
+  })
+
+  test('cron schedule computes next occurrence', () => {
+    // "0 9 * * *" — every day at 09:00 UTC
+    const afterSec = Math.floor(new Date('2026-03-01T08:00:00Z').getTime() / 1000)
+    const next = scheduler.computeNextRun({ kind: 'cron', expr: '0 9 * * *' }, afterSec)
+    expect(next).not.toBeNull()
+    const nextDate = new Date(next! * 1000)
+    expect(nextDate.getUTCHours()).toBe(9)
+    expect(nextDate.getUTCMinutes()).toBe(0)
+  })
+
+  test('at schedule returns timestamp if in future', () => {
+    const afterSec = Math.floor(new Date('2026-03-01T08:00:00Z').getTime() / 1000)
+    const next = scheduler.computeNextRun({ kind: 'at', at: '2026-03-15T14:00:00Z' }, afterSec)
+    expect(next).not.toBeNull()
+    expect(new Date(next! * 1000).toISOString()).toBe('2026-03-15T14:00:00.000Z')
+  })
+
+  test('at schedule returns null if in past', () => {
+    const afterSec = Math.floor(new Date('2026-03-20T00:00:00Z').getTime() / 1000)
+    const next = scheduler.computeNextRun({ kind: 'at', at: '2026-03-15T14:00:00Z' }, afterSec)
+    expect(next).toBeNull()
+  })
+
+  test('every schedule adds interval', () => {
+    const afterSec = 1000
+    const next = scheduler.computeNextRun(
+      { kind: 'every', intervalMs: 300000 }, // 5 minutes
+      afterSec,
+    )
+    expect(next).toBe(1000 + 300) // 300000ms = 300s
+  })
+
+  test('cron with timezone', () => {
+    const config = makeConfig({ timezone: 'Europe/Madrid' })
+    const dispatch: DispatchFn = async () => {}
+    const tzScheduler = new Scheduler(store, dispatch, config)
+
+    const afterSec = Math.floor(new Date('2026-03-01T04:00:00Z').getTime() / 1000)
+    const next = tzScheduler.computeNextRun({ kind: 'cron', expr: '45 6 * * *' }, afterSec)
+    expect(next).not.toBeNull()
+    // 06:45 Madrid (CET UTC+1 winter) = 05:45 UTC
+    const nextDate = new Date(next! * 1000)
+    expect(nextDate.getUTCHours()).toBe(5)
+    expect(nextDate.getUTCMinutes()).toBe(45)
+  })
+})
+
+// ════════════════════════════════════════════════════════════
+// Scheduler — Tick execution
+// ════════════════════════════════════════════════════════════
+
+describe('Scheduler — tick execution', () => {
+  let db: Database
+  let store: JobStore
+  let dispatched: Array<{ channel: string; payload: JobPayload }>
+
+  beforeEach(() => {
+    db = createTestDb()
+    store = new JobStore(db)
+    dispatched = []
+  })
+
+  afterEach(() => {
+    db.close()
+  })
+
+  test('tick dispatches due jobs', async () => {
+    const dispatch: DispatchFn = async (channel, payload) => {
+      dispatched.push({ channel, payload })
+    }
+    const scheduler = new Scheduler(store, dispatch, makeConfig())
+
+    const job = makeJob({
+      nextRun: Math.floor(Date.now() / 1000) - 10, // due 10s ago
+    })
+    store.add(job)
+
+    await scheduler.tick()
+
+    expect(dispatched.length).toBe(1)
+    expect(dispatched[0].channel).toBe('orbit')
+    expect(dispatched[0].payload).toEqual({ kind: 'message', text: 'Hello' })
+  })
+
+  test('tick skips future jobs', async () => {
+    const dispatch: DispatchFn = async (channel, payload) => {
+      dispatched.push({ channel, payload })
+    }
+    const scheduler = new Scheduler(store, dispatch, makeConfig())
+
+    const job = makeJob({
+      nextRun: Math.floor(Date.now() / 1000) + 3600, // due in 1h
+    })
+    store.add(job)
+
+    await scheduler.tick()
+    expect(dispatched.length).toBe(0)
+  })
+
+  test('tick disables one-shot jobs after execution', async () => {
+    const dispatch: DispatchFn = async () => {}
+    const scheduler = new Scheduler(store, dispatch, makeConfig())
+
+    const job = makeJob({
+      oneShot: true,
+      nextRun: Math.floor(Date.now() / 1000) - 10,
+    })
+    store.add(job)
+
+    await scheduler.tick()
+
+    const updated = store.get(job.id)
+    expect(updated!.enabled).toBe(false)
+  })
+
+  test('tick updates last_run and next_run', async () => {
+    const dispatch: DispatchFn = async () => {}
+    const scheduler = new Scheduler(store, dispatch, makeConfig())
+
+    const job = makeJob({
+      schedule: { kind: 'every', intervalMs: 60000 },
+      nextRun: Math.floor(Date.now() / 1000) - 10,
+    })
+    store.add(job)
+
+    await scheduler.tick()
+
+    const updated = store.get(job.id)
+    expect(updated!.lastRun).toBeGreaterThan(0)
+    expect(updated!.nextRun).toBeGreaterThan(updated!.lastRun!)
+  })
+
+  test('tick continues on dispatch error', async () => {
+    let callCount = 0
+    const dispatch: DispatchFn = async () => {
+      callCount++
+      if (callCount === 1) throw new Error('Dispatch failed')
+    }
+    const scheduler = new Scheduler(store, dispatch, makeConfig())
+
+    // Two due jobs
+    store.add(
+      makeJob({
+        name: 'will-fail',
+        nextRun: Math.floor(Date.now() / 1000) - 10,
+      }),
+    )
+    store.add(
+      makeJob({
+        id: crypto.randomUUID(),
+        name: 'will-succeed',
+        nextRun: Math.floor(Date.now() / 1000) - 10,
+      }),
+    )
+
+    await scheduler.tick()
+    expect(callCount).toBe(2) // both attempted
+  })
+
+  test('tick skips disabled jobs', async () => {
+    const dispatch: DispatchFn = async (channel, payload) => {
+      dispatched.push({ channel, payload })
+    }
+    const scheduler = new Scheduler(store, dispatch, makeConfig())
+
+    const job = makeJob({
+      enabled: false,
+      nextRun: Math.floor(Date.now() / 1000) - 10,
+    })
+    store.add(job)
+
+    await scheduler.tick()
+    expect(dispatched.length).toBe(0)
+  })
+})
+
+// ════════════════════════════════════════════════════════════
+// Scheduler — Config sync
+// ════════════════════════════════════════════════════════════
+
+describe('Scheduler — config sync and lifecycle', () => {
+  let db: Database
+  let store: JobStore
+
+  beforeEach(() => {
+    db = createTestDb()
+    store = new JobStore(db)
+  })
+
+  afterEach(() => {
+    db.close()
+  })
+
+  test('start syncs config jobs to database', async () => {
+    const config = makeConfig({
+      jobs: {
+        'morning-checkin': {
+          schedule: { kind: 'cron', expr: '45 6 * * 1-5' },
+          channel: 'orbit',
+          payload: { kind: 'query', prompt: 'Good morning!' },
+        },
+        'evening-close': {
+          schedule: { kind: 'cron', expr: '0 21 * * *' },
+          channel: 'orbit',
+          payload: { kind: 'query', prompt: 'How was your day?' },
+        },
+      },
+    })
+
+    const dispatch: DispatchFn = async () => {}
+    const scheduler = new Scheduler(store, dispatch, config)
+    await scheduler.start()
+
+    const jobs = store.list()
+    expect(jobs.length).toBe(2)
+    expect(jobs.some((j) => j.name === 'morning-checkin')).toBe(true)
+    expect(jobs.some((j) => j.name === 'evening-close')).toBe(true)
+
+    // All jobs should have next_run computed
+    for (const job of jobs) {
+      expect(job.nextRun).toBeGreaterThan(0)
+    }
+
+    await scheduler.stop()
+  })
+
+  test('start preserves existing runtime jobs', async () => {
+    // Add a runtime job first
+    store.add(makeJob({ name: 'runtime-job', nextRun: 9999999999 }))
+
+    const config = makeConfig({
+      jobs: {
+        'config-job': {
+          schedule: { kind: 'cron', expr: '0 12 * * *' },
+          channel: 'research',
+          payload: { kind: 'message', text: 'Noon reminder' },
+        },
+      },
+    })
+
+    const dispatch: DispatchFn = async () => {}
+    const scheduler = new Scheduler(store, dispatch, config)
+    await scheduler.start()
+
+    const jobs = store.list()
+    expect(jobs.length).toBe(2)
+    expect(jobs.some((j) => j.name === 'runtime-job')).toBe(true)
+    expect(jobs.some((j) => j.name === 'config-job')).toBe(true)
+
+    await scheduler.stop()
+  })
+
+  test('start and stop lifecycle', async () => {
+    const dispatch: DispatchFn = async () => {}
+    const scheduler = new Scheduler(store, dispatch, makeConfig())
+
+    await scheduler.start()
+    // Should be running (no error)
+
+    await scheduler.stop()
+    // Should be stopped (no error)
+
+    // Double stop is safe
+    await scheduler.stop()
+  })
+})

package/src/__tests__/security.test.ts

@@ -0,0 +1,214 @@
+/**
+ * # Security Module — Functional Specification
+ *
+ * Two responsibilities:
+ *
+ * ## 1. buildSafeEnv — Environment Variable Isolation
+ * Controls which env vars reach the agent subprocess.
+ * Default strategy: DENY ALL, then allow via `envDefaults` + `envPassthrough`.
+ * Escape hatch: `envPassthroughAll: true` passes everything (dangerous).
+ * `extraEnv` provides programmatic overrides that always win.
+ *
+ * ## 2. createRedactor — Output Secret Redaction
+ * Returns a reusable function that scrubs known secret patterns from text.
+ * 10 built-in patterns (OpenAI, GitHub PAT, Slack, Discord, AWS, Google, Stripe).
+ * User-defined patterns from config are appended on top.
+ * Invalid regex patterns are skipped with a warning, never crash.
+ */
+import { describe, expect, it } from 'bun:test'
+import type { SecurityConfig } from '../lib/config-loader'
+import { buildSafeEnv, createRedactor } from '../lib/security'
+
+// ─── Shared fixtures ───────────────────────────────────────────────
+
+const baseConfig: SecurityConfig = {
+  isolation: 'process',
+  envDefaults: ['HOME', 'PATH', 'USER'],
+  envPassthrough: [],
+  envPassthroughAll: false,
+  outputRedactPatterns: [],
+  inputSanitization: {
+    enabled: true,
+    stripMarkers: true,
+    logSuspicious: false,
+    notifyAgent: false,
+    customPatterns: [],
+  },
+}
+
+const mockEnv: Record<string, string> = {
+  HOME: '/home/user',
+  PATH: '/usr/bin',
+  USER: 'testuser',
+  DISCORD_TOKEN: 'secret-discord-token',
+  OPENAI_API_KEY: 'sk-abc123secretkeyvalue',
+  BRAIN_URL: 'http://localhost:8082',
+  SECRET_VAR: 'super-secret',
+}
+
+// ═══════════════════════════════════════════════════════════════════
+// buildSafeEnv — Environment variable isolation for agent subprocesses
+// ═══════════════════════════════════════════════════════════════════
+
+describe('buildSafeEnv', () => {
+  // --- Core behavior: allowlist-based filtering ---
+
+  it('ONLY passes variables listed in envDefaults (deny-all default)', () => {
+    const env = buildSafeEnv(mockEnv, baseConfig)
+
+    expect(env.HOME).toBe('/home/user')
+    expect(env.PATH).toBe('/usr/bin')
+    expect(env.USER).toBe('testuser')
+    // Everything else is blocked
+    expect(env.DISCORD_TOKEN).toBeUndefined()
+    expect(env.OPENAI_API_KEY).toBeUndefined()
+    expect(env.SECRET_VAR).toBeUndefined()
+  })
+
+  it('envPassthrough adds specific vars to the allowlist', () => {
+    const config = { ...baseConfig, envPassthrough: ['BRAIN_URL'] }
+    const env = buildSafeEnv(mockEnv, config)
+
+    expect(env.BRAIN_URL).toBe('http://localhost:8082')
+    // Non-listed vars remain blocked
+    expect(env.DISCORD_TOKEN).toBeUndefined()
+  })
+
+  // --- Escape hatch: passthrough all ---
+
+  it('envPassthroughAll=true passes EVERYTHING (dangerous mode)', () => {
+    const config = { ...baseConfig, envPassthroughAll: true }
+    const env = buildSafeEnv(mockEnv, config)
+
+    expect(env.HOME).toBe('/home/user')
+    expect(env.DISCORD_TOKEN).toBe('secret-discord-token')
+    expect(env.SECRET_VAR).toBe('super-secret')
+  })
+
+  // --- Programmatic overrides via extraEnv ---
+
+  it('extraEnv injects vars regardless of allowlist', () => {
+    const env = buildSafeEnv(mockEnv, baseConfig, { BRAIN_URL: 'http://brain:8082' })
+
+    // BRAIN_URL not in envDefaults, but extraEnv overrides
+    expect(env.BRAIN_URL).toBe('http://brain:8082')
+    expect(env.DISCORD_TOKEN).toBeUndefined()
+  })
+
+  it('extraEnv takes priority over processEnv for same key', () => {
+    const config = { ...baseConfig, envPassthrough: ['BRAIN_URL'] }
+    const env = buildSafeEnv(mockEnv, config, { BRAIN_URL: 'http://override:9999' })
+
+    expect(env.BRAIN_URL).toBe('http://override:9999')
+  })
+
+  // --- Edge cases ---
+
+  it('silently skips undefined/missing env vars', () => {
+    const config = { ...baseConfig, envDefaults: ['HOME', 'PATH', 'NONEXISTENT'] }
+    const env = buildSafeEnv(mockEnv, config)
+
+    expect(env.NONEXISTENT).toBeUndefined()
+    expect(Object.keys(env)).not.toContain('NONEXISTENT')
+  })
+
+  it('returns empty object when no allowed vars exist in env', () => {
+    const config = { ...baseConfig, envDefaults: ['NOTHING_HERE'] }
+    const env = buildSafeEnv(mockEnv, config)
+
+    expect(Object.keys(env)).toHaveLength(0)
+  })
+
+  it('deduplicates when same var is in envDefaults AND envPassthrough', () => {
+    const config = { ...baseConfig, envDefaults: ['HOME', 'PATH'], envPassthrough: ['HOME'] }
+    const env = buildSafeEnv(mockEnv, config)
+
+    // Should work fine — no duplicate keys in output
+    expect(env.HOME).toBe('/home/user')
+  })
+})
+
+// ═══════════════════════════════════════════════════════════════════
+// createRedactor — Secret pattern redaction for agent output
+// ═══════════════════════════════════════════════════════════════════
+
+describe('createRedactor', () => {
+  // --- Built-in patterns: major cloud provider secrets ---
+  // These 10 patterns are ALWAYS active, even with no user config.
+
+  it('redacts OpenAI API keys (sk-...)', () => {
+    const redact = createRedactor(baseConfig)
+    const input = 'My key is sk-abc123defghijklmnopqrst and stuff'
+
+    expect(redact(input)).toContain('[REDACTED]')
+    expect(redact(input)).not.toContain('sk-abc123')
+  })
+
+  it('redacts GitHub Personal Access Tokens (ghp_... 36 chars)', () => {
+    const redact = createRedactor(baseConfig)
+    // ghp_ followed by exactly 36 alphanumeric chars
+    const input = 'Token: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij'
+
+    expect(redact(input)).toContain('[REDACTED]')
+    expect(redact(input)).not.toContain('ghp_')
+  })
+
+  it('redacts Discord bot tokens (base64.base64.base64)', () => {
+    const redact = createRedactor(baseConfig)
+    // Format: 24 alphanum . 6 alphanum . 27+ alphanum/dash/underscore
+    const input = 'MTQ3NzI5Mjc5MTI1MDk0NDA3.GMNyiM.hGYmeP29JZdc0KBhz7T0HOnyP9qU9N2MhWIEA'
+
+    expect(redact(input)).toContain('[REDACTED]')
+  })
+
+  it('redacts AWS access keys (AKIA...)', () => {
+    const redact = createRedactor(baseConfig)
+    const input = 'Access key: AKIAIOSFODNN7EXAMPLE'
+
+    expect(redact(input)).toContain('[REDACTED]')
+    expect(redact(input)).not.toContain('AKIA')
+  })
+
+  // --- User-defined patterns (from config.yaml) ---
+
+  it('applies user-defined regex patterns from config', () => {
+    const config = { ...baseConfig, outputRedactPatterns: ['password=[^\\s]+'] }
+    const redact = createRedactor(config)
+
+    expect(redact('Connect with password=SuperSecret123 now')).toContain('[REDACTED]')
+    expect(redact('Connect with password=SuperSecret123 now')).not.toContain('SuperSecret123')
+  })
+
+  // --- Multiple matches and clean passthrough ---
+
+  it('redacts ALL matching occurrences in one pass', () => {
+    const redact = createRedactor(baseConfig)
+    const input = 'Keys: sk-aaaabbbbccccddddeeeefffff and sk-111122223333444455556666'
+
+    expect(redact(input)).toBe('Keys: [REDACTED] and [REDACTED]')
+  })
+
+  it('passes through clean text unchanged', () => {
+    const redact = createRedactor(baseConfig)
+    const input = 'Hello, this is a normal message without any secrets.'
+
+    expect(redact(input)).toBe(input)
+  })
+
+  // --- Robustness ---
+
+  it('skips invalid regex patterns gracefully (no crash)', () => {
+    const config = { ...baseConfig, outputRedactPatterns: ['[invalid', 'valid-pattern'] }
+    // Must not throw — invalid patterns are logged and skipped
+    const redact = createRedactor(config)
+
+    expect(redact('test text')).toBe('test text')
+  })
+
+  it('redactor is reusable across multiple calls (stateless)', () => {
+    const redact = createRedactor(baseConfig)
+
+    expect(redact('sk-aaaabbbbccccddddeeeefffff')).toContain('[REDACTED]')
+    expect(redact('sk-111122223333444455556666z')).toContain('[REDACTED]')
+  })
+})