@pentatonic-ai/ai-agent-sdk 0.5.10 → 0.6.0

package/bin/__tests__/credentials.test.js

@@ -0,0 +1,58 @@
+import { writeCredentials, readCredentials, credentialsPath } from "../lib/credentials.js";
+import { mkdtemp, rm, stat, readFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+describe("credentials helpers", () => {
+  let tmp;
+
+  beforeEach(async () => {
+    tmp = await mkdtemp(join(tmpdir(), "tes-cred-"));
+    process.env.XDG_CONFIG_HOME = tmp;
+  });
+
+  afterEach(async () => {
+    await rm(tmp, { recursive: true, force: true });
+    delete process.env.XDG_CONFIG_HOME;
+  });
+
+  it("writeCredentials creates ~/.config/tes/credentials.json with mode 0600", async () => {
+    await writeCredentials({
+      endpoint: "https://api.pentatonic.com",
+      clientId: "tes-demo",
+      apiKey: "tes_tes-demo_xxxxxx",
+    });
+    const path = credentialsPath();
+    expect(path).toBe(join(tmp, "tes", "credentials.json"));
+    const st = await stat(path);
+    expect(st.mode & 0o777).toBe(0o600);
+    const parsed = JSON.parse(await readFile(path, "utf8"));
+    expect(parsed).toEqual({
+      endpoint: "https://api.pentatonic.com",
+      clientId: "tes-demo",
+      apiKey: "tes_tes-demo_xxxxxx",
+    });
+  });
+
+  it("readCredentials returns null when the file does not exist", async () => {
+    const got = await readCredentials();
+    expect(got).toBeNull();
+  });
+
+  it("readCredentials round-trips a write", async () => {
+    await writeCredentials({
+      endpoint: "https://api.pentatonic.com",
+      clientId: "tes-demo",
+      apiKey: "tes_xxx",
+    });
+    const got = await readCredentials();
+    expect(got.clientId).toBe("tes-demo");
+  });
+
+  it("writeCredentials overwrites an existing file (login = re-auth)", async () => {
+    await writeCredentials({ endpoint: "a", clientId: "b", apiKey: "c" });
+    await writeCredentials({ endpoint: "x", clientId: "y", apiKey: "z" });
+    const got = await readCredentials();
+    expect(got).toEqual({ endpoint: "x", clientId: "y", apiKey: "z" });
+  });
+});

package/bin/__tests__/login.test.js

@@ -0,0 +1,210 @@
+import { jest } from "@jest/globals";
+import { mkdtemp, rm, readFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { Buffer } from "node:buffer";
+
+// Hoisted mock for callback-server. Real one binds a real socket; for
+// login command tests we want a deterministic stub.
+jest.unstable_mockModule("../lib/callback-server.js", () => ({
+  startCallbackServer: jest.fn(),
+}));
+
+let runLoginCommand, runInitAlias;
+let startCallbackServer;
+
+// Build a fake JWT with given claims (unverified — login decodes claims
+// without verifying).
+function fakeJwt(claims) {
+  const header = Buffer.from(JSON.stringify({ alg: "HS256", typ: "JWT" }))
+    .toString("base64")
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "");
+  const payload = Buffer.from(JSON.stringify(claims))
+    .toString("base64")
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "");
+  return `${header}.${payload}.fake-signature`;
+}
+
+describe("login command", () => {
+  let tmp;
+  let fetchMock;
+
+  beforeEach(async () => {
+    tmp = await mkdtemp(join(tmpdir(), "tes-login-"));
+    process.env.XDG_CONFIG_HOME = tmp;
+
+    const cb = await import("../lib/callback-server.js");
+    startCallbackServer = cb.startCallbackServer;
+    startCallbackServer.mockReset();
+
+    startCallbackServer.mockResolvedValue({
+      port: 14171,
+      result: Promise.resolve({ code: "AUTH_CODE", state: "RETURNED_STATE" }),
+      cancel: jest.fn(),
+    });
+
+    fetchMock = jest.fn();
+    globalThis.fetch = fetchMock;
+
+    ({ runLoginCommand, runInitAlias } = await import("../commands/login.js"));
+  });
+
+  afterEach(async () => {
+    await rm(tmp, { recursive: true, force: true });
+    delete process.env.XDG_CONFIG_HOME;
+  });
+
+  it("happy path: code → access_token → tes_* key → credentials written", async () => {
+    let capturedState;
+    startCallbackServer.mockImplementationOnce(({ state }) => {
+      capturedState = state;
+      return Promise.resolve({
+        port: 14171,
+        result: Promise.resolve({ code: "AUTH_CODE", state }),
+        cancel: jest.fn(),
+      });
+    });
+
+    const accessToken = fakeJwt({ client_id: "tes-demo", email: "phil@x.com" });
+
+    fetchMock
+      // POST /oauth/token
+      .mockResolvedValueOnce({
+        ok: true,
+        status: 200,
+        json: async () => ({ access_token: accessToken, expires_in: 300 }),
+      })
+      // POST /api/graphql (createClientApiToken)
+      .mockResolvedValueOnce({
+        ok: true,
+        status: 200,
+        json: async () => ({
+          data: {
+            createClientApiToken: {
+              success: true,
+              plainTextToken: "tes_tes-demo_LIVE_KEY",
+            },
+          },
+        }),
+      });
+
+    const result = await runLoginCommand({
+      endpoint: "https://api.pentatonic.com",
+      openBrowser: jest.fn(),
+      log: () => {},
+      errLog: () => {},
+    });
+
+    expect(result.exitCode).toBe(0);
+    expect(typeof capturedState).toBe("string");
+    expect(capturedState.length).toBeGreaterThan(20);
+
+    const tokenCall = fetchMock.mock.calls[0];
+    expect(tokenCall[0]).toMatch(/\/oauth\/token$/);
+    expect(tokenCall[1].method).toBe("POST");
+    const tokenBody = new URLSearchParams(tokenCall[1].body);
+    expect(tokenBody.get("grant_type")).toBe("authorization_code");
+    expect(tokenBody.get("code")).toBe("AUTH_CODE");
+
+    const credPath = join(tmp, "tes", "credentials.json");
+    const creds = JSON.parse(await readFile(credPath, "utf8"));
+    expect(creds.apiKey).toBe("tes_tes-demo_LIVE_KEY");
+    expect(creds.endpoint).toBe("https://tes-demo.api.pentatonic.com");
+    expect(creds.clientId).toBe("tes-demo");
+  });
+
+  it("fails non-zero when /oauth/token rejects the code", async () => {
+    fetchMock.mockResolvedValueOnce({
+      ok: false,
+      status: 400,
+      json: async () => ({ error: "invalid_grant" }),
+    });
+    const result = await runLoginCommand({
+      endpoint: "https://api.pentatonic.com",
+      openBrowser: jest.fn(),
+      log: () => {},
+      errLog: () => {},
+    });
+    expect(result.exitCode).not.toBe(0);
+  });
+
+  it("fails non-zero when createClientApiToken fails", async () => {
+    const accessToken = fakeJwt({ client_id: "tes-demo" });
+    fetchMock
+      .mockResolvedValueOnce({
+        ok: true,
+        status: 200,
+        json: async () => ({ access_token: accessToken, expires_in: 300 }),
+      })
+      .mockResolvedValueOnce({
+        ok: true,
+        status: 200,
+        json: async () => ({ errors: [{ message: "permission denied" }] }),
+      });
+    const result = await runLoginCommand({
+      endpoint: "https://api.pentatonic.com",
+      openBrowser: jest.fn(),
+      log: () => {},
+      errLog: () => {},
+    });
+    expect(result.exitCode).not.toBe(0);
+  });
+
+  it("propagates port-conflict failure from callback-server", async () => {
+    startCallbackServer.mockRejectedValueOnce(
+      new Error("Could not bind to any of ports: 14171, 14172, 14173")
+    );
+    const result = await runLoginCommand({
+      endpoint: "https://api.pentatonic.com",
+      openBrowser: jest.fn(),
+      log: () => {},
+      errLog: () => {},
+    });
+    expect(result.exitCode).not.toBe(0);
+  });
+});
+
+describe("init alias", () => {
+  let runInitAlias;
+  let runLoginCommand;
+  let startCallbackServer;
+  let fetchMock;
+  let tmp;
+
+  beforeEach(async () => {
+    tmp = await mkdtemp(join(tmpdir(), "tes-login-"));
+    process.env.XDG_CONFIG_HOME = tmp;
+
+    const cb = await import("../lib/callback-server.js");
+    startCallbackServer = cb.startCallbackServer;
+    startCallbackServer.mockReset();
+    startCallbackServer.mockRejectedValue(new Error("not bound for this test"));
+
+    fetchMock = jest.fn();
+    globalThis.fetch = fetchMock;
+
+    ({ runInitAlias, runLoginCommand } = await import("../commands/login.js"));
+  });
+
+  afterEach(async () => {
+    await rm(tmp, { recursive: true, force: true });
+    delete process.env.XDG_CONFIG_HOME;
+  });
+
+  it("emits a one-line deprecation warning to stderr and delegates to login", async () => {
+    const errs = [];
+    const errLog = (m) => errs.push(m);
+    const result = await runInitAlias({
+      endpoint: "https://api.pentatonic.com",
+      openBrowser: jest.fn(),
+      log: () => {},
+      errLog,
+    });
+    expect(errs.join("\n")).toMatch(/init.*deprecated.*login/i);
+    expect(typeof result.exitCode).toBe("number");
+  });
+});

package/bin/__tests__/pkce.test.js

@@ -0,0 +1,39 @@
+import { generatePKCE } from "../lib/pkce.js";
+import { createHash } from "node:crypto";
+
+describe("generatePKCE", () => {
+  it("returns verifier between 43 and 128 chars (RFC 7636)", () => {
+    const { verifier } = generatePKCE();
+    expect(verifier.length).toBeGreaterThanOrEqual(43);
+    expect(verifier.length).toBeLessThanOrEqual(128);
+  });
+
+  it("verifier uses unreserved URL characters only", () => {
+    const { verifier } = generatePKCE();
+    expect(verifier).toMatch(/^[A-Za-z0-9\-._~]+$/);
+  });
+
+  it("challenge is base64url(SHA-256(verifier)) per RFC 7636", () => {
+    const { verifier, challenge } = generatePKCE();
+    const expected = createHash("sha256")
+      .update(verifier)
+      .digest("base64")
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+    expect(challenge).toBe(expected);
+  });
+
+  it("returns a 32-byte (43-char base64url) state", () => {
+    const { state } = generatePKCE();
+    expect(state.length).toBeGreaterThanOrEqual(43);
+    expect(state).toMatch(/^[A-Za-z0-9\-._~]+$/);
+  });
+
+  it("two calls produce distinct verifier and state", () => {
+    const a = generatePKCE();
+    const b = generatePKCE();
+    expect(a.verifier).not.toBe(b.verifier);
+    expect(a.state).not.toBe(b.state);
+  });
+});

package/bin/__tests__/whoami.test.js

@@ -0,0 +1,77 @@
+import { jest } from "@jest/globals";
+import { mkdtemp, rm, writeFile, mkdir } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+let runWhoamiCommand;
+
+describe("whoami command", () => {
+  let tmp;
+  let logs;
+  let errs;
+  let log;
+  let errLog;
+  let fetchMock;
+
+  beforeEach(async () => {
+    tmp = await mkdtemp(join(tmpdir(), "tes-whoami-"));
+    process.env.XDG_CONFIG_HOME = tmp;
+    logs = [];
+    errs = [];
+    log = (m) => logs.push(m);
+    errLog = (m) => errs.push(m);
+    fetchMock = jest.fn();
+    globalThis.fetch = fetchMock;
+    ({ runWhoamiCommand } = await import("../commands/whoami.js"));
+  });
+
+  afterEach(async () => {
+    await rm(tmp, { recursive: true, force: true });
+    delete process.env.XDG_CONFIG_HOME;
+  });
+
+  async function writeCreds(creds) {
+    const dir = join(tmp, "tes");
+    await mkdir(dir, { recursive: true });
+    await writeFile(join(dir, "credentials.json"), JSON.stringify(creds));
+  }
+
+  it("prints 'Not logged in' and exits 1 when no credentials", async () => {
+    const result = await runWhoamiCommand({ log, errLog });
+    expect(result.exitCode).toBe(1);
+    expect(logs.join("\n")).toMatch(/not logged in|run login/i);
+  });
+
+  it("prints tenant identity on healthy creds", async () => {
+    await writeCreds({
+      endpoint: "https://tes-demo.api.pentatonic.com",
+      clientId: "tes-demo",
+      apiKey: "tes_xxx",
+    });
+    fetchMock.mockResolvedValueOnce({
+      ok: true,
+      status: 200,
+      json: async () => ({ data: { memoryLayers: [{ id: "ml_tes-demo_episodic" }] } }),
+    });
+    const result = await runWhoamiCommand({ log, errLog });
+    expect(result.exitCode).toBe(0);
+    expect(logs.join("\n")).toMatch(/tes-demo/);
+  });
+
+  it("warns about invalid creds on 401 and exits 2", async () => {
+    await writeCreds({
+      endpoint: "https://tes-demo.api.pentatonic.com",
+      clientId: "tes-demo",
+      apiKey: "tes_xxx",
+    });
+    fetchMock.mockResolvedValueOnce({
+      ok: false,
+      status: 401,
+      json: async () => ({ errors: [{ message: "unauthorized" }] }),
+      text: async () => "unauthorized",
+    });
+    const result = await runWhoamiCommand({ log, errLog });
+    expect(result.exitCode).toBe(2);
+    expect(errs.join("\n") + logs.join("\n")).toMatch(/invalid|run login/i);
+  });
+});