@skillsmith/core 0.8.2 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/dist/.tsbuildinfo +1 -1
- package/dist/src/config/device-identity.d.ts +113 -0
- package/dist/src/config/device-identity.d.ts.map +1 -0
- package/dist/src/config/device-identity.js +171 -0
- package/dist/src/config/device-identity.js.map +1 -0
- package/dist/src/config/device-identity.test.d.ts +10 -0
- package/dist/src/config/device-identity.test.d.ts.map +1 -0
- package/dist/src/config/device-identity.test.js +213 -0
- package/dist/src/config/device-identity.test.js.map +1 -0
- package/dist/src/config/index.d.ts +9 -0
- package/dist/src/config/index.d.ts.map +1 -1
- package/dist/src/config/index.js.map +1 -1
- package/dist/src/exports/services.d.ts +1 -1
- package/dist/src/exports/services.d.ts.map +1 -1
- package/dist/src/exports/services.js +5 -1
- package/dist/src/exports/services.js.map +1 -1
- package/dist/src/index.d.ts +2 -1
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +3 -1
- package/dist/src/index.js.map +1 -1
- package/dist/src/install/index.d.ts +1 -1
- package/dist/src/install/index.d.ts.map +1 -1
- package/dist/src/install/index.js +1 -1
- package/dist/src/install/index.js.map +1 -1
- package/dist/src/install/paths.d.ts +16 -0
- package/dist/src/install/paths.d.ts.map +1 -1
- package/dist/src/install/paths.js +22 -0
- package/dist/src/install/paths.js.map +1 -1
- package/dist/src/install/paths.test.d.ts +2 -0
- package/dist/src/install/paths.test.d.ts.map +1 -0
- package/dist/src/install/paths.test.js +61 -0
- package/dist/src/install/paths.test.js.map +1 -0
- package/dist/src/security/scanner/SecurityScanner.scanners.d.ts +10 -0
- package/dist/src/security/scanner/SecurityScanner.scanners.d.ts.map +1 -1
- package/dist/src/security/scanner/SecurityScanner.scanners.js +68 -1
- package/dist/src/security/scanner/SecurityScanner.scanners.js.map +1 -1
- package/dist/src/sync/index.d.ts +6 -0
- package/dist/src/sync/index.d.ts.map +1 -1
- package/dist/src/sync/index.js +8 -0
- package/dist/src/sync/index.js.map +1 -1
- package/dist/src/sync/inventory-builder.d.ts +21 -0
- package/dist/src/sync/inventory-builder.d.ts.map +1 -0
- package/dist/src/sync/inventory-builder.js +26 -0
- package/dist/src/sync/inventory-builder.js.map +1 -0
- package/dist/src/sync/inventory-client.d.ts +64 -0
- package/dist/src/sync/inventory-client.d.ts.map +1 -0
- package/dist/src/sync/inventory-client.js +150 -0
- package/dist/src/sync/inventory-client.js.map +1 -0
- package/dist/src/sync/inventory-client.test.d.ts +14 -0
- package/dist/src/sync/inventory-client.test.d.ts.map +1 -0
- package/dist/src/sync/inventory-client.test.js +146 -0
- package/dist/src/sync/inventory-client.test.js.map +1 -0
- package/dist/src/sync/inventory-collector.d.ts +35 -0
- package/dist/src/sync/inventory-collector.d.ts.map +1 -0
- package/dist/src/sync/inventory-collector.js +149 -0
- package/dist/src/sync/inventory-collector.js.map +1 -0
- package/dist/src/sync/inventory-collector.test.d.ts +14 -0
- package/dist/src/sync/inventory-collector.test.d.ts.map +1 -0
- package/dist/src/sync/inventory-collector.test.js +107 -0
- package/dist/src/sync/inventory-collector.test.js.map +1 -0
- package/dist/src/sync/inventory-device.d.ts +36 -0
- package/dist/src/sync/inventory-device.d.ts.map +1 -0
- package/dist/src/sync/inventory-device.js +58 -0
- package/dist/src/sync/inventory-device.js.map +1 -0
- package/dist/src/sync/inventory-push.d.ts +45 -0
- package/dist/src/sync/inventory-push.d.ts.map +1 -0
- package/dist/src/sync/inventory-push.js +62 -0
- package/dist/src/sync/inventory-push.js.map +1 -0
- package/dist/src/sync/inventory-push.test.d.ts +16 -0
- package/dist/src/sync/inventory-push.test.d.ts.map +1 -0
- package/dist/src/sync/inventory-push.test.js +104 -0
- package/dist/src/sync/inventory-push.test.js.map +1 -0
- package/dist/src/sync/inventory-types.d.ts +101 -0
- package/dist/src/sync/inventory-types.d.ts.map +1 -0
- package/dist/src/sync/inventory-types.js +42 -0
- package/dist/src/sync/inventory-types.js.map +1 -0
- package/dist/tests/security/pii-detection.test.js +107 -0
- package/dist/tests/security/pii-detection.test.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Inventory upload HTTP client (SMI-5392, umbrella SMI-5382).
|
|
3
|
+
*
|
|
4
|
+
* Authenticates with the stored device-login session (JWT + refresh) and POSTs a
|
|
5
|
+
* full inventory snapshot to the gateway-verified `inventory-upload` edge
|
|
6
|
+
* function. Maps the edge function's status codes onto typed errors so callers
|
|
7
|
+
* (CLI command, MCP tool) can render precise, actionable messages.
|
|
8
|
+
*
|
|
9
|
+
* @module @skillsmith/core/sync/inventory-client
|
|
10
|
+
*/
|
|
11
|
+
import { loadCredentials, refreshAccessToken, storeCredentials, } from '../config/token-credentials.js';
|
|
12
|
+
import { DEFAULT_BASE_URL, PRODUCTION_ANON_KEY } from '../api/utils.js';
|
|
13
|
+
/**
|
|
14
|
+
* No usable session (no stored credentials, or a refresh that failed). The
|
|
15
|
+
* message hints at the recovery action so the CLI/MCP surface can relay it.
|
|
16
|
+
*
|
|
17
|
+
* @see SMI-5392
|
|
18
|
+
*/
|
|
19
|
+
export class InventoryAuthError extends Error {
|
|
20
|
+
constructor(message = 'Not authenticated. Run `skillsmith login` and try again.') {
|
|
21
|
+
super(message);
|
|
22
|
+
this.name = 'InventoryAuthError';
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* The `device_id` is already owned by another user (HTTP 409). The user must
|
|
27
|
+
* forget the local device and re-register before retrying.
|
|
28
|
+
*
|
|
29
|
+
* @see SMI-5392
|
|
30
|
+
*/
|
|
31
|
+
export class InventoryConflictError extends Error {
|
|
32
|
+
constructor(message = 'device_conflict') {
|
|
33
|
+
super(message);
|
|
34
|
+
this.name = 'InventoryConflictError';
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* The server rejected the payload as malformed (HTTP 400) — e.g.
|
|
39
|
+
* `device_id_required`, `too_many_skills`, or an invalid field.
|
|
40
|
+
*
|
|
41
|
+
* @see SMI-5392
|
|
42
|
+
*/
|
|
43
|
+
export class InventoryValidationError extends Error {
|
|
44
|
+
constructor(message = 'invalid payload') {
|
|
45
|
+
super(message);
|
|
46
|
+
this.name = 'InventoryValidationError';
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Catch-all for transport failures and unexpected server responses (HTTP 5xx,
|
|
51
|
+
* network errors, unparseable bodies).
|
|
52
|
+
*
|
|
53
|
+
* @see SMI-5392
|
|
54
|
+
*/
|
|
55
|
+
export class InventoryUploadError extends Error {
|
|
56
|
+
constructor(message) {
|
|
57
|
+
super(message);
|
|
58
|
+
this.name = 'InventoryUploadError';
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
/** Refresh the access token this many ms before it actually expires. */
|
|
62
|
+
const TOKEN_REFRESH_SKEW_MS = 60_000;
|
|
63
|
+
/**
|
|
64
|
+
* Resolve a fresh access token, refreshing (and persisting) if the stored one is
|
|
65
|
+
* within {@link TOKEN_REFRESH_SKEW_MS} of expiry.
|
|
66
|
+
*
|
|
67
|
+
* @throws {InventoryAuthError} When no credentials exist or the refresh fails.
|
|
68
|
+
*/
|
|
69
|
+
async function resolveAccessToken() {
|
|
70
|
+
const creds = await loadCredentials();
|
|
71
|
+
if (!creds)
|
|
72
|
+
throw new InventoryAuthError();
|
|
73
|
+
if (creds.expiresAt <= Date.now() + TOKEN_REFRESH_SKEW_MS) {
|
|
74
|
+
const refreshed = await refreshAccessToken(creds.refreshToken);
|
|
75
|
+
if (!refreshed)
|
|
76
|
+
throw new InventoryAuthError();
|
|
77
|
+
await storeCredentials(refreshed);
|
|
78
|
+
return refreshed.accessToken;
|
|
79
|
+
}
|
|
80
|
+
return creds.accessToken;
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Best-effort extraction of the server's `{ error: string }` body so a typed
|
|
84
|
+
* error can carry the precise server message. Returns `null` when the body is
|
|
85
|
+
* absent or not JSON.
|
|
86
|
+
*/
|
|
87
|
+
async function readServerError(res) {
|
|
88
|
+
try {
|
|
89
|
+
const body = (await res.json());
|
|
90
|
+
return typeof body.error === 'string' ? body.error : null;
|
|
91
|
+
}
|
|
92
|
+
catch {
|
|
93
|
+
return null;
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* Upload a full inventory snapshot for this device.
|
|
98
|
+
*
|
|
99
|
+
* A `200` response is returned verbatim — this INCLUDES the consent-off no-op
|
|
100
|
+
* `{ ok: true, applied: false, reason: 'consent_disabled' }`, which is a success,
|
|
101
|
+
* not an error.
|
|
102
|
+
*
|
|
103
|
+
* @param payload - The device + skills snapshot to upload.
|
|
104
|
+
* @returns The edge function's {@link InventoryUploadResult}.
|
|
105
|
+
* @throws {InventoryAuthError} HTTP 401, or no/expired session.
|
|
106
|
+
* @throws {InventoryConflictError} HTTP 409 (device owned by another user).
|
|
107
|
+
* @throws {InventoryValidationError} HTTP 400 (malformed / oversized payload).
|
|
108
|
+
* @throws {InventoryUploadError} HTTP 5xx, network failure, or unparseable 200 body.
|
|
109
|
+
* @see SMI-5392
|
|
110
|
+
*/
|
|
111
|
+
export async function uploadInventory(payload) {
|
|
112
|
+
const accessToken = await resolveAccessToken();
|
|
113
|
+
let res;
|
|
114
|
+
try {
|
|
115
|
+
res = await fetch(`${DEFAULT_BASE_URL}/inventory-upload`, {
|
|
116
|
+
method: 'POST',
|
|
117
|
+
headers: {
|
|
118
|
+
'Content-Type': 'application/json',
|
|
119
|
+
apikey: PRODUCTION_ANON_KEY,
|
|
120
|
+
Authorization: `Bearer ${accessToken}`,
|
|
121
|
+
},
|
|
122
|
+
body: JSON.stringify(payload),
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
catch (error) {
|
|
126
|
+
const detail = error instanceof Error ? error.message : String(error);
|
|
127
|
+
throw new InventoryUploadError(`Inventory upload request failed: ${detail}`);
|
|
128
|
+
}
|
|
129
|
+
if (res.ok) {
|
|
130
|
+
try {
|
|
131
|
+
return (await res.json());
|
|
132
|
+
}
|
|
133
|
+
catch (error) {
|
|
134
|
+
const detail = error instanceof Error ? error.message : String(error);
|
|
135
|
+
throw new InventoryUploadError(`Inventory upload returned an unreadable body: ${detail}`);
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
const serverError = await readServerError(res);
|
|
139
|
+
switch (res.status) {
|
|
140
|
+
case 401:
|
|
141
|
+
throw new InventoryAuthError();
|
|
142
|
+
case 409:
|
|
143
|
+
throw new InventoryConflictError(serverError ?? 'device_conflict');
|
|
144
|
+
case 400:
|
|
145
|
+
throw new InventoryValidationError(serverError ?? 'invalid payload');
|
|
146
|
+
default:
|
|
147
|
+
throw new InventoryUploadError(`Inventory upload failed (HTTP ${res.status})${serverError ? `: ${serverError}` : ''}`);
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
//# sourceMappingURL=inventory-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inventory-client.js","sourceRoot":"","sources":["../../../src/sync/inventory-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAA;AAGvE;;;;;GAKG;AACH,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAC3C,YAAY,OAAO,GAAG,0DAA0D;QAC9E,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAA;IAClC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/C,YAAY,OAAO,GAAG,iBAAiB;QACrC,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAA;IACtC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD,YAAY,OAAO,GAAG,iBAAiB;QACrC,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAA;IACxC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAA;IACpC,CAAC;CACF;AAED,wEAAwE;AACxE,MAAM,qBAAqB,GAAG,MAAM,CAAA;AAEpC;;;;;GAKG;AACH,KAAK,UAAU,kBAAkB;IAC/B,MAAM,KAAK,GAAG,MAAM,eAAe,EAAE,CAAA;IACrC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,kBAAkB,EAAE,CAAA;IAE1C,IAAI,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,qBAAqB,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAC9D,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,kBAAkB,EAAE,CAAA;QAC9C,MAAM,gBAAgB,CAAC,SAAS,CAAC,CAAA;QACjC,OAAO,SAAS,CAAC,WAAW,CAAA;IAC9B,CAAC;IAED,OAAO,KAAK,CAAC,WAAW,CAAA;AAC1B,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAAC,GAAa;IAC1C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAA;QACtD,OAAO,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA+B;IAE/B,MAAM,WAAW,GAAG,MAAM,kBAAkB,EAAE,CAAA;IAE9C,IAAI,GAAa,CAAA;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,gBAAgB,mBAAmB,EAAE;YACxD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,mBAAmB;gBAC3B,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QACrE,MAAM,IAAI,oBAAoB,CAAC,oCAAoC,MAAM,EAAE,CAAC,CAAA;IAC9E,CAAC;IAED,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;QACX,IAAI,CAAC;YACH,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA0B,CAAA;QACpD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YACrE,MAAM,IAAI,oBAAoB,CAAC,iDAAiD,MAAM,EAAE,CAAC,CAAA;QAC3F,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAA;IAC9C,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;QACnB,KAAK,GAAG;YACN,MAAM,IAAI,kBAAkB,EAAE,CAAA;QAChC,KAAK,GAAG;YACN,MAAM,IAAI,sBAAsB,CAAC,WAAW,IAAI,iBAAiB,CAAC,CAAA;QACpE,KAAK,GAAG;YACN,MAAM,IAAI,wBAAwB,CAAC,WAAW,IAAI,iBAAiB,CAAC,CAAA;QACtE;YACE,MAAM,IAAI,oBAAoB,CAC5B,iCAAiC,GAAG,CAAC,MAAM,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACvF,CAAA;IACL,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* inventory-client tests (SMI-5392).
|
|
3
|
+
*
|
|
4
|
+
* Mocks the token-credentials module and global fetch.
|
|
5
|
+
*
|
|
6
|
+
* UC-1: no credentials -> InventoryAuthError, no fetch.
|
|
7
|
+
* UC-2: expired credentials -> refresh path runs, new creds stored, new token used.
|
|
8
|
+
* UC-3: expired credentials + failed refresh -> InventoryAuthError.
|
|
9
|
+
* UC-4: 200 body returned verbatim (incl. the consent-off no-op).
|
|
10
|
+
* UC-5: 401 / 409 / 400 / 500 -> the matching typed error.
|
|
11
|
+
* UC-6: network throw -> InventoryUploadError.
|
|
12
|
+
*/
|
|
13
|
+
export {};
|
|
14
|
+
//# sourceMappingURL=inventory-client.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inventory-client.test.d.ts","sourceRoot":"","sources":["../../../src/sync/inventory-client.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* inventory-client tests (SMI-5392).
|
|
3
|
+
*
|
|
4
|
+
* Mocks the token-credentials module and global fetch.
|
|
5
|
+
*
|
|
6
|
+
* UC-1: no credentials -> InventoryAuthError, no fetch.
|
|
7
|
+
* UC-2: expired credentials -> refresh path runs, new creds stored, new token used.
|
|
8
|
+
* UC-3: expired credentials + failed refresh -> InventoryAuthError.
|
|
9
|
+
* UC-4: 200 body returned verbatim (incl. the consent-off no-op).
|
|
10
|
+
* UC-5: 401 / 409 / 400 / 500 -> the matching typed error.
|
|
11
|
+
* UC-6: network throw -> InventoryUploadError.
|
|
12
|
+
*/
|
|
13
|
+
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
|
|
14
|
+
vi.mock('../config/token-credentials.js', () => ({
|
|
15
|
+
loadCredentials: vi.fn(),
|
|
16
|
+
refreshAccessToken: vi.fn(),
|
|
17
|
+
storeCredentials: vi.fn(),
|
|
18
|
+
}));
|
|
19
|
+
import { loadCredentials, refreshAccessToken, storeCredentials, } from '../config/token-credentials.js';
|
|
20
|
+
import { uploadInventory, InventoryAuthError, InventoryConflictError, InventoryValidationError, InventoryUploadError, } from './inventory-client.js';
|
|
21
|
+
const fetchMock = vi.fn();
|
|
22
|
+
const payload = {
|
|
23
|
+
device: { device_id: '11111111-1111-4111-8111-111111111111' },
|
|
24
|
+
skills: [],
|
|
25
|
+
};
|
|
26
|
+
function jsonResponse(body, status) {
|
|
27
|
+
return new Response(JSON.stringify(body), {
|
|
28
|
+
status,
|
|
29
|
+
headers: { 'Content-Type': 'application/json' },
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
const futureCreds = {
|
|
33
|
+
accessToken: 'at_valid',
|
|
34
|
+
refreshToken: 'rt_valid',
|
|
35
|
+
expiresAt: Date.now() + 3_600_000,
|
|
36
|
+
version: 2,
|
|
37
|
+
};
|
|
38
|
+
describe('inventory-client', () => {
|
|
39
|
+
beforeEach(() => {
|
|
40
|
+
vi.clearAllMocks();
|
|
41
|
+
vi.stubGlobal('fetch', fetchMock);
|
|
42
|
+
});
|
|
43
|
+
afterEach(() => {
|
|
44
|
+
vi.unstubAllGlobals();
|
|
45
|
+
});
|
|
46
|
+
it('UC-1: throws InventoryAuthError when no credentials are stored', async () => {
|
|
47
|
+
vi.mocked(loadCredentials).mockResolvedValue(null);
|
|
48
|
+
await expect(uploadInventory(payload)).rejects.toBeInstanceOf(InventoryAuthError);
|
|
49
|
+
expect(fetchMock).not.toHaveBeenCalled();
|
|
50
|
+
});
|
|
51
|
+
it('UC-2: refreshes + stores when the access token is near expiry, then uses the new token', async () => {
|
|
52
|
+
vi.mocked(loadCredentials).mockResolvedValue({
|
|
53
|
+
accessToken: 'at_expired',
|
|
54
|
+
refreshToken: 'rt_old',
|
|
55
|
+
expiresAt: Date.now() - 1_000,
|
|
56
|
+
version: 2,
|
|
57
|
+
});
|
|
58
|
+
vi.mocked(refreshAccessToken).mockResolvedValue({
|
|
59
|
+
accessToken: 'at_new',
|
|
60
|
+
refreshToken: 'rt_new',
|
|
61
|
+
expiresAt: Date.now() + 3_600_000,
|
|
62
|
+
version: 2,
|
|
63
|
+
});
|
|
64
|
+
fetchMock.mockResolvedValue(jsonResponse({ ok: true, applied: true, device_id: 'd' }, 200));
|
|
65
|
+
const result = await uploadInventory(payload);
|
|
66
|
+
expect(refreshAccessToken).toHaveBeenCalledWith('rt_old');
|
|
67
|
+
expect(storeCredentials).toHaveBeenCalledWith(expect.objectContaining({ accessToken: 'at_new', version: 2 }));
|
|
68
|
+
expect(fetchMock).toHaveBeenCalledWith(expect.stringContaining('/inventory-upload'), expect.objectContaining({
|
|
69
|
+
method: 'POST',
|
|
70
|
+
headers: expect.objectContaining({ Authorization: 'Bearer at_new' }),
|
|
71
|
+
}));
|
|
72
|
+
expect(result.applied).toBe(true);
|
|
73
|
+
});
|
|
74
|
+
it('UC-3: throws InventoryAuthError when the refresh fails', async () => {
|
|
75
|
+
vi.mocked(loadCredentials).mockResolvedValue({
|
|
76
|
+
accessToken: 'at_expired',
|
|
77
|
+
refreshToken: 'rt_old',
|
|
78
|
+
expiresAt: Date.now() - 1_000,
|
|
79
|
+
version: 2,
|
|
80
|
+
});
|
|
81
|
+
vi.mocked(refreshAccessToken).mockResolvedValue(null);
|
|
82
|
+
await expect(uploadInventory(payload)).rejects.toBeInstanceOf(InventoryAuthError);
|
|
83
|
+
expect(fetchMock).not.toHaveBeenCalled();
|
|
84
|
+
});
|
|
85
|
+
it('UC-4: returns the 200 body verbatim, including the consent-off no-op', async () => {
|
|
86
|
+
vi.mocked(loadCredentials).mockResolvedValue(futureCreds);
|
|
87
|
+
const consentOff = { ok: true, applied: false, reason: 'consent_disabled' };
|
|
88
|
+
fetchMock.mockResolvedValue(jsonResponse(consentOff, 200));
|
|
89
|
+
const result = await uploadInventory(payload);
|
|
90
|
+
expect(result).toEqual(consentOff);
|
|
91
|
+
expect(refreshAccessToken).not.toHaveBeenCalled();
|
|
92
|
+
});
|
|
93
|
+
it('UC-5a: maps 401 to InventoryAuthError', async () => {
|
|
94
|
+
vi.mocked(loadCredentials).mockResolvedValue(futureCreds);
|
|
95
|
+
fetchMock.mockResolvedValue(jsonResponse({ error: 'authentication_required' }, 401));
|
|
96
|
+
await expect(uploadInventory(payload)).rejects.toBeInstanceOf(InventoryAuthError);
|
|
97
|
+
});
|
|
98
|
+
it('UC-5b: maps 409 to InventoryConflictError', async () => {
|
|
99
|
+
vi.mocked(loadCredentials).mockResolvedValue(futureCreds);
|
|
100
|
+
fetchMock.mockResolvedValue(jsonResponse({ error: 'device_conflict' }, 409));
|
|
101
|
+
await expect(uploadInventory(payload)).rejects.toBeInstanceOf(InventoryConflictError);
|
|
102
|
+
});
|
|
103
|
+
it('UC-5c: maps 400 to InventoryValidationError carrying the server message', async () => {
|
|
104
|
+
vi.mocked(loadCredentials).mockResolvedValue(futureCreds);
|
|
105
|
+
fetchMock.mockResolvedValue(jsonResponse({ error: 'too_many_skills' }, 400));
|
|
106
|
+
// Single call: the mocked Response body can only be read once.
|
|
107
|
+
const error = await uploadInventory(payload).catch((e) => e);
|
|
108
|
+
expect(error).toBeInstanceOf(InventoryValidationError);
|
|
109
|
+
expect(error.message).toBe('too_many_skills');
|
|
110
|
+
});
|
|
111
|
+
it('UC-5d: maps 500 to InventoryUploadError', async () => {
|
|
112
|
+
vi.mocked(loadCredentials).mockResolvedValue(futureCreds);
|
|
113
|
+
fetchMock.mockResolvedValue(jsonResponse({ error: 'server_error' }, 500));
|
|
114
|
+
await expect(uploadInventory(payload)).rejects.toBeInstanceOf(InventoryUploadError);
|
|
115
|
+
});
|
|
116
|
+
it('UC-6: wraps a network throw in InventoryUploadError', async () => {
|
|
117
|
+
vi.mocked(loadCredentials).mockResolvedValue(futureCreds);
|
|
118
|
+
fetchMock.mockRejectedValue(new Error('ECONNREFUSED'));
|
|
119
|
+
await expect(uploadInventory(payload)).rejects.toBeInstanceOf(InventoryUploadError);
|
|
120
|
+
});
|
|
121
|
+
// Security invariant: tokens must never appear in error message strings.
|
|
122
|
+
// Covers both the non-200 response path and the network-throw path.
|
|
123
|
+
it('UC-7: error messages do not leak access tokens or refresh tokens (security invariant)', async () => {
|
|
124
|
+
const sentinelCreds = {
|
|
125
|
+
accessToken: 'at_SECRET_5392',
|
|
126
|
+
refreshToken: 'rt_SECRET_5392',
|
|
127
|
+
expiresAt: Date.now() + 3_600_000,
|
|
128
|
+
version: 2,
|
|
129
|
+
};
|
|
130
|
+
// Non-200 path: 500 → InventoryUploadError whose message must not contain tokens.
|
|
131
|
+
vi.mocked(loadCredentials).mockResolvedValue(sentinelCreds);
|
|
132
|
+
fetchMock.mockResolvedValue(jsonResponse({ error: 'server_error' }, 500));
|
|
133
|
+
const err500 = await uploadInventory(payload).catch((e) => e);
|
|
134
|
+
expect(err500).toBeInstanceOf(InventoryUploadError);
|
|
135
|
+
expect(err500.message).not.toContain('at_SECRET_5392');
|
|
136
|
+
expect(err500.message).not.toContain('rt_SECRET_5392');
|
|
137
|
+
// Network-throw path: fetch rejects → InventoryUploadError whose message must not contain tokens.
|
|
138
|
+
vi.mocked(loadCredentials).mockResolvedValue(sentinelCreds);
|
|
139
|
+
fetchMock.mockRejectedValue(new Error('ECONNREFUSED'));
|
|
140
|
+
const errNet = await uploadInventory(payload).catch((e) => e);
|
|
141
|
+
expect(errNet).toBeInstanceOf(InventoryUploadError);
|
|
142
|
+
expect(errNet.message).not.toContain('at_SECRET_5392');
|
|
143
|
+
expect(errNet.message).not.toContain('rt_SECRET_5392');
|
|
144
|
+
});
|
|
145
|
+
});
|
|
146
|
+
//# sourceMappingURL=inventory-client.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inventory-client.test.js","sourceRoot":"","sources":["../../../src/sync/inventory-client.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;AAExE,EAAE,CAAC,IAAI,CAAC,gCAAgC,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/C,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;IACxB,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE;IAC3B,gBAAgB,EAAE,EAAE,CAAC,EAAE,EAAE;CAC1B,CAAC,CAAC,CAAA;AAEH,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,uBAAuB,CAAA;AAG9B,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAgB,CAAA;AAEvC,MAAM,OAAO,GAA2B;IACtC,MAAM,EAAE,EAAE,SAAS,EAAE,sCAAsC,EAAE;IAC7D,MAAM,EAAE,EAAE;CACX,CAAA;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAc;IACjD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,WAAW,EAAE,UAAU;IACvB,YAAY,EAAE,UAAU;IACxB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;IACjC,OAAO,EAAE,CAAU;CACpB,CAAA;AAED,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAA;QAClB,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,gBAAgB,EAAE,CAAA;IACvB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAA;QAElD,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAA;QACjF,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC1C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wFAAwF,EAAE,KAAK,IAAI,EAAE;QACtG,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC;YAC3C,WAAW,EAAE,YAAY;YACzB,YAAY,EAAE,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC7B,OAAO,EAAE,CAAC;SACX,CAAC,CAAA;QACF,EAAE,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,iBAAiB,CAAC;YAC9C,WAAW,EAAE,QAAQ;YACrB,YAAY,EAAE,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YACjC,OAAO,EAAE,CAAC;SACX,CAAC,CAAA;QACF,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC,CAAA;QAE3F,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAA;QAE7C,MAAM,CAAC,kBAAkB,CAAC,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;QACzD,MAAM,CAAC,gBAAgB,CAAC,CAAC,oBAAoB,CAC3C,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAC/D,CAAA;QACD,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,EAC5C,MAAM,CAAC,gBAAgB,CAAC;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC;SACrE,CAAC,CACH,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC;YAC3C,WAAW,EAAE,YAAY;YACzB,YAAY,EAAE,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC7B,OAAO,EAAE,CAAC;SACX,CAAC,CAAA;QACF,EAAE,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAA;QAErD,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAA;QACjF,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC1C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;QACpF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAA;QAC3E,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAA;QAE1D,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAA;QAE7C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAClC,MAAM,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IACnD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACzD,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,GAAG,CAAC,CAAC,CAAA;QAEpF,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACzD,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC,CAAA;QAE5E,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,sBAAsB,CAAC,CAAA;IACvF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACzD,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC,CAAA;QAE5E,+DAA+D;QAC/D,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAA;QACrE,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAA;QACtD,MAAM,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;IAC1D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACzD,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC,CAAA;QAEzE,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAA;IACrF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACzD,SAAS,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;QAEtD,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAA;IACrF,CAAC,CAAC,CAAA;IAEF,yEAAyE;IACzE,oEAAoE;IACpE,EAAE,CAAC,uFAAuF,EAAE,KAAK,IAAI,EAAE;QACrG,MAAM,aAAa,GAAG;YACpB,WAAW,EAAE,gBAAgB;YAC7B,YAAY,EAAE,gBAAgB;YAC9B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YACjC,OAAO,EAAE,CAAU;SACpB,CAAA;QAED,kFAAkF;QAClF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAA;QAC3D,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC,CAAA;QAEzE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAA;QACtE,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAA;QACnD,MAAM,CAAE,MAAgB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAA;QACjE,MAAM,CAAE,MAAgB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAA;QAEjE,kGAAkG;QAClG,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAA;QAC3D,SAAS,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;QAEtD,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAA;QACtE,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAA;QACnD,MAAM,CAAE,MAAgB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAA;QACjE,MAAM,CAAE,MAAgB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAA;IACnE,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cross-harness skill collector (SMI-5392, umbrella SMI-5382).
|
|
3
|
+
*
|
|
4
|
+
* Walks every known harness skill directory (`CLIENT_NATIVE_PATHS`) and emits
|
|
5
|
+
* one {@link InventorySkillEntry} per (harness, skill) observed on disk. This is
|
|
6
|
+
* the shared scanner that both the CLI `inventory push` command (Wave 3) and the
|
|
7
|
+
* MCP inventory tool call before handing the snapshot to {@link uploadInventory}.
|
|
8
|
+
*
|
|
9
|
+
* Design parity with the CLI scanner at
|
|
10
|
+
* `packages/cli/src/utils/skills-directory.ts`:
|
|
11
|
+
* - Uses the SAME {@link SkillParser} to resolve `skill_id` / `version`.
|
|
12
|
+
* - Realpath-deduplicates ACROSS harnesses (collapses symlink aliases), but does
|
|
13
|
+
* NOT name-deduplicate — the same skill independently installed under two
|
|
14
|
+
* harnesses is two distinct rows (the `device_skills` PK is `(harness, skill_id)`).
|
|
15
|
+
*
|
|
16
|
+
* @module @skillsmith/core/sync/inventory-collector
|
|
17
|
+
*/
|
|
18
|
+
import type { InventorySkillEntry } from './inventory-types.js';
|
|
19
|
+
/**
|
|
20
|
+
* Collect every harness-installed skill on this device as inventory entries.
|
|
21
|
+
*
|
|
22
|
+
* Scans each harness in {@link CLIENT_IDS} order. Repo-local `./.claude/skills`
|
|
23
|
+
* is intentionally excluded — inventory tracks harness-installed skills only, and
|
|
24
|
+
* `harness` is always a {@link ClientId}, never `'local'`.
|
|
25
|
+
*
|
|
26
|
+
* The result is NOT truncated to `INVENTORY_LIMITS.MAX_SKILLS`. Exceeding
|
|
27
|
+
* the cap is a real condition the caller / edge function must enforce (returning
|
|
28
|
+
* a `too_many_skills` 400) — silently dropping skills here would corrupt the
|
|
29
|
+
* server-side reconcile by making present skills look absent.
|
|
30
|
+
*
|
|
31
|
+
* @returns One entry per (harness, skill), realpath-deduplicated across harnesses.
|
|
32
|
+
* @see SMI-5392
|
|
33
|
+
*/
|
|
34
|
+
export declare function collectDeviceSkills(): Promise<InventorySkillEntry[]>;
|
|
35
|
+
//# sourceMappingURL=inventory-collector.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inventory-collector.d.ts","sourceRoot":"","sources":["../../../src/sync/inventory-collector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAQH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAoH/D;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAO1E"}
|
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cross-harness skill collector (SMI-5392, umbrella SMI-5382).
|
|
3
|
+
*
|
|
4
|
+
* Walks every known harness skill directory (`CLIENT_NATIVE_PATHS`) and emits
|
|
5
|
+
* one {@link InventorySkillEntry} per (harness, skill) observed on disk. This is
|
|
6
|
+
* the shared scanner that both the CLI `inventory push` command (Wave 3) and the
|
|
7
|
+
* MCP inventory tool call before handing the snapshot to {@link uploadInventory}.
|
|
8
|
+
*
|
|
9
|
+
* Design parity with the CLI scanner at
|
|
10
|
+
* `packages/cli/src/utils/skills-directory.ts`:
|
|
11
|
+
* - Uses the SAME {@link SkillParser} to resolve `skill_id` / `version`.
|
|
12
|
+
* - Realpath-deduplicates ACROSS harnesses (collapses symlink aliases), but does
|
|
13
|
+
* NOT name-deduplicate — the same skill independently installed under two
|
|
14
|
+
* harnesses is two distinct rows (the `device_skills` PK is `(harness, skill_id)`).
|
|
15
|
+
*
|
|
16
|
+
* @module @skillsmith/core/sync/inventory-collector
|
|
17
|
+
*/
|
|
18
|
+
import { readdir, readFile, realpath, stat } from 'node:fs/promises';
|
|
19
|
+
import { createHash } from 'node:crypto';
|
|
20
|
+
import { join } from 'node:path';
|
|
21
|
+
import { SkillParser } from '../indexer/SkillParser.js';
|
|
22
|
+
import { CLIENT_IDS, CLIENT_NATIVE_PATHS } from '../install/paths.js';
|
|
23
|
+
/**
|
|
24
|
+
* Resolve a path through `realpath` defensively. Returns the resolved path on
|
|
25
|
+
* success, or the input path unchanged when the link is broken / unreadable —
|
|
26
|
+
* dedup keying still works either way (we just can't collapse a broken alias).
|
|
27
|
+
*/
|
|
28
|
+
async function safeRealpath(path) {
|
|
29
|
+
try {
|
|
30
|
+
return await realpath(path);
|
|
31
|
+
}
|
|
32
|
+
catch {
|
|
33
|
+
return path;
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Return `true` when a directory entry resolves to a directory, following
|
|
38
|
+
* symlinks. `withFileTypes` reports a symlinked directory as a symlink (not a
|
|
39
|
+
* directory), so symlinked aliases must be `stat`-resolved to be collected —
|
|
40
|
+
* which is exactly what makes the cross-harness realpath dedup observable.
|
|
41
|
+
*/
|
|
42
|
+
async function resolvesToDirectory(entryPath, isDirectory, isSymbolicLink) {
|
|
43
|
+
if (isDirectory)
|
|
44
|
+
return true;
|
|
45
|
+
if (!isSymbolicLink)
|
|
46
|
+
return false;
|
|
47
|
+
try {
|
|
48
|
+
return (await stat(entryPath)).isDirectory();
|
|
49
|
+
}
|
|
50
|
+
catch {
|
|
51
|
+
return false; // broken symlink
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Read `<skillDir>/SKILL.md` and derive the inventory fields.
|
|
56
|
+
*
|
|
57
|
+
* - `content_hash` is the sha256 hex digest of the raw SKILL.md content. Wave 5
|
|
58
|
+
* validates that this hashing stays drift-aligned with the indexer's hashing.
|
|
59
|
+
* - `skill_id` is the parsed `id` front-matter field, falling back to the parsed
|
|
60
|
+
* `name`, then the directory name (same precedence as the CLI scanner).
|
|
61
|
+
* - A directory with no readable SKILL.md still counts as a skill: `skill_id` is
|
|
62
|
+
* the directory name, with `version` and `content_hash` both `null`.
|
|
63
|
+
*/
|
|
64
|
+
async function readSkillFields(skillDir, dirName) {
|
|
65
|
+
try {
|
|
66
|
+
const content = await readFile(join(skillDir, 'SKILL.md'), 'utf-8');
|
|
67
|
+
const contentHash = createHash('sha256').update(content, 'utf8').digest('hex');
|
|
68
|
+
const parsed = new SkillParser().parse(content);
|
|
69
|
+
if (!parsed) {
|
|
70
|
+
// SKILL.md is readable but has no valid frontmatter — hash still applies.
|
|
71
|
+
return { skillId: dirName, version: null, contentHash };
|
|
72
|
+
}
|
|
73
|
+
// Match the CLI scanner: read `id` off the parsed metadata, then `name`.
|
|
74
|
+
const parsedId = parsed['id'];
|
|
75
|
+
return {
|
|
76
|
+
skillId: parsedId ?? parsed.name ?? dirName,
|
|
77
|
+
version: parsed.version ?? null,
|
|
78
|
+
contentHash,
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
catch {
|
|
82
|
+
// No readable SKILL.md — still a skill, but version/hash are unknown.
|
|
83
|
+
return { skillId: dirName, version: null, contentHash: null };
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Scan a single harness directory and append its skills to `entries`,
|
|
88
|
+
* deduplicating by realpath via the shared `seenRealpaths` set.
|
|
89
|
+
*/
|
|
90
|
+
async function collectHarness(harness, entries, seenRealpaths) {
|
|
91
|
+
const harnessDir = CLIENT_NATIVE_PATHS[harness];
|
|
92
|
+
let dirents;
|
|
93
|
+
try {
|
|
94
|
+
dirents = await readdir(harnessDir, { withFileTypes: true });
|
|
95
|
+
}
|
|
96
|
+
catch (error) {
|
|
97
|
+
const code = error.code;
|
|
98
|
+
// Absent harness dir is the common case (harness not installed) — skip it.
|
|
99
|
+
if (code === 'ENOENT' || code === 'ENOTDIR')
|
|
100
|
+
return;
|
|
101
|
+
throw error;
|
|
102
|
+
}
|
|
103
|
+
for (const dirent of dirents) {
|
|
104
|
+
const entryPath = join(harnessDir, dirent.name);
|
|
105
|
+
if (!(await resolvesToDirectory(entryPath, dirent.isDirectory(), dirent.isSymbolicLink()))) {
|
|
106
|
+
continue;
|
|
107
|
+
}
|
|
108
|
+
// Realpath dedup ACROSS harnesses: the first harness in CLIENT_IDS order
|
|
109
|
+
// wins, so a symlinked alias under a later harness is collapsed away.
|
|
110
|
+
const realDir = await safeRealpath(entryPath);
|
|
111
|
+
if (seenRealpaths.has(realDir))
|
|
112
|
+
continue;
|
|
113
|
+
seenRealpaths.add(realDir);
|
|
114
|
+
const { skillId, version, contentHash } = await readSkillFields(entryPath, dirent.name);
|
|
115
|
+
entries.push({
|
|
116
|
+
harness,
|
|
117
|
+
skill_id: skillId,
|
|
118
|
+
version,
|
|
119
|
+
content_hash: contentHash,
|
|
120
|
+
source: null,
|
|
121
|
+
pinned_version: null,
|
|
122
|
+
update_policy: null,
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
/**
|
|
127
|
+
* Collect every harness-installed skill on this device as inventory entries.
|
|
128
|
+
*
|
|
129
|
+
* Scans each harness in {@link CLIENT_IDS} order. Repo-local `./.claude/skills`
|
|
130
|
+
* is intentionally excluded — inventory tracks harness-installed skills only, and
|
|
131
|
+
* `harness` is always a {@link ClientId}, never `'local'`.
|
|
132
|
+
*
|
|
133
|
+
* The result is NOT truncated to `INVENTORY_LIMITS.MAX_SKILLS`. Exceeding
|
|
134
|
+
* the cap is a real condition the caller / edge function must enforce (returning
|
|
135
|
+
* a `too_many_skills` 400) — silently dropping skills here would corrupt the
|
|
136
|
+
* server-side reconcile by making present skills look absent.
|
|
137
|
+
*
|
|
138
|
+
* @returns One entry per (harness, skill), realpath-deduplicated across harnesses.
|
|
139
|
+
* @see SMI-5392
|
|
140
|
+
*/
|
|
141
|
+
export async function collectDeviceSkills() {
|
|
142
|
+
const entries = [];
|
|
143
|
+
const seenRealpaths = new Set();
|
|
144
|
+
for (const harness of CLIENT_IDS) {
|
|
145
|
+
await collectHarness(harness, entries, seenRealpaths);
|
|
146
|
+
}
|
|
147
|
+
return entries;
|
|
148
|
+
}
|
|
149
|
+
//# sourceMappingURL=inventory-collector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inventory-collector.js","sourceRoot":"","sources":["../../../src/sync/inventory-collector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAEpE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAiB,MAAM,qBAAqB,CAAA;AAGpF;;;;GAIG;AACH,KAAK,UAAU,YAAY,CAAC,IAAY;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,mBAAmB,CAChC,SAAiB,EACjB,WAAoB,EACpB,cAAuB;IAEvB,IAAI,WAAW;QAAE,OAAO,IAAI,CAAA;IAC5B,IAAI,CAAC,cAAc;QAAE,OAAO,KAAK,CAAA;IACjC,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA,CAAC,iBAAiB;IAChC,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,eAAe,CAC5B,QAAgB,EAChB,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,OAAO,CAAC,CAAA;QACnE,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC9E,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,0EAA0E;YAC1E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAA;QACzD,CAAC;QACD,yEAAyE;QACzE,MAAM,QAAQ,GAAI,MAA6C,CAAC,IAAI,CAAuB,CAAA;QAC3F,OAAO;YACL,OAAO,EAAE,QAAQ,IAAI,MAAM,CAAC,IAAI,IAAI,OAAO;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;YAC/B,WAAW;SACZ,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sEAAsE;QACtE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;IAC/D,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAiB,EACjB,OAA8B,EAC9B,aAA0B;IAE1B,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,OAAiB,CAAA;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,GAAI,KAA+B,CAAC,IAAI,CAAA;QAClD,2EAA2E;QAC3E,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,SAAS;YAAE,OAAM;QACnD,MAAM,KAAK,CAAA;IACb,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;QAC/C,IAAI,CAAC,CAAC,MAAM,mBAAmB,CAAC,SAAS,EAAE,MAAM,CAAC,WAAW,EAAE,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC;YAC3F,SAAQ;QACV,CAAC;QAED,yEAAyE;QACzE,sEAAsE;QACtE,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAA;QAC7C,IAAI,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAQ;QACxC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAE1B,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,eAAe,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;QACvF,OAAO,CAAC,IAAI,CAAC;YACX,OAAO;YACP,QAAQ,EAAE,OAAO;YACjB,OAAO;YACP,YAAY,EAAE,WAAW;YACzB,MAAM,EAAE,IAAI;YACZ,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,IAAI;SACpB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,OAAO,GAA0B,EAAE,CAAA;IACzC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,MAAM,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,aAAa,CAAC,CAAA;IACvD,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* inventory-collector tests (SMI-5392).
|
|
3
|
+
*
|
|
4
|
+
* Controls the harness directory table by mocking `../install/paths.js` so each
|
|
5
|
+
* `ClientId` points at a real tmp fixture. CLIENT_NATIVE_PATHS is a mutable
|
|
6
|
+
* object the collector reads at call time, so per-test fixtures are visible
|
|
7
|
+
* without re-importing the module.
|
|
8
|
+
*
|
|
9
|
+
* IC-1: same skill under two harnesses (distinct realpaths) -> two entries.
|
|
10
|
+
* IC-2: a symlinked alias across harnesses -> one entry (first ClientId wins).
|
|
11
|
+
* IC-3: readable SKILL.md -> content_hash + version; missing SKILL.md -> nulls.
|
|
12
|
+
*/
|
|
13
|
+
export {};
|
|
14
|
+
//# sourceMappingURL=inventory-collector.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inventory-collector.test.d.ts","sourceRoot":"","sources":["../../../src/sync/inventory-collector.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* inventory-collector tests (SMI-5392).
|
|
3
|
+
*
|
|
4
|
+
* Controls the harness directory table by mocking `../install/paths.js` so each
|
|
5
|
+
* `ClientId` points at a real tmp fixture. CLIENT_NATIVE_PATHS is a mutable
|
|
6
|
+
* object the collector reads at call time, so per-test fixtures are visible
|
|
7
|
+
* without re-importing the module.
|
|
8
|
+
*
|
|
9
|
+
* IC-1: same skill under two harnesses (distinct realpaths) -> two entries.
|
|
10
|
+
* IC-2: a symlinked alias across harnesses -> one entry (first ClientId wins).
|
|
11
|
+
* IC-3: readable SKILL.md -> content_hash + version; missing SKILL.md -> nulls.
|
|
12
|
+
*/
|
|
13
|
+
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
|
|
14
|
+
import { mkdtemp, mkdir, writeFile, symlink, rm } from 'node:fs/promises';
|
|
15
|
+
import { tmpdir } from 'node:os';
|
|
16
|
+
import { join } from 'node:path';
|
|
17
|
+
const mockPaths = vi.hoisted(() => ({
|
|
18
|
+
CLIENT_IDS: ['claude-code', 'cursor', 'copilot', 'windsurf', 'agents'],
|
|
19
|
+
CLIENT_NATIVE_PATHS: {},
|
|
20
|
+
}));
|
|
21
|
+
vi.mock('../install/paths.js', () => ({
|
|
22
|
+
CLIENT_IDS: mockPaths.CLIENT_IDS,
|
|
23
|
+
CLIENT_NATIVE_PATHS: mockPaths.CLIENT_NATIVE_PATHS,
|
|
24
|
+
}));
|
|
25
|
+
import { collectDeviceSkills } from './inventory-collector.js';
|
|
26
|
+
import { INVENTORY_LIMITS } from './inventory-types.js';
|
|
27
|
+
function skillMd(name, version) {
|
|
28
|
+
const versionLine = version ? `\nversion: ${version}` : '';
|
|
29
|
+
return `---\nname: ${name}${versionLine}\n---\n\n# ${name}\n`;
|
|
30
|
+
}
|
|
31
|
+
async function createSkill(harness, name, opts = {}) {
|
|
32
|
+
const dir = join(mockPaths.CLIENT_NATIVE_PATHS[harness], name);
|
|
33
|
+
await mkdir(dir, { recursive: true });
|
|
34
|
+
if (opts.withSkillMd !== false) {
|
|
35
|
+
await writeFile(join(dir, 'SKILL.md'), skillMd(name, opts.version));
|
|
36
|
+
}
|
|
37
|
+
return dir;
|
|
38
|
+
}
|
|
39
|
+
let root;
|
|
40
|
+
describe('inventory-collector', () => {
|
|
41
|
+
beforeEach(async () => {
|
|
42
|
+
root = await mkdtemp(join(tmpdir(), 'inv-collector-'));
|
|
43
|
+
// Point every harness at its own (initially absent) subdir under root.
|
|
44
|
+
for (const id of mockPaths.CLIENT_IDS) {
|
|
45
|
+
mockPaths.CLIENT_NATIVE_PATHS[id] = join(root, id);
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
afterEach(async () => {
|
|
49
|
+
await rm(root, { recursive: true, force: true });
|
|
50
|
+
vi.restoreAllMocks();
|
|
51
|
+
});
|
|
52
|
+
it('IC-1: emits two entries for the same skill installed under two harnesses', async () => {
|
|
53
|
+
await createSkill('claude-code', 'foo', { version: '1.0.0' });
|
|
54
|
+
await createSkill('cursor', 'foo', { version: '2.0.0' });
|
|
55
|
+
const entries = await collectDeviceSkills();
|
|
56
|
+
const foo = entries.filter((e) => e.skill_id === 'foo');
|
|
57
|
+
expect(foo).toHaveLength(2);
|
|
58
|
+
expect(foo.map((e) => e.harness).sort()).toEqual(['claude-code', 'cursor']);
|
|
59
|
+
// Distinct realpaths -> distinct rows, each carrying its own version + hash.
|
|
60
|
+
expect(foo.every((e) => typeof e.content_hash === 'string')).toBe(true);
|
|
61
|
+
// Static fields are always null at the local-agent layer.
|
|
62
|
+
expect(foo.every((e) => e.source === null && e.pinned_version === null)).toBe(true);
|
|
63
|
+
expect(foo.every((e) => e.update_policy === null)).toBe(true);
|
|
64
|
+
});
|
|
65
|
+
it('IC-2: collapses a symlinked alias across harnesses to one entry (first ClientId wins)', async () => {
|
|
66
|
+
const real = await createSkill('claude-code', 'bar', { version: '1.0.0' });
|
|
67
|
+
await mkdir(mockPaths.CLIENT_NATIVE_PATHS['agents'], { recursive: true });
|
|
68
|
+
await symlink(real, join(mockPaths.CLIENT_NATIVE_PATHS['agents'], 'bar'), 'dir');
|
|
69
|
+
const entries = await collectDeviceSkills();
|
|
70
|
+
const bar = entries.filter((e) => e.skill_id === 'bar');
|
|
71
|
+
expect(bar).toHaveLength(1);
|
|
72
|
+
// claude-code precedes agents in CLIENT_IDS, so it wins the dedup.
|
|
73
|
+
expect(bar[0]?.harness).toBe('claude-code');
|
|
74
|
+
});
|
|
75
|
+
// IC-4: No truncation at MAX_SKILLS boundary.
|
|
76
|
+
//
|
|
77
|
+
// The collector is intentionally uncapped — it returns EVERY on-disk entry.
|
|
78
|
+
// The >5000 ceiling is enforced server-side via the `too_many_skills` 400 error
|
|
79
|
+
// (see inventory-client tests) and will be covered end-to-end in Wave 5. This
|
|
80
|
+
// test verifies the guarantee cheaply using a small K so the suite stays fast.
|
|
81
|
+
it('IC-4: returned entry count equals the number of on-disk skills with no local cap applied', async () => {
|
|
82
|
+
const K = 4;
|
|
83
|
+
for (let i = 0; i < K; i++) {
|
|
84
|
+
await createSkill('claude-code', `skill-ic4-${i}`, { version: `1.0.${i}` });
|
|
85
|
+
}
|
|
86
|
+
const entries = await collectDeviceSkills();
|
|
87
|
+
const ic4 = entries.filter((e) => e.skill_id.startsWith('skill-ic4-'));
|
|
88
|
+
// The collector must not truncate: returned count must equal the on-disk count.
|
|
89
|
+
expect(ic4).toHaveLength(K);
|
|
90
|
+
// K is well below the server-enforced limit — no false ceiling here.
|
|
91
|
+
expect(K).toBeLessThan(INVENTORY_LIMITS.MAX_SKILLS);
|
|
92
|
+
});
|
|
93
|
+
it('IC-3: populates content_hash + version for readable SKILL.md, nulls for missing', async () => {
|
|
94
|
+
await createSkill('claude-code', 'withmd', { version: '3.1.4' });
|
|
95
|
+
await createSkill('cursor', 'nomd', { withSkillMd: false });
|
|
96
|
+
const entries = await collectDeviceSkills();
|
|
97
|
+
const withMd = entries.find((e) => e.skill_id === 'withmd');
|
|
98
|
+
const noMd = entries.find((e) => e.skill_id === 'nomd');
|
|
99
|
+
expect(withMd?.version).toBe('3.1.4');
|
|
100
|
+
expect(withMd?.content_hash).toMatch(/^[0-9a-f]{64}$/);
|
|
101
|
+
// A subdir with no readable SKILL.md still counts, keyed by its dir name.
|
|
102
|
+
expect(noMd).toBeDefined();
|
|
103
|
+
expect(noMd?.version).toBeNull();
|
|
104
|
+
expect(noMd?.content_hash).toBeNull();
|
|
105
|
+
});
|
|
106
|
+
});
|
|
107
|
+
//# sourceMappingURL=inventory-collector.test.js.map
|