@openparachute/hub 0.5.7 → 0.5.10-rc.2

package/src/__tests__/serve.test.ts

@@ -0,0 +1,100 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { seedInitialAdminIfNeeded } from "../commands/serve.ts";
+import { openHubDb } from "../hub-db.ts";
+import { userCount } from "../users.ts";
+
+describe("seedInitialAdminIfNeeded", () => {
+  let dir: string;
+  let dbPath: string;
+
+  beforeEach(() => {
+    dir = mkdtempSync(join(tmpdir(), "parachute-serve-"));
+    dbPath = join(dir, "hub.db");
+  });
+
+  afterEach(() => {
+    rmSync(dir, { recursive: true, force: true });
+  });
+
+  test("returns 'needs-setup' on fresh state with no env vars", async () => {
+    const db = openHubDb(dbPath);
+    const result = await seedInitialAdminIfNeeded(db, {}, () => {});
+    expect(result).toBe("needs-setup");
+    expect(userCount(db)).toBe(0);
+  });
+
+  test("seeds an admin from PARACHUTE_INITIAL_ADMIN_* on fresh state", async () => {
+    const db = openHubDb(dbPath);
+    const log = mock<(line: string) => void>(() => {});
+    const result = await seedInitialAdminIfNeeded(
+      db,
+      {
+        PARACHUTE_INITIAL_ADMIN_USERNAME: "ops",
+        PARACHUTE_INITIAL_ADMIN_PASSWORD: "correct horse battery staple",
+      },
+      log,
+    );
+    expect(result).toBe("seeded");
+    expect(userCount(db)).toBe(1);
+    // The log line carries the username so operators can grep container
+    // logs to verify the seed fired.
+    expect(log).toHaveBeenCalledTimes(1);
+    expect(log.mock.calls[0]?.[0] ?? "").toContain("seeded initial admin");
+    expect(log.mock.calls[0]?.[0] ?? "").toContain("ops");
+  });
+
+  test("returns 'exists' when an admin already exists, even with env vars set", async () => {
+    // Seed once.
+    const db = openHubDb(dbPath);
+    await seedInitialAdminIfNeeded(
+      db,
+      {
+        PARACHUTE_INITIAL_ADMIN_USERNAME: "ops",
+        PARACHUTE_INITIAL_ADMIN_PASSWORD: "first-pw",
+      },
+      () => {},
+    );
+
+    // Same env on a second boot must NOT clobber the existing admin —
+    // the seed is first-boot only. (Container restart with the env still
+    // set from the Render dashboard is the canonical second-boot.)
+    const result = await seedInitialAdminIfNeeded(
+      db,
+      {
+        PARACHUTE_INITIAL_ADMIN_USERNAME: "ops",
+        PARACHUTE_INITIAL_ADMIN_PASSWORD: "different-pw",
+      },
+      () => {},
+    );
+    expect(result).toBe("exists");
+    expect(userCount(db)).toBe(1);
+  });
+
+  test("treats whitespace-only username as missing (needs-setup)", async () => {
+    const db = openHubDb(dbPath);
+    const result = await seedInitialAdminIfNeeded(
+      db,
+      {
+        PARACHUTE_INITIAL_ADMIN_USERNAME: "   ",
+        PARACHUTE_INITIAL_ADMIN_PASSWORD: "pw",
+      },
+      () => {},
+    );
+    expect(result).toBe("needs-setup");
+    expect(userCount(db)).toBe(0);
+  });
+
+  test("requires both username and password — half-set env is needs-setup", async () => {
+    const db = openHubDb(dbPath);
+    const result = await seedInitialAdminIfNeeded(
+      db,
+      { PARACHUTE_INITIAL_ADMIN_USERNAME: "ops" },
+      () => {},
+    );
+    expect(result).toBe("needs-setup");
+    expect(userCount(db)).toBe(0);
+  });
+});

package/src/__tests__/setup-gate.test.ts

@@ -0,0 +1,196 @@
+/**
+ * Pre-admin setup gate (hub#258). When the hub boots with no admin row
+ * (the fresh container case), admin-onboarding-coupled surfaces 503
+ * with `{error: "setup_required", setup_url: "/admin/setup"}` so
+ * callers can branch on the shape rather than scrape an HTML page.
+ *
+ * Gated routes (require an admin to be useful): `/login`, `/logout`,
+ * `/admin/*` (except `/admin/setup`), `/api/*`.
+ *
+ * Routes that pass through (platform health, public discovery, OAuth
+ * third-party flows, content proxies, the setup page itself):
+ *
+ *   /health, /, /hub.html, /.well-known/*, /admin/setup,
+ *   /oauth/*, /vault/*, /<service>/*
+ *
+ * Once an admin row exists, the gate is a no-op — the rest of dispatch
+ * runs as normal. The `/admin/setup` route 301s to /login at that
+ * point so a stale bookmark still lands somewhere.
+ */
+
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { hubDbPath, openHubDb } from "../hub-db.ts";
+import { hubFetch } from "../hub-server.ts";
+import { writeManifest } from "../services-manifest.ts";
+import { createUser } from "../users.ts";
+
+interface Harness {
+  dir: string;
+  cleanup: () => void;
+}
+
+function makeHarness(): Harness {
+  const dir = mkdtempSync(join(tmpdir(), "setup-gate-"));
+  // Minimal hub.html so the `/` route resolves without a 404.
+  writeFileSync(join(dir, "hub.html"), "<html>discovery</html>");
+  writeManifest({ services: [] }, join(dir, "services.json"));
+  return {
+    dir,
+    cleanup: () => rmSync(dir, { recursive: true, force: true }),
+  };
+}
+
+function req(path: string, init: RequestInit = {}): Request {
+  return new Request(`http://127.0.0.1:1939${path}`, init);
+}
+
+describe("setup gate (no admin yet)", () => {
+  let h: Harness;
+  beforeEach(() => {
+    h = makeHarness();
+  });
+  afterEach(() => h.cleanup());
+
+  test("503s gated admin/api routes with setup_required body", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      // `/api/me` is a representative gated route — admin SPA bootstrap
+      // can't function without an operator identity behind it.
+      const res = await hubFetch(h.dir, { getDb: () => db })(req("/api/me"));
+      expect(res.status).toBe(503);
+      const body = (await res.json()) as Record<string, unknown>;
+      expect(body.error).toBe("setup_required");
+      expect(body.setup_url).toBe("/admin/setup");
+      expect(typeof body.error_description).toBe("string");
+    } finally {
+      db.close();
+    }
+  });
+
+  test("503s /login when no admin exists", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = await hubFetch(h.dir, { getDb: () => db })(req("/login"));
+      expect(res.status).toBe(503);
+      const body = (await res.json()) as Record<string, unknown>;
+      expect(body.error).toBe("setup_required");
+    } finally {
+      db.close();
+    }
+  });
+
+  test("/oauth/register passes through the gate (third-party DCR doesn't need admin)", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = await hubFetch(h.dir, {
+        getDb: () => db,
+        issuer: "https://hub.example",
+      })(
+        req("/oauth/register", {
+          method: "POST",
+          headers: { "content-type": "application/json" },
+          body: JSON.stringify({ redirect_uris: ["https://app.example/cb"] }),
+        }),
+      );
+      // Either 201 (registered) or 4xx (validation rejection) — the
+      // point is NOT 503-setup_required. OAuth surfaces operate
+      // independently of the admin-onboarding state.
+      expect(res.status).not.toBe(503);
+    } finally {
+      db.close();
+    }
+  });
+
+  test("/health passes through the gate", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = await hubFetch(h.dir, { getDb: () => db })(req("/health"));
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as Record<string, unknown>;
+      expect(body.status).toBe("ok");
+    } finally {
+      db.close();
+    }
+  });
+
+  test("/.well-known/jwks.json passes through the gate", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = await hubFetch(h.dir, { getDb: () => db })(req("/.well-known/jwks.json"));
+      // Empty keys array is the no-rotation-yet shape, but the route is
+      // reachable — not gated to 503.
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as { keys: unknown[] };
+      expect(Array.isArray(body.keys)).toBe(true);
+    } finally {
+      db.close();
+    }
+  });
+
+  test("/ passes through the gate (renders discovery page)", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = await hubFetch(h.dir, { getDb: () => db })(req("/"));
+      expect(res.status).toBe(200);
+      expect(res.headers.get("content-type")).toContain("text/html");
+    } finally {
+      db.close();
+    }
+  });
+
+  test("/admin/setup renders the placeholder HTML", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = await hubFetch(h.dir, { getDb: () => db })(req("/admin/setup"));
+      expect(res.status).toBe(200);
+      expect(res.headers.get("content-type")).toContain("text/html");
+      const html = await res.text();
+      // Spot-check the env-var seed is documented — it's the canonical
+      // bootstrap path for containers and we don't want a future
+      // refactor to silently strip it.
+      expect(html).toContain("PARACHUTE_INITIAL_ADMIN_USERNAME");
+      expect(html).toContain("PARACHUTE_INITIAL_ADMIN_PASSWORD");
+    } finally {
+      db.close();
+    }
+  });
+});
+
+describe("setup gate (admin exists)", () => {
+  let h: Harness;
+  beforeEach(() => {
+    h = makeHarness();
+  });
+  afterEach(() => h.cleanup());
+
+  test("no-ops once an admin row exists — operator routes resume normal dispatch", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      await createUser(db, "owner", "pw");
+      // /oauth/token rejects GET with 405 in normal dispatch (it's a
+      // POST-only endpoint). If the gate were still firing this would
+      // come back 503; the 405 confirms regular dispatch resumed.
+      const res = await hubFetch(h.dir, { getDb: () => db })(
+        req("/oauth/token", { method: "GET" }),
+      );
+      expect(res.status).toBe(405);
+    } finally {
+      db.close();
+    }
+  });
+
+  test("/admin/setup 301s to /login once an admin exists", async () => {
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      await createUser(db, "owner", "pw");
+      const res = await hubFetch(h.dir, { getDb: () => db })(req("/admin/setup"));
+      expect(res.status).toBe(301);
+      expect(res.headers.get("location")).toBe("/login");
+    } finally {
+      db.close();
+    }
+  });
+});

package/src/__tests__/status.test.ts

@@ -517,4 +517,203 @@ describe("status", () => {
       cleanup();
     }
   });
+
+  describe("install-source surface (hub#243)", () => {
+    test("renders SOURCE column header + per-row label", async () => {
+      const { path, cleanup } = makeTempPath();
+      try {
+        upsertService(
+          {
+            name: "parachute-vault",
+            port: 1940,
+            paths: ["/vault/default"],
+            health: "/vault/default/health",
+            version: "0.4.4-rc.3",
+            installDir: "/Users/me/code/parachute-vault",
+          },
+          path,
+        );
+        const lines: string[] = [];
+        await status({
+          manifestPath: path,
+          fetchImpl: async () => new Response(null, { status: 200 }),
+          print: (l) => lines.push(l),
+          installSourceDeps: {
+            bunGlobalPrefixes: () => ["/home/test/.bun/install/global/node_modules"],
+            resolveBunGlobal: () => null,
+            readJson: (p) =>
+              p === "/Users/me/code/parachute-vault/package.json"
+                ? { name: "@openparachute/vault", version: "0.4.4-rc.3" }
+                : (() => {
+                    throw new Error("nope");
+                  })(),
+            readGitHead: () => "8aa167b",
+          },
+        });
+        expect(lines[0]).toMatch(/SOURCE/);
+        expect(lines.some((l) => l.includes("bun-linked → parachute-vault @ 8aa167b"))).toBe(true);
+      } finally {
+        cleanup();
+      }
+    });
+
+    test("STALE continuation line fires when bun-linked live version != cached version", async () => {
+      // Reproduces hub#243's motivating case: services.json says 0.3.11-rc.1
+      // but the live source has been rebuilt to 0.3.15-rc.1. Operator should
+      // see STALE in one glance from `parachute status` output.
+      const { path, cleanup } = makeTempPath();
+      try {
+        upsertService(
+          {
+            name: "parachute-notes",
+            port: 1942,
+            paths: ["/notes"],
+            health: "/notes/health",
+            version: "0.3.11-rc.1",
+            installDir: "/Users/me/code/parachute-notes",
+          },
+          path,
+        );
+        const lines: string[] = [];
+        await status({
+          manifestPath: path,
+          fetchImpl: async () => new Response(null, { status: 200 }),
+          print: (l) => lines.push(l),
+          installSourceDeps: {
+            bunGlobalPrefixes: () => ["/home/test/.bun/install/global/node_modules"],
+            resolveBunGlobal: () => null,
+            readJson: (p) =>
+              p === "/Users/me/code/parachute-notes/package.json"
+                ? { name: "@openparachute/notes", version: "0.3.15-rc.1" }
+                : (() => {
+                    throw new Error("nope");
+                  })(),
+            readGitHead: () => "051c404",
+          },
+        });
+        expect(
+          lines.some((l) =>
+            l.includes("STALE: services.json cached 0.3.11-rc.1; live package.json 0.3.15-rc.1"),
+          ),
+        ).toBe(true);
+      } finally {
+        cleanup();
+      }
+    });
+
+    test("npm-installed services render as `npm (<version>)` and never STALE", async () => {
+      const { path, cleanup } = makeTempPath();
+      try {
+        upsertService(
+          {
+            name: "parachute-scribe",
+            port: 1943,
+            paths: ["/scribe"],
+            health: "/scribe/health",
+            version: "0.4.2-rc.1",
+            installDir: "/home/test/.bun/install/global/node_modules/@openparachute/scribe",
+          },
+          path,
+        );
+        const lines: string[] = [];
+        await status({
+          manifestPath: path,
+          fetchImpl: async () => new Response(null, { status: 200 }),
+          print: (l) => lines.push(l),
+          installSourceDeps: {
+            bunGlobalPrefixes: () => ["/home/test/.bun/install/global/node_modules"],
+            resolveBunGlobal: () => null,
+            readJson: (p) =>
+              p === "/home/test/.bun/install/global/node_modules/@openparachute/scribe/package.json"
+                ? { name: "@openparachute/scribe", version: "0.4.2-rc.1" }
+                : (() => {
+                    throw new Error("nope");
+                  })(),
+            readGitHead: () => undefined,
+          },
+        });
+        expect(lines.some((l) => l.includes("npm (0.4.2-rc.1)"))).toBe(true);
+        expect(lines.some((l) => l.includes("STALE:"))).toBe(false);
+      } finally {
+        cleanup();
+      }
+    });
+
+    test("entries without installDir fall back to bun-global symlink lookup", async () => {
+      // Some services.json entries (older first-party rows, or rows written
+      // by a service that doesn't echo installDir) leave the field absent.
+      // detectInstallSource maps the entry name → first-party package and
+      // probes bun globals for the symlink. Pins that fallback path.
+      const { path, cleanup } = makeTempPath();
+      try {
+        upsertService(
+          {
+            name: "parachute-vault",
+            port: 1940,
+            paths: ["/vault/default"],
+            health: "/vault/default/health",
+            version: "0.4.4-rc.3",
+            // No installDir.
+          },
+          path,
+        );
+        const lines: string[] = [];
+        await status({
+          manifestPath: path,
+          fetchImpl: async () => new Response(null, { status: 200 }),
+          print: (l) => lines.push(l),
+          installSourceDeps: {
+            bunGlobalPrefixes: () => ["/home/test/.bun/install/global/node_modules"],
+            resolveBunGlobal: (pkg) =>
+              pkg === "@openparachute/vault" ? "/Users/me/code/parachute-vault" : null,
+            readJson: (p) =>
+              p === "/Users/me/code/parachute-vault/package.json"
+                ? { name: "@openparachute/vault", version: "0.4.4-rc.3" }
+                : (() => {
+                    throw new Error("nope");
+                  })(),
+            readGitHead: () => "8aa167b",
+          },
+        });
+        expect(lines.some((l) => l.includes("bun-linked → parachute-vault @ 8aa167b"))).toBe(true);
+      } finally {
+        cleanup();
+      }
+    });
+
+    test("third-party row without installDir + no mapping renders as 'unknown'", async () => {
+      const { path, cleanup } = makeTempPath();
+      try {
+        upsertService(
+          {
+            name: "agent",
+            port: 1946,
+            paths: ["/agent"],
+            health: "/agent/health",
+            version: "0.1.4-rc.1",
+            // No installDir; agent isn't in FIRST_PARTY_FALLBACKS by short name,
+            // and the fallback bun-global lookup needs a known package name.
+          },
+          path,
+        );
+        const lines: string[] = [];
+        await status({
+          manifestPath: path,
+          fetchImpl: async () => new Response(null, { status: 200 }),
+          print: (l) => lines.push(l),
+          installSourceDeps: {
+            bunGlobalPrefixes: () => ["/home/test/.bun/install/global/node_modules"],
+            resolveBunGlobal: () => null,
+            readJson: () => {
+              throw new Error("not reached");
+            },
+            readGitHead: () => undefined,
+          },
+        });
+        expect(lines.some((l) => l.includes("unknown"))).toBe(true);
+      } finally {
+        cleanup();
+      }
+    });
+  });
 });