@openparachute/hub 0.5.13 → 0.5.14-rc.2

package/src/__tests__/api-modules-ops.test.ts

@@ -126,6 +126,19 @@ function alwaysOkRun(): {
   };
 }
 
+/**
+ * Test default for `isLinked`: assume the package is NOT bun-linked so
+ * `runInstall` exercises the `bun add -g` path (which the stubbed runner
+ * captures into `calls`). The production default at
+ * `src/bun-link.ts` reads the contributor's real `~/.bun/install/global/`
+ * symlinks; on Aaron's machine vault/scribe/notes/hub are all linked
+ * (the canonical local-dev shape — smoke 2026-05-27 finding 1 caps the
+ * fix). Tests asserting "bun add WAS called" must opt out of that leakage
+ * by passing this stub. Tests specifically exercising the skip path use
+ * an inline `isLinked: () => true` or a per-pkg discriminator.
+ */
+const TEST_DEFAULT_NOT_LINKED = (_pkg: string): boolean => false;
+
 describe("parseModulesPath", () => {
   test("recognizes curated short + action", () => {
     expect(parseModulesPath("/api/modules/vault/install")).toEqual({
@@ -231,6 +244,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(202);
@@ -280,6 +294,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(202);
@@ -301,6 +316,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     const op = (await opRes.json()) as { status: string };
@@ -324,6 +340,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(202);
@@ -348,6 +365,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     await new Promise((r) => setTimeout(r, 10));
@@ -379,6 +397,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(202);
@@ -406,6 +425,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     await new Promise((r) => setTimeout(r, 10));
@@ -433,6 +453,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(400);
@@ -458,6 +479,7 @@ describe("POST /api/modules/:short/install", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     await new Promise((r) => setTimeout(r, 10));
@@ -487,6 +509,7 @@ describe("POST /api/modules/:short/install", () => {
           configDir: h.dir,
           supervisor,
           run,
+          isLinked: TEST_DEFAULT_NOT_LINKED,
         },
       );
       await new Promise((r) => setTimeout(r, 10));
@@ -524,6 +547,7 @@ describe("POST /api/modules/:short/install", () => {
           configDir: h.dir,
           supervisor,
           run,
+          isLinked: TEST_DEFAULT_NOT_LINKED,
         },
       );
       await new Promise((r) => setTimeout(r, 10));
@@ -557,6 +581,7 @@ describe("POST /api/modules/:short/install", () => {
           configDir: h.dir,
           supervisor,
           run,
+          isLinked: TEST_DEFAULT_NOT_LINKED,
         },
       );
       expect(res.status).toBe(202);
@@ -583,6 +608,7 @@ describe("POST /api/modules/:short/install", () => {
       supervisor,
       run: async () => 1,
       findGlobalInstall: () => null,
+      isLinked: TEST_DEFAULT_NOT_LINKED,
     };
     const res = await handleInstall(
       postReq("/api/modules/vault/install", { authorization: `Bearer ${bearer}` }),
@@ -602,6 +628,71 @@ describe("POST /api/modules/:short/install", () => {
     expect(op.status).toBe("failed");
     expect(op.error).toMatch(/bun add -g exited 1/);
   });
+
+  test("skips bun add -g when package is already bun-linked (smoke 2026-05-27 finding 1)", async () => {
+    // Smoke finding 1: the wizard's parallel install path was unconditionally
+    // invoking `bun add -g <pkg>` even when the package was already linked
+    // via `bun link <abspath>` (the standard local-dev shape). At best a
+    // wasted ~3s npm round-trip per install; at worst the global bun.lock
+    // had unrelated noise and the install failed outright, taking the
+    // wizard's vault step with it. Fix: mirror the CLI install path's
+    // `isLinked` short-circuit. Regression guard.
+    const { supervisor, spawns } = makeIdleSupervisor();
+    const { run, calls } = alwaysOkRun();
+    const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+    const res = await handleInstall(
+      postReq("/api/modules/vault/install", { authorization: `Bearer ${bearer}` }),
+      "vault",
+      {
+        db: h.db,
+        issuer: ISSUER,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        supervisor,
+        run,
+        // The bug shape: package IS linked locally. Without the
+        // short-circuit, runInstall would still call bun add -g.
+        isLinked: (pkg) => pkg === "@openparachute/vault",
+      },
+    );
+    expect(res.status).toBe(202);
+    await new Promise((r) => setTimeout(r, 10));
+
+    // The fix: bun add -g was NOT invoked for the linked package.
+    expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
+    // Downstream of the skip, the seed + spawn still happen — the install
+    // op completes successfully against the locally-linked checkout.
+    const manifest = JSON.parse(readFileSync(h.manifestPath, "utf8")) as {
+      services: Array<{ name: string }>;
+    };
+    expect(manifest.services.some((s) => s.name === "parachute-vault")).toBe(true);
+    expect(spawns.find((s) => s.short === "vault")?.cmd).toEqual(["parachute-vault", "serve"]);
+  });
+
+  test("still runs bun add -g when package is NOT bun-linked", async () => {
+    // Companion to the above — confirms the short-circuit doesn't
+    // unconditionally skip. On a friend's fresh machine (no bun link),
+    // bun add -g IS what installs the package from npm. `isLinked: () => false`
+    // is the production default behavior for a non-linked package.
+    const { supervisor } = makeIdleSupervisor();
+    const { run, calls } = alwaysOkRun();
+    const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+    await handleInstall(
+      postReq("/api/modules/vault/install", { authorization: `Bearer ${bearer}` }),
+      "vault",
+      {
+        db: h.db,
+        issuer: ISSUER,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        supervisor,
+        run,
+        isLinked: () => false,
+      },
+    );
+    await new Promise((r) => setTimeout(r, 10));
+    expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
+  });
 });
 
 describe("POST /api/modules/:short/restart", () => {
@@ -682,6 +773,7 @@ describe("POST /api/modules/:short/upgrade", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(202);
@@ -706,6 +798,7 @@ describe("POST /api/modules/:short/upgrade", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(202);
@@ -736,6 +829,7 @@ describe("POST /api/modules/:short/upgrade", () => {
           configDir: h.dir,
           supervisor,
           run,
+          isLinked: TEST_DEFAULT_NOT_LINKED,
         },
       );
       await new Promise((r) => setTimeout(r, 10));
@@ -846,6 +940,7 @@ describe("POST /api/modules/:short/uninstall", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(200);
@@ -878,6 +973,7 @@ describe("POST /api/modules/:short/uninstall", () => {
         configDir: h.dir,
         supervisor,
         run,
+        isLinked: TEST_DEFAULT_NOT_LINKED,
       },
     );
     expect(res.status).toBe(200);
@@ -1099,6 +1195,7 @@ describe("well-known regen after module ops", () => {
       supervisor,
       run: async () => 1,
       findGlobalInstall: () => null,
+      isLinked: TEST_DEFAULT_NOT_LINKED,
       wellKnownPath: wkPath,
     };
     const res = await handleInstall(

package/src/__tests__/api-modules.test.ts

@@ -171,7 +171,7 @@ describe("GET /api/modules", () => {
       supervisor_available: boolean;
     };
     // Curated order is preserved: vault → app → notes → scribe → runner.
-    expect(body.modules.map((m) => m.short)).toEqual(["vault", "app", "notes", "scribe", "runner"]);
+    expect(body.modules.map((m) => m.short)).toEqual(["vault", "surface", "notes", "scribe", "runner"]);
     expect(body.modules.every((m) => m.available)).toBe(true);
     expect(body.modules.every((m) => !m.installed)).toBe(true);
     expect(body.modules.every((m) => m.latest_version === "0.9.9")).toBe(true);
@@ -202,12 +202,12 @@ describe("GET /api/modules", () => {
         available: boolean;
       }>;
     };
-    const app = body.modules.find((m) => m.short === "app");
-    expect(app).toBeDefined();
-    expect(app?.package).toBe("@openparachute/app");
-    expect(app?.display_name).toBe("App");
-    expect(app?.tagline).toContain("auto-installs Notes");
-    expect(app?.available).toBe(true);
+    const surface = body.modules.find((m) => m.short === "surface");
+    expect(surface).toBeDefined();
+    expect(surface?.package).toBe("@openparachute/surface");
+    expect(surface?.display_name).toBe("Surface");
+    expect(surface?.tagline).toContain("auto-installs Notes");
+    expect(surface?.available).toBe(true);
   });
 
   test("runner row carries package + display props from FIRST_PARTY_FALLBACKS (#305)", async () => {
@@ -366,9 +366,9 @@ describe("GET /api/modules", () => {
   });
 
   test("management_url does not double-prepend mount when managementUrl is already mount-prefixed (hub#380)", async () => {
-    // Audit caught 2026-05-25: app declares `managementUrl: "/app/admin/"`
-    // (full hub-origin path) and `paths: ["/app", "/.parachute"]`. The
-    // SPA's Services dropdown was navigating to `/app/app/admin/` (404)
+    // Audit caught 2026-05-25: app declares `managementUrl: "/surface/admin/"`
+    // (full hub-origin path) and `paths: ["/surface", "/.parachute"]`. The
+    // SPA's Services dropdown was navigating to `/app/surface/admin/` (404)
     // because api-modules unconditionally prepended the mount onto the
     // candidate. Fix: detect already-mount-prefixed paths and pass through.
     //
@@ -376,12 +376,12 @@ describe("GET /api/modules", () => {
     // multi-instance modules (vault) use the per-instance relative form.
     writeManifest(h.manifestPath, [
       {
-        name: "parachute-app",
+        name: "parachute-surface",
         port: 1946,
-        paths: ["/app", "/.parachute"],
-        health: "/app/healthz",
+        paths: ["/surface", "/.parachute"],
+        health: "/surface/healthz",
         version: "0.2.0-rc.13",
-        installDir: "/install/dir/app",
+        installDir: "/install/dir/surface",
       },
     ]);
     const bearer = await mintBearer(h, [API_MODULES_REQUIRED_SCOPE]);
@@ -391,17 +391,17 @@ describe("GET /api/modules", () => {
       manifestPath: h.manifestPath,
       fetchLatestVersion: async () => null,
       readModuleManifest: async (installDir) => {
-        if (installDir === "/install/dir/app") {
+        if (installDir === "/install/dir/surface") {
           return {
-            name: "app",
-            manifestName: "parachute-app",
-            displayName: "App",
+            name: "surface",
+            manifestName: "parachute-surface",
+            displayName: "Surface",
             tagline: "",
             port: 1946,
-            paths: ["/app", "/.parachute"],
-            health: "/app/healthz",
-            uiUrl: "/app/admin/",
-            managementUrl: "/app/admin/",
+            paths: ["/surface", "/.parachute"],
+            health: "/surface/healthz",
+            uiUrl: "/surface/admin/",
+            managementUrl: "/surface/admin/",
           } as unknown as Awaited<
             ReturnType<typeof import("../module-manifest.ts").readModuleManifest>
           >;
@@ -413,9 +413,9 @@ describe("GET /api/modules", () => {
     const body = (await res.json()) as {
       modules: Array<{ short: string; management_url: string | null }>;
     };
-    const app = body.modules.find((m) => m.short === "app");
-    // Single `/app/`, not `/app/app/`.
-    expect(app?.management_url).toBe("/app/admin/");
+    const surface = body.modules.find((m) => m.short === "surface");
+    // Single `/surface/`, not `/surface/surface/`.
+    expect(surface?.management_url).toBe("/surface/admin/");
   });
 
   test("management_url prefix-ish names don't collide (hub#380 — /app vs /app-foo)", async () => {
@@ -430,8 +430,8 @@ describe("GET /api/modules", () => {
       {
         name: "parachute-vault",
         port: 1940,
-        paths: ["/app"], // mount is /app (using vault as a stand-in installable)
-        health: "/app/health",
+        paths: ["/surface"], // mount is /app (using vault as a stand-in installable)
+        health: "/surface/health",
         version: "0.4.5",
         installDir: "/install/dir/contrived",
       },
@@ -450,8 +450,8 @@ describe("GET /api/modules", () => {
             displayName: "Vault",
             tagline: "",
             port: 1940,
-            paths: ["/app"],
-            health: "/app/health",
+            paths: ["/surface"],
+            health: "/surface/health",
             // candidate looks like a sibling-name prefix but is NOT a
             // mount-prefix of /app — should still get prepended.
             managementUrl: "/app-foo/admin",
@@ -467,9 +467,9 @@ describe("GET /api/modules", () => {
       modules: Array<{ short: string; management_url: string | null }>;
     };
     const vault = body.modules.find((m) => m.short === "vault");
-    // /app + /app-foo/admin → /app/app-foo/admin (prepend fires; not treated
-    // as already-mount-prefixed because /app-foo/ doesn't start with /app/).
-    expect(vault?.management_url).toBe("/app/app-foo/admin");
+    // /surface + /app-foo/admin → /surface/app-foo/admin (prepend fires; not
+    // treated as already-mount-prefixed because /app-foo/ doesn't start with /surface/).
+    expect(vault?.management_url).toBe("/surface/app-foo/admin");
   });
 
   test("management_url equality edge: tail equals mount exactly (hub#380)", async () => {