@synth-deploy/server 0.1.0

package/tests/archive-unpacker.test.ts

@@ -0,0 +1,179 @@
+import { describe, it, expect } from "vitest";
+import AdmZip from "adm-zip";
+import {
+  unpackArchive,
+  archiveFormat,
+  formatExtractedFiles,
+} from "../src/archive-unpacker.js";
+import type { ArtifactInput } from "../src/artifact-analyzer.js";
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function makeZipBuffer(entries: Record<string, string>): Buffer {
+  const zip = new AdmZip();
+  for (const [path, content] of Object.entries(entries)) {
+    zip.addFile(path, Buffer.from(content, "utf-8"));
+  }
+  return zip.toBuffer();
+}
+
+function makeArtifact(name: string): ArtifactInput {
+  return { name, source: "test" };
+}
+
+// ---------------------------------------------------------------------------
+// archiveFormat
+// ---------------------------------------------------------------------------
+
+describe("archiveFormat", () => {
+  it("maps zip to zip", () => {
+    expect(archiveFormat("zip", "bundle.zip")).toBe("zip");
+  });
+
+  it("maps nupkg to zip", () => {
+    expect(archiveFormat("nupkg", "MyService.1.0.0.nupkg")).toBe("zip");
+  });
+
+  it("maps java-archive to zip", () => {
+    expect(archiveFormat("java-archive", "app.jar")).toBe("zip");
+  });
+
+  it("maps python-package to zip", () => {
+    expect(archiveFormat("python-package", "app-1.0.0-py3-none-any.whl")).toBe("zip");
+  });
+
+  it("maps .tar.gz tarball to tar-gz", () => {
+    expect(archiveFormat("tarball", "release.tar.gz")).toBe("tar-gz");
+  });
+
+  it("maps .tgz tarball to tar-gz", () => {
+    expect(archiveFormat("tarball", "release.tgz")).toBe("tar-gz");
+  });
+
+  it("maps bare .tar to tar", () => {
+    expect(archiveFormat("tarball", "image.tar")).toBe("tar");
+  });
+
+  it("returns null for non-archive types", () => {
+    expect(archiveFormat("dockerfile", "Dockerfile")).toBeNull();
+    expect(archiveFormat("node-package", "package.json")).toBeNull();
+    expect(archiveFormat("unknown", "mystery.dat")).toBeNull();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// ZIP unpacking
+// ---------------------------------------------------------------------------
+
+describe("unpackArchive — zip", () => {
+  it("extracts markdown and yaml files", async () => {
+    const buf = makeZipBuffer({
+      "README.md": "# My Service\nDeploys to Kubernetes.",
+      "helm/values.yaml": "replicaCount: 3\nimage: myapp:latest",
+      "app.bin": "\x00\x01\x02\x03binary data",
+    });
+
+    const result = await unpackArchive(buf, "zip");
+    const paths = result.files.map((f) => f.path);
+
+    expect(paths).toContain("README.md");
+    expect(paths).toContain("helm/values.yaml");
+    expect(paths).not.toContain("app.bin");
+  });
+
+  it("extracts Dockerfile and shell scripts", async () => {
+    const buf = makeZipBuffer({
+      "Dockerfile": "FROM node:20-alpine\nEXPOSE 3000",
+      "deploy.sh": "#!/bin/bash\ndocker build .",
+    });
+
+    const result = await unpackArchive(buf, "zip");
+    const paths = result.files.map((f) => f.path);
+
+    expect(paths).toContain("Dockerfile");
+    expect(paths).toContain("deploy.sh");
+  });
+
+  it("skips node_modules and .git paths", async () => {
+    const buf = makeZipBuffer({
+      "node_modules/express/README.md": "Express docs",
+      ".git/config": "git config",
+      "SYNTH.md": "deployment context",
+    });
+
+    const result = await unpackArchive(buf, "zip");
+    const paths = result.files.map((f) => f.path);
+
+    expect(paths).not.toContain("node_modules/express/README.md");
+    expect(paths).not.toContain(".git/config");
+    expect(paths).toContain("SYNTH.md");
+  });
+
+  it("counts skipped binary and filtered files", async () => {
+    const buf = makeZipBuffer({
+      "app.exe": "\x00\x00\x4D\x5A binary",
+      "logo.png": "\x89PNG binary",
+      "config.yaml": "key: value",
+    });
+
+    const result = await unpackArchive(buf, "zip");
+    expect(result.files.length).toBe(1);
+    expect(result.skipped).toBeGreaterThan(0);
+  });
+
+  it("returns empty result for corrupt buffer", async () => {
+    const result = await unpackArchive(Buffer.from("not a zip"), "zip");
+    expect(result.files).toHaveLength(0);
+    expect(result.skipped).toBe(0);
+  });
+
+  it("preserves file content accurately", async () => {
+    const content = "# Deploy Notes\n\nRun after database migration.\n";
+    const buf = makeZipBuffer({ "NOTES.md": content });
+
+    const result = await unpackArchive(buf, "zip");
+    expect(result.files[0].content).toBe(content);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// formatExtractedFiles
+// ---------------------------------------------------------------------------
+
+describe("formatExtractedFiles", () => {
+  it("formats multiple files with separators", () => {
+    const result = formatExtractedFiles({
+      files: [
+        { path: "README.md", content: "# Hello" },
+        { path: "values.yaml", content: "replicas: 2" },
+      ],
+      skipped: 0,
+    });
+
+    expect(result).toContain("=== README.md ===");
+    expect(result).toContain("# Hello");
+    expect(result).toContain("=== values.yaml ===");
+    expect(result).toContain("replicas: 2");
+  });
+
+  it("includes skipped file count when non-zero", () => {
+    const result = formatExtractedFiles({ files: [], skipped: 3 });
+    expect(result).toContain("(no readable text files found in archive)");
+  });
+
+  it("appends skip count when files also present", () => {
+    const result = formatExtractedFiles({
+      files: [{ path: "README.md", content: "hi" }],
+      skipped: 5,
+    });
+
+    expect(result).toContain("5 binary or oversized files skipped");
+  });
+
+  it("returns no-files message when empty", () => {
+    const result = formatExtractedFiles({ files: [], skipped: 0 });
+    expect(result).toContain("no readable text files found");
+  });
+});

package/tests/artifact-analyzer.test.ts

@@ -0,0 +1,240 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { DecisionDebrief } from "@synth-deploy/core";
+import { ArtifactAnalyzer, createArtifactAnalyzer, detectArtifactType } from "../src/artifact-analyzer.js";
+import type { ArtifactInput } from "../src/artifact-analyzer.js";
+import type { LlmClient } from "@synth-deploy/core";
+
+// ---------------------------------------------------------------------------
+// Mock LLM client
+// ---------------------------------------------------------------------------
+
+function createMockLlm(opts: { available?: boolean; response?: string } = {}): LlmClient {
+  const available = opts.available ?? true;
+  const response = opts.response ?? "{}";
+
+  return {
+    isAvailable: () => available,
+    reason: vi.fn().mockResolvedValue(
+      available
+        ? { ok: true, text: response, model: "test-model", responseTimeMs: 100 }
+        : { ok: false, fallback: true, reason: "LLM not configured" },
+    ),
+    classify: vi.fn().mockResolvedValue({ ok: false, fallback: true, reason: "not used" }),
+    healthCheck: vi.fn().mockResolvedValue({ configured: false, healthy: false }),
+    getLastHealthStatus: vi.fn().mockReturnValue(null),
+  } as unknown as LlmClient;
+}
+
+function makeArtifact(overrides: Partial<ArtifactInput> = {}): ArtifactInput {
+  return {
+    name: "test-artifact",
+    source: "test-registry",
+    ...overrides,
+  };
+}
+
+function bufferFrom(text: string): Buffer {
+  return Buffer.from(text, "utf-8");
+}
+
+// ---------------------------------------------------------------------------
+// Type detection
+// ---------------------------------------------------------------------------
+
+describe("detectArtifactType", () => {
+  it("detects Dockerfile by name", () => {
+    expect(detectArtifactType(makeArtifact({ name: "Dockerfile" }))).toBe("dockerfile");
+  });
+
+  it("detects Chart.yaml", () => {
+    expect(detectArtifactType(makeArtifact({ name: "Chart.yaml" }))).toBe("helm-chart");
+  });
+
+  it("detects values.yaml", () => {
+    expect(detectArtifactType(makeArtifact({ name: "values.yaml" }))).toBe("helm-values");
+  });
+
+  it("detects package.json", () => {
+    expect(detectArtifactType(makeArtifact({ name: "package.json" }))).toBe("node-package");
+  });
+
+  it("detects Makefile", () => {
+    expect(detectArtifactType(makeArtifact({ name: "Makefile" }))).toBe("makefile");
+  });
+
+  it("detects .tgz", () => {
+    expect(detectArtifactType(makeArtifact({ name: "app-1.0.0.tgz" }))).toBe("tarball");
+  });
+
+  it("detects .tar", () => {
+    expect(detectArtifactType(makeArtifact({ name: "image.tar" }))).toBe("tarball");
+  });
+
+  it("detects .zip", () => {
+    expect(detectArtifactType(makeArtifact({ name: "deploy.zip" }))).toBe("zip");
+  });
+
+  it("detects .nupkg", () => {
+    expect(detectArtifactType(makeArtifact({ name: "MyService.1.0.0.nupkg" }))).toBe("nupkg");
+  });
+
+  it("detects .jar", () => {
+    expect(detectArtifactType(makeArtifact({ name: "app.jar" }))).toBe("java-archive");
+  });
+
+  it("respects explicit type override", () => {
+    expect(detectArtifactType(makeArtifact({ name: "build-config", type: "dockerfile" }))).toBe("dockerfile");
+  });
+
+  it("returns unknown for unrecognized files", () => {
+    expect(detectArtifactType(makeArtifact({ name: "mystery.dat" }))).toBe("unknown");
+  });
+});
+
+// ---------------------------------------------------------------------------
+// LLM analysis
+// ---------------------------------------------------------------------------
+
+describe("ArtifactAnalyzer — LLM analysis", () => {
+  it("returns llm method when LLM produces valid analysis", async () => {
+    const llmResponse = JSON.stringify({
+      summary: "A Node.js API server with PostgreSQL dependency",
+      dependencies: ["npm:express", "system:postgresql-15"],
+      configurationExpectations: { DATABASE_URL: "PostgreSQL connection string", PORT: "HTTP port" },
+      deploymentIntent: "Containerized Node.js API deployment",
+      confidence: 0.92,
+    });
+
+    const analyzer = createArtifactAnalyzer({
+      llm: createMockLlm({ available: true, response: llmResponse }),
+      debrief: new DecisionDebrief(),
+    });
+
+    const result = await analyzer.analyze(
+      makeArtifact({ name: "package.json", content: bufferFrom('{"name":"api","version":"1.0.0"}') }),
+    );
+
+    expect(result.method).toBe("llm");
+    expect(result.analysis.summary).toContain("Node.js API server");
+    expect(result.analysis.dependencies).toContain("npm:express");
+    expect(result.analysis.dependencies).toContain("system:postgresql-15");
+    expect(result.analysis.configurationExpectations["DATABASE_URL"]).toBeDefined();
+    expect(result.analysis.confidence).toBe(0.92);
+  });
+
+  it("handles LLM response wrapped in markdown code blocks", async () => {
+    const wrappedResponse = `Here is the analysis:\n\n\`\`\`json\n{\n  "summary": "A Python web service",\n  "dependencies": ["pip:flask"],\n  "configurationExpectations": {},\n  "deploymentIntent": "Python WSGI deployment",\n  "confidence": 0.8\n}\n\`\`\``;
+
+    const analyzer = createArtifactAnalyzer({
+      llm: createMockLlm({ available: true, response: wrappedResponse }),
+      debrief: new DecisionDebrief(),
+    });
+
+    const result = await analyzer.analyze(makeArtifact({ name: "app.tar.gz" }));
+
+    expect(result.method).toBe("llm");
+    expect(result.analysis.summary).toContain("Python web service");
+  });
+
+  it("passes artifact content and type to the LLM", async () => {
+    const llmResponse = JSON.stringify({
+      summary: "Container image",
+      dependencies: [],
+      configurationExpectations: {},
+      deploymentIntent: "Container deployment",
+      confidence: 0.9,
+    });
+
+    const mockLlm = createMockLlm({ available: true, response: llmResponse });
+    const analyzer = createArtifactAnalyzer({ llm: mockLlm, debrief: new DecisionDebrief() });
+
+    const content = "FROM node:20-alpine\nEXPOSE 3000\n";
+    await analyzer.analyze(makeArtifact({ name: "Dockerfile", content: bufferFrom(content) }));
+
+    const reasonCall = (mockLlm.reason as ReturnType<typeof vi.fn>).mock.calls[0][0];
+    expect(reasonCall.prompt).toContain("Dockerfile");
+    expect(reasonCall.prompt).toContain("dockerfile");
+    expect(reasonCall.prompt).toContain("FROM node:20-alpine");
+  });
+
+  it("records a debrief entry for every analysis", async () => {
+    const debrief = new DecisionDebrief();
+    const llmResponse = JSON.stringify({
+      summary: "A service",
+      dependencies: [],
+      configurationExpectations: {},
+      confidence: 0.7,
+    });
+
+    const analyzer = createArtifactAnalyzer({
+      llm: createMockLlm({ available: true, response: llmResponse }),
+      debrief,
+    });
+
+    await analyzer.analyze(makeArtifact({ name: "Dockerfile", content: bufferFrom("FROM alpine") }));
+
+    const entries = debrief.getByType("artifact-analysis");
+    expect(entries.length).toBe(1);
+    expect(entries[0].decision).toContain("Dockerfile");
+    expect(entries[0].context).toHaveProperty("method", "llm");
+  });
+});
+
+// ---------------------------------------------------------------------------
+// LLM unavailable
+// ---------------------------------------------------------------------------
+
+describe("ArtifactAnalyzer — LLM unavailable", () => {
+  it("returns unavailable method when LLM is not configured", async () => {
+    const analyzer = createArtifactAnalyzer({
+      llm: createMockLlm({ available: false }),
+      debrief: new DecisionDebrief(),
+    });
+
+    const result = await analyzer.analyze(makeArtifact({ name: "Dockerfile" }));
+
+    expect(result.method).toBe("unavailable");
+    expect(result.analysis.confidence).toBe(0);
+    expect(result.analysis.summary).toContain("LLM is required");
+  });
+
+  it("returns unavailable when LLM returns invalid JSON", async () => {
+    const analyzer = createArtifactAnalyzer({
+      llm: createMockLlm({ available: true, response: "I cannot produce valid JSON right now." }),
+      debrief: new DecisionDebrief(),
+    });
+
+    const result = await analyzer.analyze(makeArtifact({ name: "Dockerfile" }));
+
+    expect(result.method).toBe("unavailable");
+    expect(result.analysis.confidence).toBe(0);
+  });
+
+  it("records a debrief entry even when unavailable", async () => {
+    const debrief = new DecisionDebrief();
+    const analyzer = createArtifactAnalyzer({
+      llm: createMockLlm({ available: false }),
+      debrief,
+    });
+
+    await analyzer.analyze(makeArtifact({ name: "app.zip" }));
+
+    const entries = debrief.getByType("artifact-analysis");
+    expect(entries.length).toBe(1);
+    expect(entries[0].context).toHaveProperty("method", "unavailable");
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Factory
+// ---------------------------------------------------------------------------
+
+describe("createArtifactAnalyzer", () => {
+  it("returns an ArtifactAnalyzer instance", () => {
+    const analyzer = createArtifactAnalyzer({
+      llm: createMockLlm(),
+      debrief: new DecisionDebrief(),
+    });
+    expect(analyzer).toBeInstanceOf(ArtifactAnalyzer);
+  });
+});

package/tests/auth-middleware.test.ts

@@ -0,0 +1,189 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import Fastify from "fastify";
+import type { FastifyInstance } from "fastify";
+import { SignJWT } from "jose";
+import {
+  UserStore,
+  RoleStore,
+  UserRoleStore,
+  SessionStore,
+} from "@synth-deploy/core";
+import type { UserId, RoleId } from "@synth-deploy/core";
+import { registerAuthMiddleware, generateTokens } from "../src/middleware/auth.js";
+
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+
+const JWT_SECRET = new TextEncoder().encode("test-secret");
+const TEST_USER_ID = "user-1" as UserId;
+const TEST_ROLE_ID = "role-admin" as RoleId;
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function createStores() {
+  const userStore = new UserStore();
+  const roleStore = new RoleStore();
+  const userRoleStore = new UserRoleStore(roleStore);
+  const sessionStore = new SessionStore();
+  return { userStore, roleStore, userRoleStore, sessionStore };
+}
+
+function seedTestUser(stores: ReturnType<typeof createStores>) {
+  stores.userStore.create({
+    id: TEST_USER_ID,
+    email: "test@example.com",
+    name: "Test User",
+    passwordHash: "hashed",
+    createdAt: new Date(),
+    updatedAt: new Date(),
+  });
+
+  stores.roleStore.create({
+    id: TEST_ROLE_ID,
+    name: "admin",
+    permissions: ["deployment.view"],
+    isBuiltIn: true,
+    createdAt: new Date(),
+  });
+
+  stores.userRoleStore.assign(TEST_USER_ID, TEST_ROLE_ID, TEST_USER_ID);
+}
+
+async function buildApp(): Promise<{
+  app: FastifyInstance;
+  stores: ReturnType<typeof createStores>;
+  token: string;
+}> {
+  const stores = createStores();
+  seedTestUser(stores);
+
+  const app = Fastify({ logger: false });
+  registerAuthMiddleware(app, stores.userStore, stores.userRoleStore, stores.sessionStore, JWT_SECRET);
+
+  // Health endpoint — exempt from auth
+  app.get("/health", async () => ({ status: "ok" }));
+
+  // Protected endpoint
+  app.get("/api/partitions", async () => ({ partitions: [] }));
+
+  await app.ready();
+
+  // Generate a valid token and persist the session
+  const { token, refreshToken, expiresAt } = await generateTokens(TEST_USER_ID, JWT_SECRET);
+  stores.sessionStore.create({
+    id: "session-1",
+    userId: TEST_USER_ID,
+    token,
+    refreshToken,
+    expiresAt,
+    createdAt: new Date(),
+  });
+
+  return { app, stores, token };
+}
+
+// ---------------------------------------------------------------------------
+// Tests — auth middleware (JWT-based, always enabled)
+// ---------------------------------------------------------------------------
+
+describe("auth middleware — enabled", () => {
+  let app: FastifyInstance;
+  let token: string;
+
+  beforeEach(async () => {
+    const built = await buildApp();
+    app = built.app;
+    token = built.token;
+  });
+
+  afterEach(async () => {
+    await app.close();
+  });
+
+  it("returns 401 when Authorization header is missing", async () => {
+    const res = await app.inject({
+      method: "GET",
+      url: "/api/partitions",
+    });
+
+    expect(res.statusCode).toBe(401);
+    expect(JSON.parse(res.payload)).toEqual({ error: "Authentication required" });
+  });
+
+  it("returns 401 when Authorization header is malformed (no Bearer prefix)", async () => {
+    const res = await app.inject({
+      method: "GET",
+      url: "/api/partitions",
+      headers: { authorization: "Basic some-credentials" },
+    });
+
+    expect(res.statusCode).toBe(401);
+    expect(JSON.parse(res.payload)).toEqual({ error: "Authentication required" });
+  });
+
+  it("returns 401 when Bearer token is invalid", async () => {
+    const res = await app.inject({
+      method: "GET",
+      url: "/api/partitions",
+      headers: { authorization: "Bearer not-a-valid-jwt" },
+    });
+
+    expect(res.statusCode).toBe(401);
+    expect(JSON.parse(res.payload)).toEqual({ error: "Invalid token" });
+  });
+
+  it("passes request through with a valid JWT token", async () => {
+    const res = await app.inject({
+      method: "GET",
+      url: "/api/partitions",
+      headers: { authorization: `Bearer ${token}` },
+    });
+
+    expect(res.statusCode).toBe(200);
+    expect(JSON.parse(res.payload)).toEqual({ partitions: [] });
+  });
+
+  it("allows /health without any authorization", async () => {
+    const res = await app.inject({
+      method: "GET",
+      url: "/health",
+    });
+
+    expect(res.statusCode).toBe(200);
+    expect(JSON.parse(res.payload)).toEqual({ status: "ok" });
+  });
+
+  it("allows /health even with an invalid token", async () => {
+    const res = await app.inject({
+      method: "GET",
+      url: "/health",
+      headers: { authorization: "Bearer totally-wrong" },
+    });
+
+    // /health bypasses auth entirely — should still succeed
+    expect(res.statusCode).toBe(200);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Tests — registerAuthMiddleware return value
+// ---------------------------------------------------------------------------
+
+describe("registerAuthMiddleware return value", () => {
+  it("always returns { enabled: true }", () => {
+    const stores = createStores();
+    const app = Fastify({ logger: false });
+    const result = registerAuthMiddleware(
+      app,
+      stores.userStore,
+      stores.userRoleStore,
+      stores.sessionStore,
+      JWT_SECRET,
+    );
+    expect(result.enabled).toBe(true);
+    app.close();
+  });
+});