@openpalm/lib 0.11.0-beta.9 → 0.11.0-rc.18

package/src/control-plane/core-assets.test.ts

@@ -1,104 +0,0 @@
-import { describe, expect, it, beforeEach, afterEach } from "bun:test";
-import { chmodSync, mkdirSync, mkdtempSync, rmSync, writeFileSync, readFileSync, existsSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { seedStashAssets } from "./core-assets.js";
-
-describe("seedStashAssets", () => {
-  let homeDir: string;
-  const originalHome = process.env.OP_HOME;
-
-  beforeEach(() => {
-    homeDir = mkdtempSync(join(tmpdir(), "stash-seed-test-"));
-    process.env.OP_HOME = homeDir;
-    mkdirSync(join(homeDir, "stash"), { recursive: true });
-  });
-
-  afterEach(() => {
-    process.env.OP_HOME = originalHome;
-    // Restore writable mode in case a test chmod'd the stash dir.
-    try {
-      chmodSync(join(homeDir, "stash"), 0o755);
-    } catch {
-      // ignore — dir may not exist
-    }
-    rmSync(homeDir, { recursive: true, force: true });
-  });
-
-  it("writes every seed under stash/ on first run", () => {
-    const seeds = {
-      "skills/test-skill/SKILL.md": "---\nname: test-skill\ntype: skill\n---\nhello\n",
-      "commands/test-cmd.md": "---\nname: test-cmd\ntype: command\n---\nrun me\n",
-    };
-    const written = seedStashAssets(seeds);
-
-    expect(written.sort()).toEqual(Object.keys(seeds).sort());
-    for (const [rel, content] of Object.entries(seeds)) {
-      const target = join(homeDir, "stash", rel);
-      expect(existsSync(target)).toBe(true);
-      expect(readFileSync(target, "utf-8")).toBe(content);
-    }
-  });
-
-  it("does not overwrite existing files (user edits win)", () => {
-    const seeds = { "skills/keep-mine/SKILL.md": "ORIGINAL SEED\n" };
-    const userEdit = "USER EDIT — must not be overwritten\n";
-
-    // Simulate a previous install: seed first.
-    seedStashAssets(seeds);
-    const target = join(homeDir, "stash/skills/keep-mine/SKILL.md");
-    expect(readFileSync(target, "utf-8")).toBe("ORIGINAL SEED\n");
-
-    // User edits the file.
-    writeFileSync(target, userEdit);
-
-    // Re-run: must return [] and leave the user's content intact.
-    const written = seedStashAssets(seeds);
-    expect(written).toEqual([]);
-    expect(readFileSync(target, "utf-8")).toBe(userEdit);
-  });
-
-  it("creates nested directories under stash/ as needed", () => {
-    const seeds = { "skills/deep/nested/asset/SKILL.md": "x" };
-    seedStashAssets(seeds);
-    expect(existsSync(join(homeDir, "stash/skills/deep/nested/asset/SKILL.md"))).toBe(true);
-  });
-
-  it("returns an empty list when called with no seeds", () => {
-    expect(seedStashAssets({})).toEqual([]);
-  });
-
-  it("rejects seed keys that escape the stash directory", () => {
-    // Path-traversal guard: ../ sequences in keys must throw rather than
-    // silently writing outside stash/.
-    expect(() =>
-      seedStashAssets({ "../../etc/cron.d/evil": "owned\n" }),
-    ).toThrow(/escapes stash dir/);
-
-    // Confirm the malicious payload was NOT written anywhere relative to
-    // the temp home.
-    expect(existsSync(join(homeDir, "..", "..", "etc", "cron.d", "evil"))).toBe(false);
-  });
-
-  it("rejects seed keys that traverse through the stash dir back out", () => {
-    expect(() =>
-      seedStashAssets({ "skills/../../../escape.md": "x" }),
-    ).toThrow(/escapes stash dir/);
-  });
-
-  it("surfaces errors when the stash directory is read-only", () => {
-    // Skip when running as root (chmod is a no-op for the superuser).
-    const uid = process.getuid?.();
-    if (uid === 0) return;
-
-    const stashDir = join(homeDir, "stash");
-    chmodSync(stashDir, 0o555);
-    try {
-      expect(() =>
-        seedStashAssets({ "skills/readonly/SKILL.md": "nope\n" }),
-      ).toThrow();
-    } finally {
-      chmodSync(stashDir, 0o755);
-    }
-  });
-});

package/src/control-plane/migrate-0110.test.ts

@@ -1,177 +0,0 @@
-/**
- * Tests for the 0.11.0 auth-migration shim.
- */
-import { describe, expect, it, beforeEach, afterEach } from "bun:test";
-import {
-  existsSync,
-  mkdirSync,
-  mkdtempSync,
-  readFileSync,
-  rmSync,
-  statSync,
-  writeFileSync,
-  chmodSync,
-} from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { migrateAuth0110 } from "./migrate-0110.js";
-import type { ControlPlaneState } from "./types.js";
-
-function makeState(homeDir: string): ControlPlaneState {
-  return {
-    homeDir,
-    configDir: join(homeDir, "config"),
-    stashDir: join(homeDir, "stash"),
-    workspaceDir: join(homeDir, "workspace"),
-    cacheDir: join(homeDir, "cache"),
-    stateDir: join(homeDir, "state"),
-    stackDir: join(homeDir, "config", "stack"),
-    services: {},
-    artifacts: { compose: "" },
-    artifactMeta: [],
-  };
-}
-
-function seedStackEnv(stackDir: string, content: string): string {
-  mkdirSync(stackDir, { recursive: true });
-  const path = join(stackDir, "stack.env");
-  writeFileSync(path, content, { encoding: "utf-8", mode: 0o600 });
-  chmodSync(path, 0o600);
-  return path;
-}
-
-describe("migrateAuth0110", () => {
-  let homeDir: string;
-
-  beforeEach(() => {
-    homeDir = mkdtempSync(join(tmpdir(), "openpalm-migrate-0110-"));
-  });
-
-  afterEach(() => {
-    rmSync(homeDir, { recursive: true, force: true });
-  });
-
-  it("no-ops on a fresh install (no stack.env)", () => {
-    const state = makeState(homeDir);
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(false);
-    expect(result.reason).toContain("fresh install");
-  });
-
-  it("promotes OP_UI_TOKEN → OP_UI_LOGIN_PASSWORD and removes legacy keys", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "# header",
-        "OP_UI_TOKEN=legacy-token-value",
-        "OP_ASSISTANT_TOKEN=some-assistant-token",
-        "OP_OPENCODE_PASSWORD=opencode-secret",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    expect(result.reason).toContain("promoted OP_UI_TOKEN");
-    expect(result.reason).toContain("removed OP_UI_TOKEN");
-    expect(result.reason).toContain("removed OP_ASSISTANT_TOKEN");
-
-    const after = readFileSync(stackEnvPath, "utf-8");
-    expect(after).toContain("OP_UI_LOGIN_PASSWORD=legacy-token-value");
-    expect(after).not.toMatch(/^OP_UI_TOKEN=/m);
-    expect(after).not.toMatch(/^OP_ASSISTANT_TOKEN=/m);
-    // Unrelated keys preserved
-    expect(after).toContain("OP_OPENCODE_PASSWORD=opencode-secret");
-
-    // Perms preserved
-    expect(statSync(stackEnvPath).mode & 0o777).toBe(0o600);
-
-    // Migration log appended
-    const logPath = join(state.stateDir, "logs", "migration-0.11.0.log");
-    expect(existsSync(logPath)).toBe(true);
-    const log = readFileSync(logPath, "utf-8");
-    expect(log).toContain("migrate-auth-0110");
-    expect(log).toContain("promoted OP_UI_TOKEN");
-  });
-
-  it("does not overwrite an existing OP_UI_LOGIN_PASSWORD", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_LOGIN_PASSWORD=new-password",
-        "OP_UI_TOKEN=legacy-value",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    expect(result.reason).not.toContain("promoted");
-    expect(result.reason).toContain("removed OP_UI_TOKEN");
-
-    const after = readFileSync(stackEnvPath, "utf-8");
-    expect(after).toContain("OP_UI_LOGIN_PASSWORD=new-password");
-    expect(after).not.toMatch(/^OP_UI_TOKEN=/m);
-  });
-
-  it("removes OP_ASSISTANT_TOKEN even when only it is present", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_LOGIN_PASSWORD=pw",
-        "OP_ASSISTANT_TOKEN=stale",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    expect(result.reason).toContain("removed OP_ASSISTANT_TOKEN");
-    expect(readFileSync(stackEnvPath, "utf-8")).not.toMatch(/^OP_ASSISTANT_TOKEN=/m);
-  });
-
-  it("is idempotent: second run reports already-migrated", () => {
-    const state = makeState(homeDir);
-    seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_TOKEN=t",
-        "OP_ASSISTANT_TOKEN=t2",
-        "",
-      ].join("\n"),
-    );
-
-    const first = migrateAuth0110(state);
-    expect(first.migrated).toBe(true);
-
-    const second = migrateAuth0110(state);
-    expect(second.migrated).toBe(false);
-    expect(second.reason).toContain("already migrated");
-  });
-
-  it("treats an empty OP_UI_TOKEN value as not-set (no promotion)", () => {
-    const state = makeState(homeDir);
-    const stackEnvPath = seedStackEnv(
-      state.stackDir,
-      [
-        "OP_UI_TOKEN=",
-        "OP_ASSISTANT_TOKEN=foo",
-        "",
-      ].join("\n"),
-    );
-
-    const result = migrateAuth0110(state);
-    expect(result.migrated).toBe(true);
-    // Empty-string OP_UI_TOKEN should NOT be promoted as a password.
-    expect(result.reason).not.toContain("promoted");
-
-    const after = readFileSync(stackEnvPath, "utf-8");
-    // The empty OP_UI_TOKEN line is still removed.
-    expect(after).not.toMatch(/^OP_UI_TOKEN=/m);
-    // No OP_UI_LOGIN_PASSWORD added (would be an empty value).
-    expect(after).not.toMatch(/^OP_UI_LOGIN_PASSWORD=/m);
-  });
-});

package/src/control-plane/migrate-0110.ts

@@ -1,99 +0,0 @@
-/**
- * One-shot migration for the 0.11.0 auth refactor.
- *
- * Existing installs have OP_UI_TOKEN and OP_ASSISTANT_TOKEN in
- * config/stack/stack.env. The 0.11.0 refactor (auth-and-proxy-refactor-plan.md)
- * replaces them with a single OP_UI_LOGIN_PASSWORD. If we don't migrate,
- * operators get locked out the moment they run the new UI build because the
- * login route compares the cookie against process.env.OP_UI_LOGIN_PASSWORD,
- * which is empty on existing installs.
- *
- * Migration logic (idempotent):
- *   - If OP_UI_LOGIN_PASSWORD is unset AND OP_UI_TOKEN is set, copy
- *     OP_UI_TOKEN's value into OP_UI_LOGIN_PASSWORD.
- *   - Remove OP_UI_TOKEN and OP_ASSISTANT_TOKEN from stack.env (they're
- *     no longer used).
- *   - Append a one-line summary to state/logs/migration-0.11.0.log.
- *   - If OP_UI_LOGIN_PASSWORD is already set, leave it alone — the operator
- *     already migrated or set up fresh.
- *
- * Called from ensureSecrets so it runs before any auth-required code path
- * gets a chance to see the half-migrated state.
- */
-import {
-  existsSync,
-  readFileSync,
-  writeFileSync,
-  chmodSync,
-  appendFileSync,
-  mkdirSync,
-} from "node:fs";
-import { dirname } from "node:path";
-import { parseEnvContent, removeEnvKey, upsertEnvValue } from "./env.js";
-import { migration0110LogPath } from "./paths.js";
-import type { ControlPlaneState } from "./types.js";
-
-export type MigrateAuth0110Result = {
-  /** True if any change was written to stack.env. */
-  migrated: boolean;
-  /** Human-readable description of what changed (or why nothing did). */
-  reason: string;
-};
-
-export function migrateAuth0110(state: ControlPlaneState): MigrateAuth0110Result {
-  const stackEnvPath = `${state.stackDir}/stack.env`;
-  if (!existsSync(stackEnvPath)) {
-    return { migrated: false, reason: "no stack.env yet (fresh install)" };
-  }
-
-  const before = readFileSync(stackEnvPath, "utf-8");
-  const parsed = parseEnvContent(before);
-  const hasLoginPw = typeof parsed.OP_UI_LOGIN_PASSWORD === "string" && parsed.OP_UI_LOGIN_PASSWORD.length > 0;
-  const hasUiToken = typeof parsed.OP_UI_TOKEN === "string" && parsed.OP_UI_TOKEN.length > 0;
-  const hasAssistantToken = "OP_ASSISTANT_TOKEN" in parsed;
-  const hasUiTokenLine = "OP_UI_TOKEN" in parsed;
-
-  if (hasLoginPw && !hasUiTokenLine && !hasAssistantToken) {
-    return { migrated: false, reason: "already migrated" };
-  }
-
-  let content = before;
-  const changes: string[] = [];
-
-  if (!hasLoginPw && hasUiToken) {
-    content = upsertEnvValue(content, "OP_UI_LOGIN_PASSWORD", parsed.OP_UI_TOKEN);
-    changes.push("promoted OP_UI_TOKEN → OP_UI_LOGIN_PASSWORD");
-  }
-  if (hasUiTokenLine) {
-    content = removeEnvKey(content, "OP_UI_TOKEN");
-    changes.push("removed OP_UI_TOKEN");
-  }
-  if (hasAssistantToken) {
-    content = removeEnvKey(content, "OP_ASSISTANT_TOKEN");
-    changes.push("removed OP_ASSISTANT_TOKEN");
-  }
-
-  if (changes.length === 0) {
-    return { migrated: false, reason: "no changes needed" };
-  }
-
-  // Preserve the 0600 mode the existing file should already have.
-  writeFileSync(stackEnvPath, content, { encoding: "utf-8", mode: 0o600 });
-  try { chmodSync(stackEnvPath, 0o600); } catch { /* best-effort */ }
-
-  // Best-effort audit line. The migration log is small and append-only;
-  // if it fails (perm error, fs full), we don't roll back the migration.
-  try {
-    const logPath = migration0110LogPath(state);
-    mkdirSync(dirname(logPath), { recursive: true });
-    appendFileSync(
-      logPath,
-      `${new Date().toISOString()} migrate-auth-0110 ${changes.join("; ")}\n`,
-      "utf-8",
-    );
-  } catch {
-    /* best-effort */
-  }
-
-  return { migrated: true, reason: changes.join("; ") };
-}