@superblocksteam/sdk 2.0.123-next.0 → 2.0.124-next.0

package/src/cli-replacement/install-packages.classify.test.mts

@@ -0,0 +1,168 @@
+/**
+ * Failure-classification coverage for the dev-server startup `installPackages`
+ * (APPS-4450). When the verification install fails, `installPackages` no longer
+ * rethrows the raw `exec` rejection — it classifies the npm `--json` envelope
+ * into a structured `DependencyInstallError` and throws the
+ * `InitialInstallFailed` marker so the `dev()` catch can degrade by origin.
+ *
+ * Mirrors the mock style of the sibling `install-packages.npm-registry.test.mts`
+ * (stub `node:child_process`, `package-manager-detector`, `node:fs/promises`,
+ * and the logging module; hand a fake `NpmRegistryClient`). The one new wrinkle
+ * is the failure path: the promisified `exec` rejects with an error object that
+ * carries the ERESOLVE `--json` payload on `.stdout` and the npm error-code
+ * banner on `.stderr`, exactly as `util.promisify(child_process.exec)` does in
+ * production (it preserves stdout/stderr on the rejected error).
+ */
+import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+
+import type { installPackages as InstallPackagesType } from "./dev.mjs";
+
+const execMock = vi.fn();
+const execFileMock = vi.fn();
+vi.mock("node:child_process", () => ({
+  default: { exec: execMock, execFile: execFileMock },
+  exec: execMock,
+  execFile: execFileMock,
+}));
+
+const detectMock = vi.fn();
+vi.mock("package-manager-detector/detect", () => ({
+  detect: (...args: unknown[]) => detectMock(...args),
+}));
+
+const resolveCommandMock = vi.fn();
+vi.mock("package-manager-detector", () => ({
+  resolveCommand: (...args: unknown[]) => resolveCommandMock(...args),
+}));
+
+vi.mock("node:fs/promises", () => ({
+  readFile: vi.fn(async () => "{}"),
+  writeFile: vi.fn(async () => undefined),
+  // `installPackages` ensures `<app>/.superblocks/logs` exists (npm's
+  // `logs-dir` target) before spawning the install; without this stub the
+  // real `mkdir` is undefined and throws before the exec mock, misclassifying
+  // the failure as `unknown`. Mirrors the sibling npm-registry test.
+  mkdir: vi.fn(async () => undefined),
+}));
+
+const mockLogger = {
+  info: vi.fn(),
+  warn: vi.fn(),
+  error: vi.fn(),
+  debug: vi.fn(),
+};
+
+vi.mock("../telemetry/logging.js", () => ({
+  getLogger: () => mockLogger,
+  getErrorMeta: (err: unknown) => ({
+    error: { kind: "Error", message: err instanceof Error ? err.message : "" },
+  }),
+}));
+
+type NpmRegistryFetchResult = {
+  source: "configured" | "not-configured" | "stale" | "unreachable";
+  config: { configured: boolean; allowInstallScripts?: boolean };
+};
+
+function fakeRegistryClient(
+  result: NpmRegistryFetchResult | (() => Promise<NpmRegistryFetchResult>),
+) {
+  return {
+    getConfig: vi.fn(async () =>
+      typeof result === "function" ? result() : result,
+    ),
+  } as unknown as Parameters<typeof InstallPackagesType>[2];
+}
+
+function notConfigured(): NpmRegistryFetchResult {
+  return { source: "not-configured", config: { configured: false } };
+}
+
+/**
+ * The ERESOLVE `--json` envelope npm writes to stdout when a peer-dependency
+ * conflict aborts the install. `util.promisify(exec)` rejects with an Error
+ * whose `.stdout` carries this body and whose `.stderr` carries the
+ * `npm error code ERESOLVE` banner — both preserved separately on the
+ * rejected error (the contract the classifier relies on).
+ */
+const ERESOLVE_JSON_STDOUT = JSON.stringify({
+  error: {
+    code: "ERESOLVE",
+    summary: "unable to resolve dependency tree",
+    detail:
+      "Found: react@17.0.2\nCould not resolve dependency:\npeer react@^18.0.0 from @some/pkg@1.0.0",
+  },
+});
+
+const ERESOLVE_STDERR = [
+  "npm error code ERESOLVE",
+  "npm error ERESOLVE unable to resolve dependency tree",
+].join("\n");
+
+beforeAll(async () => {
+  await import("./dev.mjs");
+});
+
+beforeEach(() => {
+  vi.clearAllMocks();
+  detectMock.mockResolvedValue({
+    name: "npm",
+    agent: "npm",
+    version: "10.0.0",
+  });
+  resolveCommandMock.mockImplementation(
+    (_agent: string, _action: string, args: string[]) => ({
+      command: "npm",
+      args: ["install", ...args],
+    }),
+  );
+});
+
+describe("installPackages classifies install failures (APPS-4450)", () => {
+  it("throws InitialInstallFailed(dependency_conflict) on an ERESOLVE install", async () => {
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured());
+
+    // Reject exactly the way `util.promisify(child_process.exec)` does: the
+    // rejected value is an Error with `.stdout` and `.stderr` preserved
+    // separately. The ERESOLVE `--json` body lives on `.stdout`.
+    execMock.mockImplementation(
+      (
+        _cmd: string,
+        _opts: unknown,
+        cb?: (err: unknown, result?: { stdout: string }) => void,
+      ) => {
+        const callback = (typeof _opts === "function" ? _opts : cb) as (
+          err: unknown,
+          result?: { stdout: string },
+        ) => void;
+        const err = Object.assign(
+          new Error("Command failed: npm install --fund=false --audit=false"),
+          {
+            stdout: ERESOLVE_JSON_STDOUT,
+            stderr: ERESOLVE_STDERR,
+            code: 1,
+          },
+        );
+        callback(err);
+      },
+    );
+
+    await expect(
+      installPackages("/tmp/app", mockLogger as never, client),
+    ).rejects.toMatchObject({
+      name: "InitialInstallFailed",
+      serverError: {
+        category: "dependency_conflict",
+        npmErrorCode: "ERESOLVE",
+      },
+    });
+
+    // Guard against the mock being silently bypassed: if `dev.mjs` ever binds
+    // `exec` to the REAL `child_process.exec` (a module-scope capture before
+    // this file's mock is live), real npm runs against the missing `/tmp/app`
+    // and the classification quietly degrades to unknown/undefined. Asserting
+    // the stub fired turns that into an explicit failure instead. (APPS-4450)
+    expect(execMock).toHaveBeenCalledTimes(1);
+  });
+});

package/src/cli-replacement/install-packages.npm-registry.test.mts

@@ -0,0 +1,345 @@
+/**
+ * Argv-matrix coverage for the dev-server startup `installPackages` honoring
+ * the per-org `allow_install_scripts` policy (APPS-4251).
+ *
+ * Mirrors the structure of
+ * `packages/vite-plugin-file-sync/src/ai-service/app-interface/shell.npm-registry.test.ts`
+ * (the AppShell-side coverage): we stub `package-manager-detector`, capture
+ * the args handed to `resolveCommand`, drive a fake `NpmRegistryClient`, and
+ * assert whether `--ignore-scripts` made it onto the install argv.
+ *
+ * Why exercise this here rather than via the full `dev()` test surface:
+ * `installPackages` is the unit that picked up the new policy plumbing.
+ * Testing through `dev()` would need ~250 lines of mock setup unrelated to
+ * the policy decision, and the test would still be asserting the same
+ * `resolveCommand`-args invariant. The function is intentionally exported
+ * from `dev.mts` for this purpose.
+ */
+import {
+  beforeAll,
+  beforeEach,
+  describe,
+  expect,
+  it,
+  vi,
+  type Mock,
+} from "vitest";
+
+import type { installPackages as InstallPackagesType } from "./dev.mjs";
+
+const execMock = vi.fn();
+const execFileMock = vi.fn();
+vi.mock("node:child_process", () => ({
+  default: { exec: execMock, execFile: execFileMock },
+  exec: execMock,
+  execFile: execFileMock,
+}));
+
+const detectMock = vi.fn();
+vi.mock("package-manager-detector/detect", () => ({
+  detect: (...args: unknown[]) => detectMock(...args),
+}));
+
+const resolveCommandMock = vi.fn();
+vi.mock("package-manager-detector", () => ({
+  resolveCommand: (...args: unknown[]) => resolveCommandMock(...args),
+}));
+
+vi.mock("node:fs/promises", () => ({
+  readFile: vi.fn(async () => "{}"),
+  writeFile: vi.fn(async () => undefined),
+  // `installPackages` ensures the `<app>/.superblocks/logs` dir exists
+  // before spawning the install (npm's `logs-dir` target).
+  mkdir: vi.fn(async () => undefined),
+}));
+
+const mockLogger = {
+  info: vi.fn(),
+  warn: vi.fn(),
+  error: vi.fn(),
+  debug: vi.fn(),
+};
+
+vi.mock("../telemetry/logging.js", () => ({
+  getLogger: () => mockLogger,
+  getErrorMeta: (err: unknown) => ({
+    error: { kind: "Error", message: err instanceof Error ? err.message : "" },
+  }),
+}));
+
+type NpmRegistryFetchResult = {
+  source: "configured" | "not-configured" | "stale";
+  config: {
+    configured: boolean;
+    allowInstallScripts?: boolean;
+  };
+};
+
+function fakeRegistryClient(
+  result: NpmRegistryFetchResult | (() => Promise<NpmRegistryFetchResult>),
+) {
+  return {
+    getConfig: vi.fn(async () =>
+      typeof result === "function" ? result() : result,
+    ),
+    // The dev-server install path only calls `getConfig()`; the rest of the
+    // `NpmRegistryClient` surface (JWT refresh, cache TTL) is exercised by
+    // the vite-plugin-file-sync side. Casting through `unknown` lets us
+    // hand this minimal stub to a parameter typed `NpmRegistryClient`
+    // without dragging the full class into the test.
+  } as unknown as Parameters<typeof InstallPackagesType>[2];
+}
+
+function notConfigured(allowInstallScripts?: boolean): NpmRegistryFetchResult {
+  return {
+    source: "not-configured",
+    config: {
+      configured: false,
+      ...(allowInstallScripts !== undefined ? { allowInstallScripts } : {}),
+    },
+  };
+}
+
+// Pre-import `./dev.mjs` once so the heavy module-load cost (it transitively
+// pulls in `vite-plugin-file-sync/git-service`, `AiService`, etc.) is paid
+// outside any test's per-test timeout. Under turbo parallelism (CI runs the
+// `cli` unit-test job alongside ai-service-templates, cli, mcp-server, and
+// sdk in the same worker pool), the first dynamic `await import("./dev.mjs")`
+// inside a test was being CPU-starved past the default 5s testTimeout — the
+// test that owned the cold import then timed out, leaked its in-flight
+// `resolveCommand` call past the `beforeEach` `clearAllMocks`, and the *next*
+// test observed two recorded calls instead of one. Hoisting to `beforeAll`
+// keeps the per-test surface fast and order-independent. The repeated
+// `await import("./dev.mjs")` lines below remain as cheap cached lookups —
+// no behavioural change.
+beforeAll(async () => {
+  await import("./dev.mjs");
+});
+
+beforeEach(() => {
+  vi.clearAllMocks();
+  // Default: npm package manager, install resolves to a real command so we
+  // can read back the args the call site passed in.
+  detectMock.mockResolvedValue({
+    name: "npm",
+    agent: "npm",
+    version: "10.0.0",
+  });
+  resolveCommandMock.mockImplementation(
+    (_agent: string, _action: string, args: string[]) => ({
+      command: "npm",
+      args: ["install", ...args],
+    }),
+  );
+  execMock.mockImplementation(
+    (
+      _cmd: string,
+      _opts: unknown,
+      cb?: (err: null, result: { stdout: string }) => void,
+    ) => {
+      if (typeof _opts === "function") {
+        (_opts as (err: null, result: { stdout: string }) => void)(null, {
+          stdout: "ok",
+        });
+      } else if (cb) {
+        cb(null, { stdout: "ok" });
+      }
+    },
+  );
+});
+
+function getResolveCommandArgs(): string[] {
+  expect(resolveCommandMock).toHaveBeenCalledTimes(1);
+  const [, , args] = (resolveCommandMock as Mock).mock.calls[0] as [
+    string,
+    string,
+    string[],
+  ];
+  return args;
+}
+
+/** Pull the exec options (incl. `env`) out of the spawned subprocess
+ * call. We assert against the env-overlay because that is the mechanism
+ * userconfig pinning uses for npm AND pnpm (pnpm rejects `--userconfig=`
+ * as a CLI flag — pnpm/pnpm#6036). */
+function getExecOptions(): { cwd?: string; env?: NodeJS.ProcessEnv } {
+  const lastCall = (execMock as Mock).mock.calls.at(-1) as [
+    string,
+    { cwd?: string; env?: NodeJS.ProcessEnv },
+    ...unknown[],
+  ];
+  return lastCall[1];
+}
+
+describe("installPackages honors allow_install_scripts policy", () => {
+  it("appends --ignore-scripts when allow_install_scripts === false", async () => {
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured(false));
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    const args = getResolveCommandArgs();
+    expect(args).toContain("--ignore-scripts");
+    // Existing baseline npm flags must survive.
+    expect(args).toContain("--fund=false");
+    expect(args).toContain("--audit=false");
+  });
+
+  it("does NOT append --ignore-scripts when allow_install_scripts === true", async () => {
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured(true));
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    expect(getResolveCommandArgs()).not.toContain("--ignore-scripts");
+  });
+
+  it("does NOT append --ignore-scripts when allow_install_scripts is unset", async () => {
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured(undefined));
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    expect(getResolveCommandArgs()).not.toContain("--ignore-scripts");
+  });
+
+  it("does NOT append --ignore-scripts when no client is wired in (test/opt-out path)", async () => {
+    const { installPackages } = await import("./dev.mjs");
+
+    await installPackages("/tmp/app", mockLogger as never);
+
+    expect(getResolveCommandArgs()).not.toContain("--ignore-scripts");
+  });
+
+  it("swallows policy-resolution errors and proceeds without --ignore-scripts", async () => {
+    // A transient registry-endpoint outage with no cache must not abort the
+    // user's startup install. The client surfaces the throw; we log and
+    // fall back to "scripts allowed" (today's behaviour). The 404 /
+    // last-known-good preservation that prevents this in practice is
+    // covered by `npm-registry.test.ts` on the vite-plugin-file-sync side.
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(async () => {
+      throw new Error("registry endpoint unreachable");
+    });
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    expect(getResolveCommandArgs()).not.toContain("--ignore-scripts");
+    expect(mockLogger.warn).toHaveBeenCalledWith(
+      expect.stringContaining("Could not resolve npm install-scripts policy"),
+      expect.objectContaining({ error: expect.any(Object) }),
+    );
+  });
+
+  it("appends --ignore-scripts under pnpm too (no npm-only baseline flags)", async () => {
+    detectMock.mockResolvedValue({
+      name: "pnpm",
+      agent: "pnpm",
+      version: "9.0.0",
+    });
+    resolveCommandMock.mockImplementation(
+      (_agent: string, _action: string, args: string[]) => ({
+        command: "pnpm",
+        args: ["install", ...args],
+      }),
+    );
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured(false));
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    const args = getResolveCommandArgs();
+    expect(args).toContain("--ignore-scripts");
+    expect(args).not.toContain("--fund=false");
+    expect(args).not.toContain("--audit=false");
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Userconfig plumbing for the dev-server startup install.
+//
+// `installPackages` points npm/pnpm at the Superblocks-owned userconfig
+// (`~/.superblocks/npmrc`) so the user-app install resolves
+// `@superblocksteam/library`, `@superblocksteam/sdk-api`, and any private
+// scope through the same registry config the CLI auto-upgrade uses.
+//
+// The mechanism is the spawned subprocess env overlay (both
+// `NPM_CONFIG_USERCONFIG` and `PNPM_CONFIG_USERCONFIG`), not a CLI flag.
+// pnpm rejects `--userconfig=` (pnpm/pnpm#6036), and pnpm 11+ stopped
+// honouring the `npm_config_*` env vars — setting both forms covers
+// npm, pnpm <= 10, and pnpm 11+ uniformly.
+// `userconfig-env.integration.test.mts` in this directory exercises the
+// real npm + pnpm binaries to pin that contract.
+// ---------------------------------------------------------------------------
+
+const USERCONFIG_PATTERN = /[/\\]\.superblocks[/\\]npmrc$/;
+
+describe("installPackages userconfig env plumbing", () => {
+  it("sets both NPM_CONFIG_USERCONFIG and PNPM_CONFIG_USERCONFIG under npm", async () => {
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured(undefined));
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    const opts = getExecOptions();
+    expect(opts.env?.NPM_CONFIG_USERCONFIG).toMatch(USERCONFIG_PATTERN);
+    expect(opts.env?.PNPM_CONFIG_USERCONFIG).toMatch(USERCONFIG_PATTERN);
+    // npm's debug log is routed into `<app>/.superblocks/logs` so a failed
+    // install in the live-edit pod leaves a collectable log.
+    expect(opts.env?.NPM_CONFIG_LOGS_DIR).toBe("/tmp/app/.superblocks/logs");
+    // Argv carries the baseline npm flags only — no --userconfig (pnpm
+    // would reject it; env is the mechanism instead).
+    const args = getResolveCommandArgs();
+    expect(args.some((a) => a.startsWith("--userconfig="))).toBe(false);
+    expect(args).toContain("--fund=false");
+    expect(args).toContain("--audit=false");
+  });
+
+  it("sets both NPM_CONFIG_USERCONFIG and PNPM_CONFIG_USERCONFIG under pnpm", async () => {
+    detectMock.mockResolvedValue({
+      name: "pnpm",
+      agent: "pnpm",
+      version: "11.0.0",
+    });
+    resolveCommandMock.mockImplementation(
+      (_agent: string, _action: string, args: string[]) => ({
+        command: "pnpm",
+        args: ["install", ...args],
+      }),
+    );
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured(undefined));
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    const opts = getExecOptions();
+    expect(opts.env?.NPM_CONFIG_USERCONFIG).toMatch(USERCONFIG_PATTERN);
+    expect(opts.env?.PNPM_CONFIG_USERCONFIG).toMatch(USERCONFIG_PATTERN);
+    const args = getResolveCommandArgs();
+    expect(args.some((a) => a.startsWith("--userconfig="))).toBe(false);
+    expect(args).not.toContain("--audit=false");
+  });
+
+  it("sets the userconfig env alongside --ignore-scripts when policy is restrictive", async () => {
+    // The install-scripts policy gate (argv) and the userconfig pin
+    // (env) are independent knobs that must co-exist.
+    const { installPackages } = await import("./dev.mjs");
+    const client = fakeRegistryClient(notConfigured(false));
+
+    await installPackages("/tmp/app", mockLogger as never, client);
+
+    const args = getResolveCommandArgs();
+    expect(args).toContain("--ignore-scripts");
+    const opts = getExecOptions();
+    expect(opts.env?.NPM_CONFIG_USERCONFIG).toMatch(USERCONFIG_PATTERN);
+    expect(opts.env?.PNPM_CONFIG_USERCONFIG).toMatch(USERCONFIG_PATTERN);
+  });
+
+  // PATH-preservation coverage lives in two places that don't trip the
+  // turbo `no-undeclared-env-vars` lint:
+  //   - `buildInstallEnv`'s "accepts a custom base env" test verifies
+  //     the merge semantics directly without referencing `process.env`.
+  //   - The real-subprocess integration test
+  //     (`userconfig-env.integration.test.mts`) would fail to resolve
+  //     `npm`/`pnpm` on PATH if the overlay clobbered it.
+});