@openparachute/vault 0.4.8 → 0.4.9-rc.11

package/src/mirror-config.test.ts

@@ -12,6 +12,10 @@ import os from "node:os";
 import path from "node:path";
 
 import {
+  DEFAULT_SAFETY_NET_SECONDS,
+  MAX_SAFETY_NET_SECONDS,
+  MIN_SAFETY_NET_SECONDS,
+  commentOutMirrorBlock,
   defaultMirrorConfig,
   parseMirrorConfig,
   resolveMirrorPath,
@@ -40,11 +44,14 @@ describe("defaultMirrorConfig", () => {
     expect(d.enabled).toBe(false);
     expect(d.location).toBe("internal");
     expect(d.external_path).toBeNull();
-    expect(d.watch).toBe(false);
+    // Post event-driven shift: sync_mode replaces watch. "events" is the
+    // new default — when an operator flips enabled on, hooks subscribe
+    // automatically.
+    expect(d.sync_mode).toBe("events");
     expect(d.auto_commit).toBe(true);
     expect(d.auto_push).toBe(false);
     expect(d.commit_template).toContain("{{date}}");
-    expect(d.interval_seconds).toBe(5);
+    expect(d.safety_net_seconds).toBe(DEFAULT_SAFETY_NET_SECONDS);
   });
 });
 
@@ -58,41 +65,68 @@ describe("parseMirrorConfig", () => {
     expect(parseMirrorConfig("")).toBeUndefined();
   });
 
-  test("parses a fully-specified mirror block", () => {
+  test("parses a fully-specified mirror block (post-event-driven shape)", () => {
     const yaml = [
       "port: 1940",
       "mirror:",
       "  enabled: true",
       "  location: external",
       "  external_path: /home/aaron/mirrors/gitcoin",
-      "  watch: true",
+      "  sync_mode: events",
       "  auto_commit: true",
       "  auto_push: true",
       '  commit_template: "vault: {{notes_changed}} note{{plural}}"',
-      "  interval_seconds: 10",
+      "  safety_net_seconds: 3600",
     ].join("\n");
     const m = parseMirrorConfig(yaml);
     expect(m).toEqual({
       enabled: true,
       location: "external",
       external_path: "/home/aaron/mirrors/gitcoin",
-      watch: true,
+      sync_mode: "events",
       auto_commit: true,
       auto_push: true,
       commit_template: "vault: {{notes_changed}} note{{plural}}",
-      interval_seconds: 10,
+      safety_net_seconds: 3600,
     });
   });
 
   test("partial mirror block fills missing fields from defaults", () => {
-    const yaml = "mirror:\n  enabled: true\n  watch: true\n";
+    const yaml = "mirror:\n  enabled: true\n  sync_mode: manual\n";
     const m = parseMirrorConfig(yaml)!;
     expect(m.enabled).toBe(true);
-    expect(m.watch).toBe(true);
+    expect(m.sync_mode).toBe("manual");
     expect(m.location).toBe("internal");
     expect(m.auto_commit).toBe(true);
   });
 
+  test("legacy `watch: true` translates to sync_mode: events", () => {
+    const m = parseMirrorConfig("mirror:\n  enabled: true\n  watch: true\n")!;
+    expect(m.sync_mode).toBe("events");
+  });
+
+  test("legacy `watch: false` translates to sync_mode: manual", () => {
+    const m = parseMirrorConfig("mirror:\n  enabled: true\n  watch: false\n")!;
+    expect(m.sync_mode).toBe("manual");
+  });
+
+  test("explicit sync_mode wins over legacy watch", () => {
+    const yaml = "mirror:\n  enabled: true\n  watch: true\n  sync_mode: manual\n";
+    const m = parseMirrorConfig(yaml)!;
+    expect(m.sync_mode).toBe("manual");
+  });
+
+  test("legacy `interval_seconds: 5` clamps up to MIN_SAFETY_NET_SECONDS", () => {
+    const m = parseMirrorConfig("mirror:\n  enabled: true\n  interval_seconds: 5\n")!;
+    expect(m.safety_net_seconds).toBe(MIN_SAFETY_NET_SECONDS);
+  });
+
+  test("explicit safety_net_seconds wins over legacy interval_seconds", () => {
+    const yaml = "mirror:\n  enabled: true\n  interval_seconds: 5\n  safety_net_seconds: 1800\n";
+    const m = parseMirrorConfig(yaml)!;
+    expect(m.safety_net_seconds).toBe(1800);
+  });
+
   test("external_path: null is interpreted as null", () => {
     const m = parseMirrorConfig(
       "mirror:\n  enabled: true\n  external_path: null\n",
@@ -120,11 +154,11 @@ describe("serializeMirrorConfig", () => {
       enabled: true,
       location: "external" as const,
       external_path: "/home/aaron/team-brain",
-      watch: true,
+      sync_mode: "events" as const,
       auto_commit: true,
       auto_push: false,
       commit_template: "export: {{date}} ({{notes_changed}} note{{plural}})",
-      interval_seconds: 5,
+      safety_net_seconds: 3600,
     };
     const yaml = serializeMirrorConfig(original).join("\n") + "\n";
     const parsed = parseMirrorConfig(yaml);
@@ -251,10 +285,147 @@ describe("validateMirrorConfigShape", () => {
     if (!r.ok) expect(r.field).toBe("enabled");
   });
 
-  test("rejects non-integer interval_seconds", () => {
-    const r = validateMirrorConfigShape({ interval_seconds: 0.5 });
+  test("rejects non-integer safety_net_seconds", () => {
+    const r = validateMirrorConfigShape({ safety_net_seconds: 0.5 });
+    expect(r.ok).toBe(false);
+    if (!r.ok) expect(r.field).toBe("safety_net_seconds");
+  });
+
+  test("rejects safety_net_seconds below MIN", () => {
+    const r = validateMirrorConfigShape({ safety_net_seconds: MIN_SAFETY_NET_SECONDS - 1 });
+    expect(r.ok).toBe(false);
+    if (!r.ok) expect(r.field).toBe("safety_net_seconds");
+  });
+
+  test("rejects safety_net_seconds above MAX", () => {
+    const r = validateMirrorConfigShape({ safety_net_seconds: MAX_SAFETY_NET_SECONDS + 1 });
+    expect(r.ok).toBe(false);
+    if (!r.ok) expect(r.field).toBe("safety_net_seconds");
+  });
+
+  test("legacy interval_seconds field clamps + migrates to safety_net_seconds", () => {
+    // Hand-edited config supplies the old field; we still accept it but
+    // route it through the safety-net clamp range.
+    const r = validateMirrorConfigShape({ interval_seconds: 5 });
+    expect(r.ok).toBe(true);
+    if (r.ok) expect(r.config.safety_net_seconds).toBe(MIN_SAFETY_NET_SECONDS);
+  });
+
+  test("rejects unknown sync_mode", () => {
+    const r = validateMirrorConfigShape({ sync_mode: "interval" });
     expect(r.ok).toBe(false);
-    if (!r.ok) expect(r.field).toBe("interval_seconds");
+    if (!r.ok) expect(r.field).toBe("sync_mode");
+  });
+
+  test("accepts sync_mode events / manual", () => {
+    expect((validateMirrorConfigShape({ sync_mode: "events" }) as { config: { sync_mode: string } }).config.sync_mode).toBe("events");
+    expect((validateMirrorConfigShape({ sync_mode: "manual" }) as { config: { sync_mode: string } }).config.sync_mode).toBe("manual");
+  });
+
+  test("legacy watch: true translates to sync_mode: events", () => {
+    const r = validateMirrorConfigShape({ watch: true });
+    expect(r.ok).toBe(true);
+    if (r.ok) expect(r.config.sync_mode).toBe("events");
+  });
+
+  test("legacy watch: false translates to sync_mode: manual", () => {
+    const r = validateMirrorConfigShape({ watch: false });
+    expect(r.ok).toBe(true);
+    if (r.ok) expect(r.config.sync_mode).toBe("manual");
+  });
+
+  test("rejects auto_push + internal location WHEN no credentials are configured", () => {
+    // Pre-credentials shape: auto_push + internal was rejected outright
+    // (internal mirror = no remote = push would silently fail). Once
+    // credentials are wired (PAT or GitHub OAuth), the credential save
+    // path sets `origin` on the internal repo too — so push IS
+    // meaningful. We keep the rejection only on the no-credentials path,
+    // with a clear error pointing the operator at the credential flow.
+    const r = validateMirrorConfigShape(
+      {
+        enabled: true,
+        location: "internal",
+        auto_push: true,
+      },
+      { readCredentials: () => null },
+    );
+    expect(r.ok).toBe(false);
+    if (!r.ok) {
+      expect(r.field).toBe("auto_push");
+      expect(r.error).toContain("credentials");
+    }
+  });
+
+  test("auto_push + internal IS accepted when PAT credentials are configured", () => {
+    // The three-stacking-gaps bug Aaron hit: History preset (internal
+    // location) + PAT saved → expected pushes to fire. validation was
+    // the first blocker. Now the combination passes when credentials
+    // are present.
+    const r = validateMirrorConfigShape(
+      {
+        enabled: true,
+        location: "internal",
+        auto_push: true,
+      },
+      {
+        readCredentials: () => ({
+          active_method: "pat",
+          github_oauth: null,
+          pat: {
+            token: "ghp_xxxxxxxxxxxxxxxx",
+            remote_url: "https://x-access-token:ghp_xxxxxxxxxxxxxxxx@github.com/a/b.git",
+            label: "test",
+          },
+        }),
+      },
+    );
+    expect(r.ok).toBe(true);
+  });
+
+  test("auto_push + internal IS accepted when github_oauth credentials are configured", () => {
+    const r = validateMirrorConfigShape(
+      {
+        enabled: true,
+        location: "internal",
+        auto_push: true,
+      },
+      {
+        readCredentials: () => ({
+          active_method: "github_oauth",
+          github_oauth: {
+            access_token: "gho_xxxxxxxxxxxx",
+            scope: "repo",
+            authorized_at: "2026-05-28T03:14:15.000Z",
+            user_login: "aaron",
+            user_id: 1,
+          },
+          pat: null,
+        }),
+      },
+    );
+    expect(r.ok).toBe(true);
+  });
+
+  test("auto_push + external location is fine", () => {
+    const r = validateMirrorConfigShape({
+      enabled: true,
+      location: "external",
+      external_path: "/tmp/foo",
+      auto_push: true,
+    });
+    expect(r.ok).toBe(true);
+  });
+
+  test("auto_push + disabled never errors", () => {
+    // Cross-field rule gates on `enabled`. A disabled config with stale
+    // auto_push: true + internal is the upgrade-path shape; operators
+    // shouldn't have to clear the field to disable.
+    const r = validateMirrorConfigShape({
+      enabled: false,
+      location: "internal",
+      auto_push: true,
+    });
+    expect(r.ok).toBe(true);
   });
 
   test("rejects empty commit_template", () => {
@@ -326,3 +497,95 @@ describe("validateExternalPath", () => {
     if (r.ok) expect(r.resolved_path).toBe(dir);
   });
 });
+
+// ---------------------------------------------------------------------------
+// commentOutMirrorBlock — vault#400 migration YAML rewrite (extracted from
+// server.ts per vault#408 review N3). Runs against the operator's real
+// config.yaml, so it gets direct coverage here.
+// ---------------------------------------------------------------------------
+
+describe("commentOutMirrorBlock", () => {
+  test("comments out a real serializer-shaped mirror block; leaves other keys intact", () => {
+    // Build the block exactly as serializeMirrorConfig emits it — pins the
+    // real production shape rather than a hand-written approximation.
+    const block = serializeMirrorConfig({
+      ...defaultMirrorConfig(),
+      enabled: true,
+      location: "external",
+      external_path: "/home/aaron/mirrors/brain",
+      auto_push: true,
+    }).join("\n");
+    const yaml = `port: 1940
+default_vault: brain
+${block}
+auto_transcribe:
+  enabled: true
+`;
+    const out = commentOutMirrorBlock(yaml);
+
+    // No LIVE mirror block survives (the parser anchor won't match).
+    expect(parseMirrorConfig(out)).toBeUndefined();
+    // Every mirror line is commented.
+    expect(out).toContain("# mirror:");
+    expect(out).toContain("#   enabled: true");
+    expect(out).toContain("#   external_path: /home/aaron/mirrors/brain");
+    expect(out).toContain("#   auto_push: true");
+    // Provenance marker added.
+    expect(out).toContain("# [vault#400] migrated to per-vault");
+    // Non-mirror top-level keys untouched (byte-for-byte).
+    expect(out).toContain("port: 1940");
+    expect(out).toContain("default_vault: brain");
+    expect(out).toContain("auto_transcribe:");
+    expect(out).toContain("  enabled: true");
+    // The mirror block must NOT have swallowed the auto_transcribe block —
+    // its child line stays a live (uncommented) 2-space-indent field.
+    expect(out).not.toContain("#   enabled: true\n# auto_transcribe");
+    const at = out.indexOf("auto_transcribe:");
+    expect(out.slice(at)).toContain("\n  enabled: true");
+  });
+
+  test("idempotent — running on already-commented output is a no-op", () => {
+    const block = serializeMirrorConfig({
+      ...defaultMirrorConfig(),
+      enabled: true,
+    }).join("\n");
+    const yaml = `port: 1940\n${block}\ndiscovery: enabled\n`;
+    const once = commentOutMirrorBlock(yaml);
+    const twice = commentOutMirrorBlock(once);
+    expect(twice).toBe(once); // second pass changes nothing
+  });
+
+  test("no mirror block → returns input unchanged", () => {
+    const yaml = `port: 1940
+default_vault: brain
+discovery: enabled
+`;
+    expect(commentOutMirrorBlock(yaml)).toBe(yaml);
+  });
+
+  test("mirror block at EOF (no trailing key) is fully commented", () => {
+    const block = serializeMirrorConfig({
+      ...defaultMirrorConfig(),
+      enabled: true,
+      auto_commit: false,
+    }).join("\n");
+    const yaml = `port: 1940\n${block}\n`;
+    const out = commentOutMirrorBlock(yaml);
+    expect(parseMirrorConfig(out)).toBeUndefined();
+    expect(out).toContain("#   auto_commit: false");
+    expect(out).toContain("port: 1940"); // live, untouched
+  });
+
+  test("preserves a blank line between the mirror block and the next key", () => {
+    const block = serializeMirrorConfig({
+      ...defaultMirrorConfig(),
+      enabled: true,
+    }).join("\n");
+    // Blank line separates the block from `discovery:` — must stay blank
+    // (not commented) and `discovery:` must stay live.
+    const yaml = `port: 1940\n${block}\n\ndiscovery: enabled\n`;
+    const out = commentOutMirrorBlock(yaml);
+    expect(out).toContain("\n\ndiscovery: enabled"); // blank line preserved, key live
+    expect(parseMirrorConfig(out)).toBeUndefined();
+  });
+});