@openpalm/lib 0.11.0-beta.8 → 0.11.0-rc.1

package/src/control-plane/migrate-0110.test.ts

@@ -1,177 +0,0 @@
-/**
- * Tests for the 0.11.0 auth-migration shim.
- */
-import { describe, expect, it, beforeEach, afterEach } from "bun:test";
-import {
-  existsSync,
-  mkdirSync,
-  mkdtempSync,
-  readFileSync,
-  rmSync,
-  statSync,
-  writeFileSync,
-  chmodSync,
-} from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { migrateAuth0110 } from "./migrate-0110.js";
-import type { ControlPlaneState } from "./types.js";
-
-function makeState(homeDir: string): ControlPlaneState {
-  return {
-    homeDir,
-    configDir: join(homeDir, "config"),
-    stashDir: join(homeDir, "stash"),
-    workspaceDir: join(homeDir, "workspace"),
-    cacheDir: join(homeDir, "cache"),
-    stateDir: join(homeDir, "state"),
-    stackDir: join(homeDir, "config", "stack"),
-    services: {},
-    artifacts: { compose: "" },
-    artifactMeta: [],
-  };
-}
-
-function seedStackEnv(stackDir: string, content: string): string {
-  mkdirSync(stackDir, { recursive: true });
-  const path = join(stackDir, "stack.env");
-  writeFileSync(path, content, { encoding: "utf-8", mode: 0o600 });
-  chmodSync(path, 0o600);
-  return path;
-}
-
-describe("migrateAuth0110", () => {
-  let homeDir: string;
-
-  beforeEach(() => {
-    homeDir = mkdtempSync(join(tmpdir(), "openpalm-migrate-0110-"));
-  });
-
-  afterEach(() => {
-    rmSync(homeDir, { recursive: true, force: true });
-  });
-
-  it("no-ops on a fresh install (no stack.env)", () => {
-    const state = makeState(homeDir);
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(false);
-    expect(result.reason).toContain("fresh install");
-  });
-
-  it("promotes OP_UI_TOKEN → OP_UI_LOGIN_PASSWORD and removes legacy keys", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "# header",
-        "OP_UI_TOKEN=legacy-token-value",
-        "OP_ASSISTANT_TOKEN=some-assistant-token",
-        "OP_OPENCODE_PASSWORD=opencode-secret",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    expect(result.reason).toContain("promoted OP_UI_TOKEN");
-    expect(result.reason).toContain("removed OP_UI_TOKEN");
-    expect(result.reason).toContain("removed OP_ASSISTANT_TOKEN");
-
-    const after = readFileSync(stackEnvPath, "utf-8");
-    expect(after).toContain("OP_UI_LOGIN_PASSWORD=legacy-token-value");
-    expect(after).not.toMatch(/^OP_UI_TOKEN=/m);
-    expect(after).not.toMatch(/^OP_ASSISTANT_TOKEN=/m);
-    // Unrelated keys preserved
-    expect(after).toContain("OP_OPENCODE_PASSWORD=opencode-secret");
-
-    // Perms preserved
-    expect(statSync(stackEnvPath).mode & 0o777).toBe(0o600);
-
-    // Migration log appended
-    const logPath = join(state.stateDir, "logs", "migration-0.11.0.log");
-    expect(existsSync(logPath)).toBe(true);
-    const log = readFileSync(logPath, "utf-8");
-    expect(log).toContain("migrate-auth-0110");
-    expect(log).toContain("promoted OP_UI_TOKEN");
-  });
-
-  it("does not overwrite an existing OP_UI_LOGIN_PASSWORD", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_LOGIN_PASSWORD=new-password",
-        "OP_UI_TOKEN=legacy-value",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    expect(result.reason).not.toContain("promoted");
-    expect(result.reason).toContain("removed OP_UI_TOKEN");
-
-    const after = readFileSync(stackEnvPath, "utf-8");
-    expect(after).toContain("OP_UI_LOGIN_PASSWORD=new-password");
-    expect(after).not.toMatch(/^OP_UI_TOKEN=/m);
-  });
-
-  it("removes OP_ASSISTANT_TOKEN even when only it is present", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_LOGIN_PASSWORD=pw",
-        "OP_ASSISTANT_TOKEN=stale",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    expect(result.reason).toContain("removed OP_ASSISTANT_TOKEN");
-    expect(readFileSync(stackEnvPath, "utf-8")).not.toMatch(/^OP_ASSISTANT_TOKEN=/m);
-  });
-
-  it("is idempotent: second run reports already-migrated", () => {
-    const state = makeState(homeDir);
-    seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_TOKEN=t",
-        "OP_ASSISTANT_TOKEN=t2",
-        "",
-      ].join("\n"),
-    );
-
-    const first = migrateAuth0110(state);
-    expect(first.migrated).toBe(true);
-
-    const second = migrateAuth0110(state);
-    expect(second.migrated).toBe(false);
-    expect(second.reason).toContain("already migrated");
-  });
-
-  it("treats an empty OP_UI_TOKEN value as not-set (no promotion)", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_TOKEN=",
-        "OP_ASSISTANT_TOKEN=foo",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    // Empty-string OP_UI_TOKEN should NOT be promoted as a password.
-    expect(result.reason).not.toContain("promoted");
-
-    const after = readFileSync(stackEnvPath, "utf-8");
-    // The empty OP_UI_TOKEN line is still removed.
-    expect(after).not.toMatch(/^OP_UI_TOKEN=/m);
-    // No OP_UI_LOGIN_PASSWORD added (would be an empty value).
-    expect(after).not.toMatch(/^OP_UI_LOGIN_PASSWORD=/m);
-  });
-});

package/src/control-plane/migrate-0110.ts

@@ -1,99 +0,0 @@
-/**
- * One-shot migration for the 0.11.0 auth refactor.
- *
- * Existing installs have OP_UI_TOKEN and OP_ASSISTANT_TOKEN in
- * config/stack/stack.env. The 0.11.0 refactor (auth-and-proxy-refactor-plan.md)
- * replaces them with a single OP_UI_LOGIN_PASSWORD. If we don't migrate,
- * operators get locked out the moment they run the new UI build because the
- * login route compares the cookie against process.env.OP_UI_LOGIN_PASSWORD,
- * which is empty on existing installs.
- *
- * Migration logic (idempotent):
- *   - If OP_UI_LOGIN_PASSWORD is unset AND OP_UI_TOKEN is set, copy
- *     OP_UI_TOKEN's value into OP_UI_LOGIN_PASSWORD.
- *   - Remove OP_UI_TOKEN and OP_ASSISTANT_TOKEN from stack.env (they're
- *     no longer used).
- *   - Append a one-line summary to state/logs/migration-0.11.0.log.
- *   - If OP_UI_LOGIN_PASSWORD is already set, leave it alone — the operator
- *     already migrated or set up fresh.
- *
- * Called from ensureSecrets so it runs before any auth-required code path
- * gets a chance to see the half-migrated state.
- */
-import {
-  existsSync,
-  readFileSync,
-  writeFileSync,
-  chmodSync,
-  appendFileSync,
-  mkdirSync,
-} from "node:fs";
-import { dirname } from "node:path";
-import { parseEnvContent, removeEnvKey, upsertEnvValue } from "./env.js";
-import { migration0110LogPath } from "./paths.js";
-import type { ControlPlaneState } from "./types.js";
-
-export type MigrateAuth0110Result = {
-  /** True if any change was written to stack.env. */
-  migrated: boolean;
-  /** Human-readable description of what changed (or why nothing did). */
-  reason: string;
-};
-
-export function migrateAuth0110(state: ControlPlaneState): MigrateAuth0110Result {
-  const stackEnvPath = `${state.stackDir}/stack.env`;
-  if (!existsSync(stackEnvPath)) {
-    return { migrated: false, reason: "no stack.env yet (fresh install)" };
-  }
-
-  const before = readFileSync(stackEnvPath, "utf-8");
-  const parsed = parseEnvContent(before);
-  const hasLoginPw = typeof parsed.OP_UI_LOGIN_PASSWORD === "string" && parsed.OP_UI_LOGIN_PASSWORD.length > 0;
-  const hasUiToken = typeof parsed.OP_UI_TOKEN === "string" && parsed.OP_UI_TOKEN.length > 0;
-  const hasAssistantToken = "OP_ASSISTANT_TOKEN" in parsed;
-  const hasUiTokenLine = "OP_UI_TOKEN" in parsed;
-
-  if (hasLoginPw && !hasUiTokenLine && !hasAssistantToken) {
-    return { migrated: false, reason: "already migrated" };
-  }
-
-  let content = before;
-  const changes: string[] = [];
-
-  if (!hasLoginPw && hasUiToken) {
-    content = upsertEnvValue(content, "OP_UI_LOGIN_PASSWORD", parsed.OP_UI_TOKEN);
-    changes.push("promoted OP_UI_TOKEN → OP_UI_LOGIN_PASSWORD");
-  }
-  if (hasUiTokenLine) {
-    content = removeEnvKey(content, "OP_UI_TOKEN");
-    changes.push("removed OP_UI_TOKEN");
-  }
-  if (hasAssistantToken) {
-    content = removeEnvKey(content, "OP_ASSISTANT_TOKEN");
-    changes.push("removed OP_ASSISTANT_TOKEN");
-  }
-
-  if (changes.length === 0) {
-    return { migrated: false, reason: "no changes needed" };
-  }
-
-  // Preserve the 0600 mode the existing file should already have.
-  writeFileSync(stackEnvPath, content, { encoding: "utf-8", mode: 0o600 });
-  try { chmodSync(stackEnvPath, 0o600); } catch { /* best-effort */ }
-
-  // Best-effort audit line. The migration log is small and append-only;
-  // if it fails (perm error, fs full), we don't roll back the migration.
-  try {
-    const logPath = migration0110LogPath(state);
-    mkdirSync(dirname(logPath), { recursive: true });
-    appendFileSync(
-      logPath,
-      `${new Date().toISOString()} migrate-auth-0110 ${changes.join("; ")}\n`,
-      "utf-8",
-    );
-  } catch {
-    /* best-effort */
-  }
-
-  return { migrated: true, reason: changes.join("; ") };
-}

package/src/control-plane/registry-components.test.ts

@@ -1,391 +0,0 @@
-/**
- * Tests for the registry component directory format.
- *
- * Validates that all components in .openpalm/state/registry/addons/ follow the
- * component conventions: compose.yml with required labels, .env.schema
- * with documented variables, proper service naming, and no security
- * violations.
- *
- * Two component shapes are accepted:
- *
- *   1. Full addons — compose.yml + .env.schema. They introduce a new
- *      service, declare env vars, and must satisfy the full structural
- *      checklist (labels, network, healthcheck, restart policy, sensitive
- *      fields).
- *   2. Overlay-only addons — compose.yml only. They patch existing
- *      services (ports, env, volumes) instead of introducing new ones,
- *      so they have no env vars to document and no service-shaped
- *      requirements. They still must satisfy the security invariants:
- *      no INSTANCE_ID, no container_name, no INSTANCE_DIR, no vault
- *      directory mounts, no docker socket.
- */
-import { describe, expect, it } from "bun:test";
-import {
-  existsSync,
-  readdirSync,
-  readFileSync,
-} from "node:fs";
-import { join, resolve } from "node:path";
-
-// ── Helpers ──────────────────────────────────────────────────────────────
-
-/** Resolve path from repo root */
-const REPO_ROOT = resolve(import.meta.dir, "../../../..");
-const REGISTRY_DIR = join(REPO_ROOT, ".openpalm/state/registry/addons");
-
-/** List all component directories in the registry */
-function listComponentDirs(): string[] {
-  if (!existsSync(REGISTRY_DIR)) return [];
-  return readdirSync(REGISTRY_DIR, { withFileTypes: true })
-    .filter((d) => d.isDirectory())
-    .map((d) => d.name);
-}
-
-/** Overlay-only addons ship compose.yml only — no .env.schema. */
-function isOverlayOnly(componentId: string): boolean {
-  return !existsSync(join(REGISTRY_DIR, componentId, ".env.schema"));
-}
-
-function listFullAddonIds(componentIds: string[]): string[] {
-  return componentIds.filter((id) => !isOverlayOnly(id));
-}
-
-function listOverlayOnlyAddonIds(componentIds: string[]): string[] {
-  return componentIds.filter(isOverlayOnly);
-}
-
-/** Read a file from a component directory */
-function readComponentFile(componentId: string, filename: string): string {
-  return readFileSync(join(REGISTRY_DIR, componentId, filename), "utf-8");
-}
-
-/** Parse .env.schema into { variable, annotations, defaultValue, comments } entries */
-function parseEnvSchema(content: string): Array<{
-  variable: string;
-  defaultValue: string;
-  annotations: string[];
-  comments: string[];
-}> {
-  const entries: Array<{
-    variable: string;
-    defaultValue: string;
-    annotations: string[];
-    comments: string[];
-  }> = [];
-
-  const lines = content.split("\n");
-  let pendingComments: string[] = [];
-
-  for (const line of lines) {
-    const trimmed = line.trim();
-
-    if (trimmed.startsWith("#")) {
-      pendingComments.push(trimmed);
-      continue;
-    }
-
-    if (trimmed === "" || trimmed === "---") {
-      // Blank line or section separator — keep accumulating comments
-      // for the next variable.
-      continue;
-    }
-
-    const match = trimmed.match(/^([A-Z_][A-Z0-9_]*)=(.*)/);
-    if (match) {
-      const variable = match[1];
-      const defaultValue = match[2];
-
-      // Extract @annotations from pending comments
-      const annotations: string[] = [];
-      for (const c of pendingComments) {
-        const annots = c.match(/@[a-z]+/g);
-        if (annots) annotations.push(...annots);
-      }
-
-      entries.push({
-        variable,
-        defaultValue,
-        annotations,
-        comments: [...pendingComments],
-      });
-      pendingComments = [];
-    }
-  }
-
-  return entries;
-}
-
-// ── Discovery Tests ──────────────────────────────────────────────────────
-
-describe("registry component discovery", () => {
-  const componentIds = listComponentDirs();
-
-  it("finds at least one component in the registry", () => {
-    expect(componentIds.length).toBeGreaterThan(0);
-  });
-
-  it("contains the expected core components", () => {
-    expect(componentIds).toContain("chat");
-    expect(componentIds).toContain("api");
-    expect(componentIds).toContain("discord");
-    expect(componentIds).toContain("slack");
-    expect(componentIds).toContain("voice");
-  });
-
-  it("component IDs are valid (lowercase alphanumeric + hyphens)", () => {
-    const validIdRe = /^[a-z0-9][a-z0-9-]{0,62}$/;
-    for (const id of componentIds) {
-      expect(validIdRe.test(id)).toBe(true);
-    }
-  });
-});
-
-// ── Required Files Tests ─────────────────────────────────────────────────
-
-describe("registry component required files", () => {
-  const componentIds = listComponentDirs();
-  const fullAddonIds = listFullAddonIds(componentIds);
-
-  for (const id of componentIds) {
-    it(`${id}: has compose.yml`, () => {
-      expect(existsSync(join(REGISTRY_DIR, id, "compose.yml"))).toBe(true);
-    });
-  }
-
-  for (const id of fullAddonIds) {
-    it(`${id}: has .env.schema (full addon)`, () => {
-      expect(existsSync(join(REGISTRY_DIR, id, ".env.schema"))).toBe(true);
-    });
-  }
-});
-
-// ── Overlay-only Addon Tests ─────────────────────────────────────────────
-
-describe("registry overlay-only addons", () => {
-  const componentIds = listComponentDirs();
-  const overlayIds = listOverlayOnlyAddonIds(componentIds);
-
-  it("at least one overlay-only addon (ssh) is recognized as valid", () => {
-    expect(overlayIds).toContain("ssh");
-  });
-
-  for (const id of overlayIds) {
-    describe(id, () => {
-      it("ships only compose.yml (no .env.schema, no entrypoint, no Dockerfile)", () => {
-        const dirEntries = readdirSync(join(REGISTRY_DIR, id));
-        // compose.yml is required; an optional README.md is allowed; nothing
-        // else (no .env.schema, no entrypoint*, no Dockerfile, no scripts).
-        const allowed = new Set(["compose.yml", "README.md"]);
-        for (const file of dirEntries) {
-          expect(allowed.has(file)).toBe(true);
-        }
-      });
-
-      it("compose.yml does not introduce a new service (no image: or build:)", () => {
-        // Overlay-only addons may patch existing services with new ports/env,
-        // but they MUST NOT introduce a new service that needs its own
-        // network/healthcheck/restart contract — those would belong in a
-        // full addon. Reject service definition keys that imply a new
-        // service body. A pure overlay only sets `ports:`, `environment:`,
-        // `volumes:`, etc. on already-defined services.
-        const compose = readComponentFile(id, "compose.yml");
-        expect(compose).not.toMatch(/^\s+image:\s/m);
-        expect(compose).not.toMatch(/^\s+build:\s/m);
-      });
-    });
-  }
-});
-
-// ── Compose Overlay Validation Tests ─────────────────────────────────────
-
-describe("registry compose.yml validation", () => {
-  const componentIds = listComponentDirs();
-  const fullAddonIds = listFullAddonIds(componentIds);
-
-  // Full-addon-only assertions: anything that requires a service body
-  // (labels, network, healthcheck, restart policy) is checked here.
-  for (const id of fullAddonIds) {
-    describe(id, () => {
-      const compose = readComponentFile(id, "compose.yml");
-
-      it("has openpalm.name label", () => {
-        expect(compose).toMatch(/openpalm\.name:/);
-      });
-
-      it("has openpalm.description label", () => {
-        expect(compose).toMatch(/openpalm\.description:/);
-      });
-
-      it("joins a valid stack network", () => {
-        const hasValidNetwork = compose.includes("channel_lan") || compose.includes("channel_public") || compose.includes("assistant_net");
-        expect(hasValidNetwork).toBe(true);
-      });
-
-      it("has restart policy", () => {
-        expect(compose).toMatch(/restart:\s/);
-      });
-
-      it("has healthcheck", () => {
-        expect(compose).toMatch(/healthcheck:/);
-      });
-    });
-  }
-
-  // Security/hygiene assertions apply to ALL addons (full and overlay-only).
-  for (const id of componentIds) {
-    describe(`${id} (security)`, () => {
-      const compose = readComponentFile(id, "compose.yml");
-
-      it("uses static service name (no INSTANCE_ID)", () => {
-        expect(compose).not.toContain("${INSTANCE_ID}");
-      });
-
-      it("does not use container_name", () => {
-        expect(compose).not.toMatch(/container_name:/);
-      });
-
-      it("does not reference INSTANCE_DIR", () => {
-        expect(compose).not.toContain("${INSTANCE_DIR}");
-      });
-
-      it("does not mount vault directory (single-file mounts allowed)", () => {
-        // Directory-level vault mounts are a security violation — no container may mount the full vault.
-        // Single-file mounts like vault/user/ov.conf are allowed (the source must end with a filename).
-        const lines = compose.split("\n");
-        for (const line of lines) {
-          if (line.match(/^\s*-\s+.*vault.*:/)) {
-            // Extract the source portion (before first colon that follows a path)
-            const match = line.match(/^\s*-\s+(.+?):/);
-            if (match) {
-              const source = match[1];
-              // Allow single-file vault mounts (path ends with a file, i.e. has an extension or
-              // a non-directory final segment). Block bare vault/ or vault/<dir>/ mounts.
-              if (/vault\b/i.test(source) && !/vault\/.*\.[a-z]+$/i.test(source)) {
-                throw new Error(`Vault directory mount detected: ${line.trim()}`);
-              }
-            }
-          }
-        }
-      });
-
-      it("does not mount docker socket", () => {
-        expect(compose).not.toContain("/var/run/docker.sock");
-      });
-
-      it("has a comment header describing the component", () => {
-        expect(compose.startsWith("#")).toBe(true);
-      });
-    });
-  }
-});
-
-// ── .env.schema Validation Tests ─────────────────────────────────────────
-
-describe("registry .env.schema validation", () => {
-  const componentIds = listComponentDirs();
-  const fullAddonIds = listFullAddonIds(componentIds);
-
-  for (const id of fullAddonIds) {
-    describe(id, () => {
-      const schema = readComponentFile(id, ".env.schema");
-      const entries = parseEnvSchema(schema);
-
-      it("is non-empty", () => {
-        expect(schema.length).toBeGreaterThan(0);
-      });
-
-      it("has at least one variable definition", () => {
-        expect(entries.length).toBeGreaterThan(0);
-      });
-
-      it("does not include INSTANCE_ID (removed)", () => {
-        const names = entries.map((e) => e.variable);
-        expect(names).not.toContain("INSTANCE_ID");
-      });
-
-      it("does not include INSTANCE_DIR (removed)", () => {
-        const names = entries.map((e) => e.variable);
-        expect(names).not.toContain("INSTANCE_DIR");
-      });
-
-      it("has at least one @required variable", () => {
-        const requiredEntries = entries.filter((e) =>
-          e.annotations.includes("@required")
-        );
-        expect(requiredEntries.length).toBeGreaterThan(0);
-      });
-
-      it("variable names are valid (uppercase with underscores)", () => {
-        const validVarRe = /^[A-Z_][A-Z0-9_]*$/;
-        for (const entry of entries) {
-          expect(validVarRe.test(entry.variable)).toBe(true);
-        }
-      });
-
-      it("every variable has at least one comment line above it", () => {
-        for (const entry of entries) {
-          expect(entry.comments.length).toBeGreaterThan(0);
-        }
-      });
-
-      it("does not contain vault references", () => {
-        expect(schema.toLowerCase()).not.toContain("vault/");
-      });
-    });
-  }
-});
-
-// ── Sensitive Fields Tests ───────────────────────────────────────────────
-
-describe("registry component sensitive fields", () => {
-  const componentIds = listComponentDirs();
-  const fullAddonIds = listFullAddonIds(componentIds);
-
-  for (const id of fullAddonIds) {
-    it(`${id}: has at least one @sensitive field (channel secret)`, () => {
-      // ollama and voice are local inference servers — no channel secret
-      // or upstream API key needed (LAN-only, no auth by design).
-      if (id === "ollama" || id === "voice") return;
-      const schema = readComponentFile(id, ".env.schema");
-      const entries = parseEnvSchema(schema);
-      const sensitiveEntries = entries.filter((e) =>
-        e.annotations.includes("@sensitive")
-      );
-      expect(sensitiveEntries.length).toBeGreaterThan(0);
-    });
-  }
-});
-
-// ── Cross-Component Consistency Tests ────────────────────────────────────
-
-describe("cross-component consistency", () => {
-  const componentIds = listComponentDirs();
-  const fullAddonIds = listFullAddonIds(componentIds);
-
-  it("no duplicate openpalm.name labels across full addons", () => {
-    const names = new Set<string>();
-    for (const id of fullAddonIds) {
-      const compose = readComponentFile(id, "compose.yml");
-      const nameMatch = compose.match(/openpalm\.name:\s*(.+)/);
-      expect(nameMatch).not.toBeNull();
-      const name = nameMatch![1].trim();
-      expect(names.has(name)).toBe(false);
-      names.add(name);
-    }
-  });
-
-  it("all full addons join a valid stack network", () => {
-    for (const id of fullAddonIds) {
-      const compose = readComponentFile(id, "compose.yml");
-      const hasValidNetwork = compose.includes("channel_lan") || compose.includes("channel_public") || compose.includes("assistant_net");
-      expect(hasValidNetwork).toBe(true);
-    }
-  });
-
-  it("no compose file uses INSTANCE_ID anywhere", () => {
-    for (const id of componentIds) {
-      const compose = readComponentFile(id, "compose.yml");
-      expect(compose).not.toContain("INSTANCE_ID");
-    }
-  });
-});