@openparachute/hub 0.7.4-rc.2 → 0.7.4-rc.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/package.json +4 -11
  2. package/src/__tests__/admin-auth.test.ts +128 -0
  3. package/src/__tests__/admin-clients.test.ts +103 -1
  4. package/src/__tests__/admin-lock.test.ts +7 -1
  5. package/src/__tests__/admin-vaults.test.ts +216 -10
  6. package/src/__tests__/api-account-2fa.test.ts +453 -0
  7. package/src/__tests__/api-hub-upgrade.test.ts +59 -3
  8. package/src/__tests__/api-mint-token.test.ts +75 -0
  9. package/src/__tests__/api-modules.test.ts +143 -0
  10. package/src/__tests__/api-settings-root-redirect.test.ts +302 -0
  11. package/src/__tests__/auth.test.ts +336 -0
  12. package/src/__tests__/clients.test.ts +326 -8
  13. package/src/__tests__/cloudflare-connector-service.test.ts +3 -1
  14. package/src/__tests__/cors.test.ts +138 -1
  15. package/src/__tests__/doctor.test.ts +755 -0
  16. package/src/__tests__/hub-command.test.ts +69 -2
  17. package/src/__tests__/hub-server.test.ts +127 -5
  18. package/src/__tests__/hub-settings.test.ts +188 -0
  19. package/src/__tests__/init.test.ts +153 -0
  20. package/src/__tests__/jwt-sign.test.ts +27 -0
  21. package/src/__tests__/managed-unit.test.ts +62 -0
  22. package/src/__tests__/oauth-handlers.test.ts +626 -0
  23. package/src/__tests__/oauth-ui.test.ts +107 -1
  24. package/src/__tests__/scope-explanations.test.ts +19 -0
  25. package/src/__tests__/setup-gate.test.ts +111 -3
  26. package/src/__tests__/setup-wizard.test.ts +124 -7
  27. package/src/__tests__/supervisor.test.ts +25 -0
  28. package/src/__tests__/vault-names.test.ts +32 -3
  29. package/src/__tests__/vault-remove.test.ts +40 -19
  30. package/src/__tests__/well-known.test.ts +37 -2
  31. package/src/admin-agent-grants.ts +16 -1
  32. package/src/admin-auth.ts +13 -4
  33. package/src/admin-clients.ts +66 -5
  34. package/src/admin-grants.ts +11 -2
  35. package/src/admin-vaults.ts +77 -27
  36. package/src/api-account-2fa.ts +395 -0
  37. package/src/api-admin-lock.ts +7 -0
  38. package/src/api-hub-upgrade.ts +52 -4
  39. package/src/api-hub.ts +10 -1
  40. package/src/api-invites.ts +18 -3
  41. package/src/api-me.ts +11 -2
  42. package/src/api-mint-token.ts +16 -1
  43. package/src/api-modules.ts +119 -1
  44. package/src/api-revoke-token.ts +14 -1
  45. package/src/api-settings-hub-origin.ts +14 -1
  46. package/src/api-settings-root-redirect.ts +201 -0
  47. package/src/api-tokens.ts +14 -1
  48. package/src/api-users.ts +15 -6
  49. package/src/api-vault-caps.ts +11 -2
  50. package/src/cli.ts +56 -5
  51. package/src/clients.ts +178 -0
  52. package/src/commands/auth.ts +263 -1
  53. package/src/commands/doctor.ts +1250 -0
  54. package/src/commands/hub.ts +102 -1
  55. package/src/commands/init.ts +108 -0
  56. package/src/commands/vault-remove.ts +16 -24
  57. package/src/cors.ts +7 -3
  58. package/src/help.ts +65 -1
  59. package/src/hub-db.ts +14 -0
  60. package/src/hub-server.ts +173 -25
  61. package/src/hub-settings.ts +163 -1
  62. package/src/jwt-sign.ts +25 -6
  63. package/src/managed-unit.ts +30 -1
  64. package/src/oauth-handlers.ts +110 -7
  65. package/src/oauth-ui.ts +174 -0
  66. package/src/rate-limit.ts +28 -0
  67. package/src/scope-explanations.ts +2 -1
  68. package/src/setup-wizard.ts +40 -21
  69. package/src/supervisor.ts +46 -2
  70. package/src/vault-names.ts +15 -4
  71. package/src/well-known.ts +10 -1
  72. package/web/ui/dist/assets/{index--728BX3j.css → index-BcC4U5gM.css} +1 -1
  73. package/web/ui/dist/assets/index-CVqK1cV5.js +61 -0
  74. package/web/ui/dist/index.html +2 -2
  75. package/web/ui/dist/assets/index-DZzX_Enf.js +0 -61
@@ -398,6 +398,68 @@ describe("installManagedUnit — start:boolean (§7.1)", () => {
398
398
  expect(f.calls).toContainEqual(["systemctl", "--user", "daemon-reload"]);
399
399
  expect(f.calls.some((c) => c.includes("enable"))).toBe(false);
400
400
  });
401
+
402
+ // #528: a per-command fake `run` so the linger probe + enable-linger can return
403
+ // distinct results. Non-linger commands (systemctl daemon-reload / enable) all
404
+ // succeed; only the linger sequence is scripted via `linger`.
405
+ function lingerDeps(linger: {
406
+ probe?: ServiceCommandResult;
407
+ enable?: ServiceCommandResult;
408
+ }): FakeDepsState {
409
+ const ok: ServiceCommandResult = { code: 0, stdout: "", stderr: "" };
410
+ return fakeDeps({
411
+ platform: "linux",
412
+ getuid: () => 1000,
413
+ userName: () => "op",
414
+ run: ((cmd: readonly string[]) => {
415
+ // `calls` is recorded by the default run; here we record into a closure
416
+ // list returned alongside via the returned FakeDepsState — but fakeDeps
417
+ // only records in its OWN default run. So push into a shared array.
418
+ recorded.push([...cmd]);
419
+ if (cmd[0] === "loginctl" && cmd[1] === "show-user") return linger.probe ?? ok;
420
+ if (cmd[0] === "loginctl" && cmd[1] === "enable-linger") return linger.enable ?? ok;
421
+ return ok;
422
+ }) as ManagedUnitDeps["run"],
423
+ });
424
+ }
425
+ // Shared recorder for the per-command run above (fakeDeps's own `calls` array
426
+ // isn't populated when we override `run`).
427
+ let recorded: string[][] = [];
428
+
429
+ test("#528: linger ALREADY on → no enable attempt, no warning (false-alarm fix)", () => {
430
+ recorded = [];
431
+ const f = lingerDeps({ probe: { code: 0, stdout: "Linger=yes\n", stderr: "" } });
432
+ const result = installManagedUnit({
433
+ unit: hubUnit(f.deps),
434
+ deps: f.deps,
435
+ messages: HUB_MESSAGES,
436
+ start: false,
437
+ });
438
+ // Probed current state...
439
+ expect(recorded).toContainEqual(["loginctl", "show-user", "op", "--property=Linger"]);
440
+ // ...and because it's already on, did NOT try to enable it.
441
+ expect(recorded.some((c) => c[0] === "loginctl" && c[1] === "enable-linger")).toBe(false);
442
+ // ...and emitted NO scary linger warning.
443
+ expect(result.messages).not.toContain(HUB_MESSAGES.lingerWarning);
444
+ });
445
+
446
+ test("#528: linger OFF + enable-linger fails → warning surfaces", () => {
447
+ recorded = [];
448
+ const f = lingerDeps({
449
+ probe: { code: 0, stdout: "Linger=no\n", stderr: "" },
450
+ enable: { code: 1, stdout: "", stderr: "operation not permitted" },
451
+ });
452
+ const result = installManagedUnit({
453
+ unit: hubUnit(f.deps),
454
+ deps: f.deps,
455
+ messages: HUB_MESSAGES,
456
+ start: false,
457
+ });
458
+ // Off → did attempt to enable...
459
+ expect(recorded).toContainEqual(["loginctl", "enable-linger", "op"]);
460
+ // ...and the genuine failure warns.
461
+ expect(result.messages).toContain(HUB_MESSAGES.lingerWarning);
462
+ });
401
463
  });
402
464
 
403
465
  // ---------------------------------------------------------------------------