@openparachute/hub 0.3.0-rc.1 → 0.5.1

package/src/__tests__/scope-registry.test.ts

@@ -0,0 +1,220 @@
+import { describe, expect, test } from "bun:test";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import {
+  findUnknownScopes,
+  isKnownScope,
+  loadDeclaredScopes,
+  parseScopeString,
+} from "../scope-registry.ts";
+
+describe("parseScopeString", () => {
+  test("splits on whitespace per RFC 6749", () => {
+    expect(parseScopeString("vault:read scribe:transcribe")).toEqual([
+      "vault:read",
+      "scribe:transcribe",
+    ]);
+  });
+
+  test("accepts tabs + newlines + multi-space runs", () => {
+    expect(parseScopeString("vault:read\tscribe:transcribe\n  channel:send")).toEqual([
+      "vault:read",
+      "scribe:transcribe",
+      "channel:send",
+    ]);
+  });
+
+  test("empty string yields empty array", () => {
+    expect(parseScopeString("")).toEqual([]);
+    expect(parseScopeString("   ")).toEqual([]);
+  });
+});
+
+describe("isKnownScope", () => {
+  const declared = new Set(["vault:read", "vault:write", "scribe:transcribe", "hub:admin"]);
+
+  test("exact match passes", () => {
+    expect(isKnownScope("vault:read", declared)).toBe(true);
+    expect(isKnownScope("scribe:transcribe", declared)).toBe(true);
+  });
+
+  test("unknown scopes fail", () => {
+    expect(isKnownScope("frobnicate:everything", declared)).toBe(false);
+    expect(isKnownScope("vault:exfiltrate", declared)).toBe(false);
+  });
+
+  test("per-resource narrowing collapses to <svc>:<verb>", () => {
+    expect(isKnownScope("vault:work:read", declared)).toBe(true);
+    expect(isKnownScope("vault:default:write", declared)).toBe(true);
+    expect(isKnownScope("scribe:groq:transcribe", declared)).toBe(true);
+  });
+
+  test("narrowing only collapses if collapsed form is declared", () => {
+    expect(isKnownScope("vault:work:exfiltrate", declared)).toBe(false);
+  });
+
+  test("admin scope does NOT inherit read/write at the issuer", () => {
+    // Inheritance is the resource server's call (vault enforces admin ⊇ write
+    // ⊇ read at request time). The issuer only mints what was declared.
+    const adminOnly = new Set(["vault:admin"]);
+    expect(isKnownScope("vault:read", adminOnly)).toBe(false);
+  });
+
+  test("malformed scopes (no colon, single segment) fail", () => {
+    expect(isKnownScope("vaultread", declared)).toBe(false);
+    expect(isKnownScope("vault:", declared)).toBe(false);
+  });
+});
+
+describe("findUnknownScopes", () => {
+  const declared = new Set(["vault:read", "vault:write", "scribe:transcribe"]);
+
+  test("returns only the unknown ones", () => {
+    expect(
+      findUnknownScopes(["vault:read", "frobnicate:everything", "scribe:transcribe"], declared),
+    ).toEqual(["frobnicate:everything"]);
+  });
+
+  test("returns [] when all declared", () => {
+    expect(findUnknownScopes(["vault:read", "scribe:transcribe"], declared)).toEqual([]);
+  });
+
+  test("returns [] for empty input", () => {
+    expect(findUnknownScopes([], declared)).toEqual([]);
+  });
+});
+
+describe("loadDeclaredScopes", () => {
+  function tmp(): { dir: string; manifestPath: string; cleanup: () => void } {
+    const dir = mkdtempSync(join(tmpdir(), "phub-scope-reg-"));
+    return {
+      dir,
+      manifestPath: join(dir, "services.json"),
+      cleanup: () => rmSync(dir, { recursive: true, force: true }),
+    };
+  }
+
+  test("returns FIRST_PARTY_SCOPES baseline when services.json is absent", () => {
+    const { manifestPath, cleanup } = tmp();
+    try {
+      const declared = loadDeclaredScopes({ manifestPath });
+      expect(declared.has("vault:read")).toBe(true);
+      expect(declared.has("scribe:transcribe")).toBe(true);
+      expect(declared.has("hub:admin")).toBe(true);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("unions module.json scopes.defines on top of FIRST_PARTY_SCOPES", () => {
+    const { manifestPath, cleanup } = tmp();
+    try {
+      writeFileSync(
+        manifestPath,
+        JSON.stringify({
+          services: [
+            {
+              name: "@acme/widget",
+              port: 1950,
+              paths: ["/widget"],
+              health: "/healthz",
+              version: "0.0.0-linked",
+            },
+          ],
+        }),
+      );
+      const declared = loadDeclaredScopes({
+        manifestPath,
+        readModuleScopes: (pkg) =>
+          pkg === "@acme/widget" ? ["widget:read", "widget:write"] : null,
+      });
+      expect(declared.has("vault:read")).toBe(true); // baseline
+      expect(declared.has("widget:read")).toBe(true);
+      expect(declared.has("widget:write")).toBe(true);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("readModuleScopes receives installDir from services.json (closes #85 follow-up)", () => {
+    // Regression: scope-registry was looking up by services.json `name` in
+    // bun-globals. For third-party modules where name (canonical short like
+    // "agent") differs from the npm package name on disk ("nanoagent" for
+    // forks), that lookup fails and the module's scopes are never declared.
+    // installDir from hub#84 is the correct path source.
+    const { manifestPath, cleanup } = tmp();
+    try {
+      writeFileSync(
+        manifestPath,
+        JSON.stringify({
+          services: [
+            {
+              name: "agent",
+              port: 1944,
+              paths: ["/agent"],
+              health: "/api/health",
+              version: "0.0.0-linked",
+              installDir: "/Users/test/ParachuteComputer/parachute-agent",
+            },
+          ],
+        }),
+      );
+      const calls: { pkg: string; installDir: string | undefined }[] = [];
+      const declared = loadDeclaredScopes({
+        manifestPath,
+        readModuleScopes: (pkg, installDir) => {
+          calls.push({ pkg, installDir });
+          return pkg === "agent" ? ["agent:read", "agent:write", "agent:admin"] : null;
+        },
+      });
+      expect(calls).toEqual([
+        { pkg: "agent", installDir: "/Users/test/ParachuteComputer/parachute-agent" },
+      ]);
+      expect(declared.has("agent:read")).toBe(true);
+      expect(declared.has("agent:write")).toBe(true);
+      expect(declared.has("agent:admin")).toBe(true);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("services with no module.json don't crash the registry", () => {
+    const { manifestPath, cleanup } = tmp();
+    try {
+      writeFileSync(
+        manifestPath,
+        JSON.stringify({
+          services: [
+            {
+              name: "parachute-vault",
+              port: 1940,
+              paths: ["/vault"],
+              health: "/healthz",
+              version: "0.0.0-linked",
+            },
+          ],
+        }),
+      );
+      const declared = loadDeclaredScopes({
+        manifestPath,
+        readModuleScopes: () => null,
+      });
+      expect(declared.has("vault:read")).toBe(true);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("malformed services.json falls back to baseline", () => {
+    const { manifestPath, cleanup } = tmp();
+    try {
+      writeFileSync(manifestPath, "{not json");
+      const declared = loadDeclaredScopes({ manifestPath });
+      expect(declared.has("vault:read")).toBe(true);
+      expect(declared.size).toBeGreaterThan(0);
+    } finally {
+      cleanup();
+    }
+  });
+});

package/src/__tests__/services-manifest.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, test } from "bun:test";
-import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { mkdtempSync, readFileSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import {
@@ -174,4 +174,140 @@ describe("services-manifest", () => {
       cleanup();
     }
   });
+
+  test("round-trips optional installDir", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      const full: ServiceEntry = { ...vault, installDir: "/abs/path/to/pkg" };
+      upsertService(full, path);
+      expect(readManifest(path).services[0]).toEqual(full);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("rejects non-string installDir", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      expect(() => upsertService({ ...vault, installDir: 42 as unknown as string }, path)).toThrow(
+        /installDir/,
+      );
+    } finally {
+      cleanup();
+    }
+  });
+});
+
+describe("claw → agent migration", () => {
+  // Paraclaw was renamed to parachute-agent across the ecosystem (npm
+  // package, mount path, short name). Operators who upgraded hub but
+  // still have the old paraclaw row in services.json otherwise see a
+  // tile labelled "Claw" and a hub route at `/claw` while their newly
+  // upgraded daemon listens on `/agent`. The migration runs on
+  // readManifest, rewrites the row in-place, and writes back.
+  const claw: ServiceEntry = {
+    name: "claw",
+    port: 1944,
+    paths: ["/claw"],
+    health: "/claw/health",
+    version: "0.1.0",
+  };
+  const agent: ServiceEntry = {
+    name: "agent",
+    port: 1944,
+    paths: ["/agent"],
+    health: "/agent/health",
+    version: "0.1.0",
+  };
+
+  test("rewrites name + paths + health when both name=claw and paths[0]=/claw", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      writeFileSync(path, `${JSON.stringify({ services: [claw] }, null, 2)}\n`);
+      const got = readManifest(path);
+      expect(got.services).toEqual([agent]);
+      // Persisted: a second read sees the migrated shape directly, no
+      // re-migration required.
+      const reread = JSON.parse(readFileSync(path, "utf8")) as {
+        services: ServiceEntry[];
+      };
+      expect(reread.services[0]?.name).toBe("agent");
+      expect(reread.services[0]?.paths).toEqual(["/agent"]);
+      expect(reread.services[0]?.health).toBe("/agent/health");
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("idempotent: an already-agent entry is not rewritten and not rewritten on re-read", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      writeFileSync(path, `${JSON.stringify({ services: [agent] }, null, 2)}\n`);
+      const beforeMtime = statSync(path).mtimeMs;
+      const got = readManifest(path);
+      expect(got.services).toEqual([agent]);
+      // No write back when nothing changed: mtime stays put.
+      const afterMtime = statSync(path).mtimeMs;
+      expect(afterMtime).toBe(beforeMtime);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("mixed manifest: vault and scribe are untouched, only claw migrates", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      const scribe: ServiceEntry = {
+        name: "parachute-scribe",
+        port: 1943,
+        paths: ["/scribe"],
+        health: "/scribe/health",
+        version: "0.1.0",
+      };
+      writeFileSync(path, `${JSON.stringify({ services: [vault, claw, scribe] }, null, 2)}\n`);
+      const got = readManifest(path);
+      expect(got.services).toHaveLength(3);
+      expect(got.services[0]).toEqual(vault);
+      expect(got.services[1]).toEqual(agent);
+      expect(got.services[2]).toEqual(scribe);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("preserves nested /claw paths when present (e.g. /claw/api)", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      const clawNested: ServiceEntry = {
+        name: "claw",
+        port: 1944,
+        paths: ["/claw", "/claw/api"],
+        health: "/claw/api/health",
+        version: "0.1.0",
+      };
+      writeFileSync(path, `${JSON.stringify({ services: [clawNested] }, null, 2)}\n`);
+      const got = readManifest(path);
+      expect(got.services[0]?.paths).toEqual(["/agent", "/agent/api"]);
+      expect(got.services[0]?.health).toBe("/agent/api/health");
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("leaves a row alone if name is claw but mount is something else (deliberate third-party reuse)", () => {
+    const { path, cleanup } = makeTempPath();
+    try {
+      const oddClaw: ServiceEntry = {
+        name: "claw",
+        port: 9000,
+        paths: ["/something-else"],
+        health: "/something-else/health",
+        version: "0.1.0",
+      };
+      writeFileSync(path, `${JSON.stringify({ services: [oddClaw] }, null, 2)}\n`);
+      expect(readManifest(path).services).toEqual([oddClaw]);
+    } finally {
+      cleanup();
+    }
+  });
 });

package/src/__tests__/sessions.test.ts

@@ -0,0 +1,116 @@
+import { describe, expect, test } from "bun:test";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { hubDbPath, openHubDb } from "../hub-db.ts";
+import {
+  SESSION_COOKIE_NAME,
+  buildSessionClearCookie,
+  buildSessionCookie,
+  createSession,
+  deleteSession,
+  findSession,
+  parseSessionCookie,
+} from "../sessions.ts";
+import { createUser } from "../users.ts";
+
+async function makeDb() {
+  const configDir = mkdtempSync(join(tmpdir(), "phub-sessions-"));
+  const db = openHubDb(hubDbPath(configDir));
+  const user = await createUser(db, "owner", "pw");
+  return {
+    db,
+    userId: user.id,
+    cleanup: () => {
+      db.close();
+      rmSync(configDir, { recursive: true, force: true });
+    },
+  };
+}
+
+describe("createSession + findSession", () => {
+  test("round-trips a session", async () => {
+    const { db, userId, cleanup } = await makeDb();
+    try {
+      const s = createSession(db, { userId });
+      const found = findSession(db, s.id);
+      expect(found?.userId).toBe(userId);
+      expect(found?.id).toBe(s.id);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("returns null for unknown id", async () => {
+    const { db, cleanup } = await makeDb();
+    try {
+      expect(findSession(db, "no-such-session")).toBeNull();
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("returns null for expired session", async () => {
+    const { db, userId, cleanup } = await makeDb();
+    try {
+      const epoch = new Date("2026-01-01T00:00:00Z");
+      const s = createSession(db, { userId, now: () => epoch });
+      // Past TTL (24h).
+      const later = new Date(epoch.getTime() + 25 * 3600 * 1000);
+      expect(findSession(db, s.id, () => later)).toBeNull();
+      // Still valid one second before expiry.
+      const justBefore = new Date(epoch.getTime() + 24 * 3600 * 1000 - 1000);
+      expect(findSession(db, s.id, () => justBefore)?.id).toBe(s.id);
+    } finally {
+      cleanup();
+    }
+  });
+});
+
+describe("deleteSession", () => {
+  test("removes the session row", async () => {
+    const { db, userId, cleanup } = await makeDb();
+    try {
+      const s = createSession(db, { userId });
+      deleteSession(db, s.id);
+      expect(findSession(db, s.id)).toBeNull();
+    } finally {
+      cleanup();
+    }
+  });
+});
+
+describe("buildSessionCookie", () => {
+  test("emits the expected attributes", () => {
+    const v = buildSessionCookie("abc", 86400);
+    expect(v).toContain(`${SESSION_COOKIE_NAME}=abc`);
+    expect(v).toContain("HttpOnly");
+    expect(v).toContain("Secure");
+    expect(v).toContain("SameSite=Lax");
+    expect(v).toContain("Path=/");
+    expect(v).not.toContain("Path=/oauth");
+    expect(v).toContain("Max-Age=86400");
+  });
+});
+
+describe("buildSessionClearCookie", () => {
+  test("emits Max-Age=0", () => {
+    const v = buildSessionClearCookie();
+    expect(v).toContain(`${SESSION_COOKIE_NAME}=`);
+    expect(v).toContain("Max-Age=0");
+    expect(v).toContain("Path=/");
+    expect(v).not.toContain("Path=/oauth");
+  });
+});
+
+describe("parseSessionCookie", () => {
+  test("extracts the session id from a Cookie header", () => {
+    expect(parseSessionCookie(`${SESSION_COOKIE_NAME}=xyz`)).toBe("xyz");
+    expect(parseSessionCookie(`other=foo; ${SESSION_COOKIE_NAME}=xyz; bar=baz`)).toBe("xyz");
+  });
+  test("returns null when absent or empty", () => {
+    expect(parseSessionCookie(null)).toBeNull();
+    expect(parseSessionCookie("")).toBeNull();
+    expect(parseSessionCookie("other=foo")).toBeNull();
+  });
+});