@openparachute/hub 0.5.10-rc.4 → 0.5.10-rc.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openparachute/hub",
-  "version": "0.5.10-rc.4",
+  "version": "0.5.10-rc.5",
   "description": "parachute — the local hub for the Parachute ecosystem (discovery, ports, lifecycle, soon OAuth).",
   "license": "AGPL-3.0",
   "publishConfig": {

package/src/__tests__/hub-server.test.ts

@@ -979,10 +979,12 @@ describe("hubFetch routing", () => {
     }
   });
 
-  // First-boot setup placeholder (hub#258). When no admin exists the page
-  // is the bootstrap onboarding surface; once an admin exists it 301s to
-  // /login so a stale bookmark still lands somewhere useful.
-  test("/admin/setup renders placeholder HTML when no admin exists", async () => {
+  // First-boot setup wizard (hub#259, expanding hub#258's static
+  // placeholder). When no admin exists, GET /admin/setup renders the
+  // wizard's account-step form. Once admin + vault both exist, it 301s
+  // to /login so a stale bookmark still lands somewhere useful. With
+  // admin but no vault, the wizard resumes at the vault step.
+  test("/admin/setup renders the wizard's account form when no admin exists", async () => {
     const h = makeHarness();
     try {
       const db = openHubDb(hubDbPath(h.dir));
@@ -991,7 +993,8 @@ describe("hubFetch routing", () => {
         expect(res.status).toBe(200);
         expect(res.headers.get("content-type")).toContain("text/html");
         const body = await res.text();
-        expect(body).toContain("first-boot setup");
+        expect(body).toContain('action="/admin/setup/account"');
+        // Env-var seed path is still surfaced as the alt-path disclosure.
         expect(body).toContain("PARACHUTE_INITIAL_ADMIN_USERNAME");
       } finally {
         db.close();
@@ -1001,13 +1004,35 @@ describe("hubFetch routing", () => {
     }
   });
 
-  test("/admin/setup 301s to /login when an admin already exists", async () => {
+  test("/admin/setup 301s to /login once admin + vault both exist (hub#259)", async () => {
     const h = makeHarness();
     try {
       const db = openHubDb(hubDbPath(h.dir));
       try {
         await createUser(db, "owner", "pw");
-        const res = await hubFetch(h.dir, { getDb: () => db })(req("/admin/setup"));
+        // Seed the vault entry so the wizard's state derives as "done"
+        // and the GET 301s. Without this the wizard would still resume
+        // at the vault step.
+        const { writeManifest } = await import("../services-manifest.ts");
+        const { join } = await import("node:path");
+        writeManifest(
+          {
+            services: [
+              {
+                name: "parachute-vault",
+                version: "0.1.0",
+                port: 1940,
+                paths: ["/vault/default"],
+                health: "/health",
+              },
+            ],
+          },
+          join(h.dir, "services.json"),
+        );
+        const res = await hubFetch(h.dir, {
+          getDb: () => db,
+          manifestPath: join(h.dir, "services.json"),
+        })(req("/admin/setup"));
         expect(res.status).toBe(301);
         expect(res.headers.get("location")).toBe("/login");
       } finally {

package/src/__tests__/setup-gate.test.ts

@@ -141,16 +141,17 @@ describe("setup gate (no admin yet)", () => {
     }
   });
 
-  test("/admin/setup renders the placeholder HTML", async () => {
+  test("/admin/setup renders the wizard (account step) when no admin exists", async () => {
     const db = openHubDb(hubDbPath(h.dir));
     try {
       const res = await hubFetch(h.dir, { getDb: () => db })(req("/admin/setup"));
       expect(res.status).toBe(200);
       expect(res.headers.get("content-type")).toContain("text/html");
       const html = await res.text();
-      // Spot-check the env-var seed is documented — it's the canonical
-      // bootstrap path for containers and we don't want a future
-      // refactor to silently strip it.
+      // Spot-check the wizard is rendering its account-step form (hub#259
+      // replaced the env-var-only placeholder with a real wizard, but the
+      // env-var path is still surfaced as the "alt-path" disclosure).
+      expect(html).toContain('action="/admin/setup/account"');
       expect(html).toContain("PARACHUTE_INITIAL_ADMIN_USERNAME");
       expect(html).toContain("PARACHUTE_INITIAL_ADMIN_PASSWORD");
     } finally {
@@ -182,13 +183,22 @@ describe("setup gate (admin exists)", () => {
     }
   });
 
-  test("/admin/setup 301s to /login once an admin exists", async () => {
+  test("/admin/setup resumes at the vault step when admin exists but vault doesn't (hub#259)", async () => {
     const db = openHubDb(hubDbPath(h.dir));
     try {
       await createUser(db, "owner", "pw");
-      const res = await hubFetch(h.dir, { getDb: () => db })(req("/admin/setup"));
-      expect(res.status).toBe(301);
-      expect(res.headers.get("location")).toBe("/login");
+      const res = await hubFetch(h.dir, {
+        getDb: () => db,
+        manifestPath: join(h.dir, "services.json"),
+      })(req("/admin/setup"));
+      // With admin in place but no vault entry in services.json, the
+      // wizard's GET resumes at step 3 — the vault-name form — rather
+      // than 301-ing to /login. The 301-to-/login fires only once BOTH
+      // admin and vault are in place; that case is exercised in the
+      // setup-wizard suite where the manifest is seeded.
+      expect(res.status).toBe(200);
+      const html = await res.text();
+      expect(html).toContain('action="/admin/setup/vault"');
     } finally {
       db.close();
     }