npm - @synth-deploy/server - Versions diffs - 0.1.0 - Mend

@synth-deploy/server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/dist/agent/debrief-retention.d.ts +12 -0
package/dist/agent/debrief-retention.d.ts.map +1 -0
package/dist/agent/debrief-retention.js +27 -0
package/dist/agent/debrief-retention.js.map +1 -0
package/dist/agent/envoy-client.d.ts +216 -0
package/dist/agent/envoy-client.d.ts.map +1 -0
package/dist/agent/envoy-client.js +266 -0
package/dist/agent/envoy-client.js.map +1 -0
package/dist/agent/envoy-registry.d.ts +102 -0
package/dist/agent/envoy-registry.d.ts.map +1 -0
package/dist/agent/envoy-registry.js +319 -0
package/dist/agent/envoy-registry.js.map +1 -0
package/dist/agent/health-checker.d.ts +39 -0
package/dist/agent/health-checker.d.ts.map +1 -0
package/dist/agent/health-checker.js +49 -0
package/dist/agent/health-checker.js.map +1 -0
package/dist/agent/mcp-client-manager.d.ts +36 -0
package/dist/agent/mcp-client-manager.d.ts.map +1 -0
package/dist/agent/mcp-client-manager.js +106 -0
package/dist/agent/mcp-client-manager.js.map +1 -0
package/dist/agent/stale-deployment-detector.d.ts +15 -0
package/dist/agent/stale-deployment-detector.d.ts.map +1 -0
package/dist/agent/stale-deployment-detector.js +50 -0
package/dist/agent/stale-deployment-detector.js.map +1 -0
package/dist/agent/step-runner.d.ts +31 -0
package/dist/agent/step-runner.d.ts.map +1 -0
package/dist/agent/step-runner.js +80 -0
package/dist/agent/step-runner.js.map +1 -0
package/dist/agent/synth-agent.d.ts +168 -0
package/dist/agent/synth-agent.d.ts.map +1 -0
package/dist/agent/synth-agent.js +1195 -0
package/dist/agent/synth-agent.js.map +1 -0
package/dist/api/agent.d.ts +36 -0
package/dist/api/agent.d.ts.map +1 -0
package/dist/api/agent.js +867 -0
package/dist/api/agent.js.map +1 -0
package/dist/api/api-keys.d.ts +4 -0
package/dist/api/api-keys.d.ts.map +1 -0
package/dist/api/api-keys.js +118 -0
package/dist/api/api-keys.js.map +1 -0
package/dist/api/artifacts.d.ts +5 -0
package/dist/api/artifacts.d.ts.map +1 -0
package/dist/api/artifacts.js +142 -0
package/dist/api/artifacts.js.map +1 -0
package/dist/api/auth.d.ts +4 -0
package/dist/api/auth.d.ts.map +1 -0
package/dist/api/auth.js +280 -0
package/dist/api/auth.js.map +1 -0
package/dist/api/deployments.d.ts +11 -0
package/dist/api/deployments.d.ts.map +1 -0
package/dist/api/deployments.js +1098 -0
package/dist/api/deployments.js.map +1 -0
package/dist/api/environments.d.ts +5 -0
package/dist/api/environments.d.ts.map +1 -0
package/dist/api/environments.js +69 -0
package/dist/api/environments.js.map +1 -0
package/dist/api/envoy-reports.d.ts +17 -0
package/dist/api/envoy-reports.d.ts.map +1 -0
package/dist/api/envoy-reports.js +138 -0
package/dist/api/envoy-reports.js.map +1 -0
package/dist/api/envoys.d.ts +5 -0
package/dist/api/envoys.d.ts.map +1 -0
package/dist/api/envoys.js +192 -0
package/dist/api/envoys.js.map +1 -0
package/dist/api/fleet.d.ts +11 -0
package/dist/api/fleet.d.ts.map +1 -0
package/dist/api/fleet.js +394 -0
package/dist/api/fleet.js.map +1 -0
package/dist/api/graph.d.ts +8 -0
package/dist/api/graph.d.ts.map +1 -0
package/dist/api/graph.js +355 -0
package/dist/api/graph.js.map +1 -0
package/dist/api/health.d.ts +20 -0
package/dist/api/health.d.ts.map +1 -0
package/dist/api/health.js +248 -0
package/dist/api/health.js.map +1 -0
package/dist/api/idp-schemas.d.ts +41 -0
package/dist/api/idp-schemas.d.ts.map +1 -0
package/dist/api/idp-schemas.js +17 -0
package/dist/api/idp-schemas.js.map +1 -0
package/dist/api/idp.d.ts +6 -0
package/dist/api/idp.d.ts.map +1 -0
package/dist/api/idp.js +620 -0
package/dist/api/idp.js.map +1 -0
package/dist/api/intake.d.ts +10 -0
package/dist/api/intake.d.ts.map +1 -0
package/dist/api/intake.js +418 -0
package/dist/api/intake.js.map +1 -0
package/dist/api/partitions.d.ts +5 -0
package/dist/api/partitions.d.ts.map +1 -0
package/dist/api/partitions.js +113 -0
package/dist/api/partitions.js.map +1 -0
package/dist/api/progress-event-store.d.ts +62 -0
package/dist/api/progress-event-store.d.ts.map +1 -0
package/dist/api/progress-event-store.js +118 -0
package/dist/api/progress-event-store.js.map +1 -0
package/dist/api/schemas.d.ts +1000 -0
package/dist/api/schemas.d.ts.map +1 -0
package/dist/api/schemas.js +328 -0
package/dist/api/schemas.js.map +1 -0
package/dist/api/security-boundaries.d.ts +4 -0
package/dist/api/security-boundaries.d.ts.map +1 -0
package/dist/api/security-boundaries.js +32 -0
package/dist/api/security-boundaries.js.map +1 -0
package/dist/api/settings.d.ts +4 -0
package/dist/api/settings.d.ts.map +1 -0
package/dist/api/settings.js +99 -0
package/dist/api/settings.js.map +1 -0
package/dist/api/system.d.ts +75 -0
package/dist/api/system.d.ts.map +1 -0
package/dist/api/system.js +558 -0
package/dist/api/system.js.map +1 -0
package/dist/api/telemetry.d.ts +4 -0
package/dist/api/telemetry.d.ts.map +1 -0
package/dist/api/telemetry.js +24 -0
package/dist/api/telemetry.js.map +1 -0
package/dist/api/users.d.ts +4 -0
package/dist/api/users.d.ts.map +1 -0
package/dist/api/users.js +173 -0
package/dist/api/users.js.map +1 -0
package/dist/archive-unpacker.d.ts +24 -0
package/dist/archive-unpacker.d.ts.map +1 -0
package/dist/archive-unpacker.js +239 -0
package/dist/archive-unpacker.js.map +1 -0
package/dist/artifact-analyzer.d.ts +59 -0
package/dist/artifact-analyzer.d.ts.map +1 -0
package/dist/artifact-analyzer.js +334 -0
package/dist/artifact-analyzer.js.map +1 -0
package/dist/auth/idp/index.d.ts +9 -0
package/dist/auth/idp/index.d.ts.map +1 -0
package/dist/auth/idp/index.js +5 -0
package/dist/auth/idp/index.js.map +1 -0
package/dist/auth/idp/ldap.d.ts +56 -0
package/dist/auth/idp/ldap.d.ts.map +1 -0
package/dist/auth/idp/ldap.js +276 -0
package/dist/auth/idp/ldap.js.map +1 -0
package/dist/auth/idp/oidc.d.ts +27 -0
package/dist/auth/idp/oidc.d.ts.map +1 -0
package/dist/auth/idp/oidc.js +97 -0
package/dist/auth/idp/oidc.js.map +1 -0
package/dist/auth/idp/role-mapping.d.ts +9 -0
package/dist/auth/idp/role-mapping.d.ts.map +1 -0
package/dist/auth/idp/role-mapping.js +16 -0
package/dist/auth/idp/role-mapping.js.map +1 -0
package/dist/auth/idp/saml.d.ts +40 -0
package/dist/auth/idp/saml.d.ts.map +1 -0
package/dist/auth/idp/saml.js +117 -0
package/dist/auth/idp/saml.js.map +1 -0
package/dist/auth/idp/types.d.ts +23 -0
package/dist/auth/idp/types.d.ts.map +1 -0
package/dist/auth/idp/types.js +2 -0
package/dist/auth/idp/types.js.map +1 -0
package/dist/fleet/fleet-executor.d.ts +35 -0
package/dist/fleet/fleet-executor.d.ts.map +1 -0
package/dist/fleet/fleet-executor.js +228 -0
package/dist/fleet/fleet-executor.js.map +1 -0
package/dist/fleet/fleet-store.d.ts +13 -0
package/dist/fleet/fleet-store.d.ts.map +1 -0
package/dist/fleet/fleet-store.js +13 -0
package/dist/fleet/fleet-store.js.map +1 -0
package/dist/fleet/index.d.ts +5 -0
package/dist/fleet/index.d.ts.map +1 -0
package/dist/fleet/index.js +4 -0
package/dist/fleet/index.js.map +1 -0
package/dist/fleet/representative-selector.d.ts +15 -0
package/dist/fleet/representative-selector.d.ts.map +1 -0
package/dist/fleet/representative-selector.js +71 -0
package/dist/fleet/representative-selector.js.map +1 -0
package/dist/graph/graph-executor.d.ts +36 -0
package/dist/graph/graph-executor.d.ts.map +1 -0
package/dist/graph/graph-executor.js +348 -0
package/dist/graph/graph-executor.js.map +1 -0
package/dist/graph/graph-inference.d.ts +22 -0
package/dist/graph/graph-inference.d.ts.map +1 -0
package/dist/graph/graph-inference.js +149 -0
package/dist/graph/graph-inference.js.map +1 -0
package/dist/graph/graph-store.d.ts +12 -0
package/dist/graph/graph-store.d.ts.map +1 -0
package/dist/graph/graph-store.js +61 -0
package/dist/graph/graph-store.js.map +1 -0
package/dist/graph/index.d.ts +5 -0
package/dist/graph/index.d.ts.map +1 -0
package/dist/graph/index.js +4 -0
package/dist/graph/index.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +837 -0
package/dist/index.js.map +1 -0
package/dist/intake/index.d.ts +6 -0
package/dist/intake/index.d.ts.map +1 -0
package/dist/intake/index.js +5 -0
package/dist/intake/index.js.map +1 -0
package/dist/intake/intake-processor.d.ts +17 -0
package/dist/intake/intake-processor.d.ts.map +1 -0
package/dist/intake/intake-processor.js +99 -0
package/dist/intake/intake-processor.js.map +1 -0
package/dist/intake/intake-store.d.ts +7 -0
package/dist/intake/intake-store.d.ts.map +1 -0
package/dist/intake/intake-store.js +7 -0
package/dist/intake/intake-store.js.map +1 -0
package/dist/intake/registry-poller.d.ts +41 -0
package/dist/intake/registry-poller.d.ts.map +1 -0
package/dist/intake/registry-poller.js +202 -0
package/dist/intake/registry-poller.js.map +1 -0
package/dist/intake/webhook-handlers.d.ts +37 -0
package/dist/intake/webhook-handlers.d.ts.map +1 -0
package/dist/intake/webhook-handlers.js +268 -0
package/dist/intake/webhook-handlers.js.map +1 -0
package/dist/logger.d.ts +5 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +15 -0
package/dist/logger.js.map +1 -0
package/dist/mcp/resources.d.ts +9 -0
package/dist/mcp/resources.d.ts.map +1 -0
package/dist/mcp/resources.js +72 -0
package/dist/mcp/resources.js.map +1 -0
package/dist/mcp/server.d.ts +15 -0
package/dist/mcp/server.d.ts.map +1 -0
package/dist/mcp/server.js +20 -0
package/dist/mcp/server.js.map +1 -0
package/dist/mcp/tools.d.ts +9 -0
package/dist/mcp/tools.d.ts.map +1 -0
package/dist/mcp/tools.js +88 -0
package/dist/mcp/tools.js.map +1 -0
package/dist/middleware/auth.d.ts +29 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +76 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/permissions.d.ts +13 -0
package/dist/middleware/permissions.d.ts.map +1 -0
package/dist/middleware/permissions.js +32 -0
package/dist/middleware/permissions.js.map +1 -0
package/dist/pattern-store.d.ts +104 -0
package/dist/pattern-store.d.ts.map +1 -0
package/dist/pattern-store.js +299 -0
package/dist/pattern-store.js.map +1 -0
package/package.json +54 -0
package/src/agent/debrief-retention.ts +44 -0
package/src/agent/envoy-client.ts +474 -0
package/src/agent/envoy-registry.ts +384 -0
package/src/agent/health-checker.ts +70 -0
package/src/agent/mcp-client-manager.ts +131 -0
package/src/agent/stale-deployment-detector.ts +79 -0
package/src/agent/step-runner.ts +124 -0
package/src/agent/synth-agent.ts +1567 -0
package/src/api/agent.ts +1075 -0
package/src/api/api-keys.ts +129 -0
package/src/api/artifacts.ts +194 -0
package/src/api/auth.ts +320 -0
package/src/api/deployments.ts +1347 -0
package/src/api/environments.ts +97 -0
package/src/api/envoy-reports.ts +159 -0
package/src/api/envoys.ts +237 -0
package/src/api/fleet.ts +510 -0
package/src/api/graph.ts +516 -0
package/src/api/health.ts +311 -0
package/src/api/idp-schemas.ts +19 -0
package/src/api/idp.ts +735 -0
package/src/api/intake.ts +537 -0
package/src/api/partitions.ts +147 -0
package/src/api/progress-event-store.ts +153 -0
package/src/api/schemas.ts +376 -0
package/src/api/security-boundaries.ts +54 -0
package/src/api/settings.ts +118 -0
package/src/api/system.ts +704 -0
package/src/api/telemetry.ts +32 -0
package/src/api/users.ts +210 -0
package/src/archive-unpacker.ts +271 -0
package/src/artifact-analyzer.ts +438 -0
package/src/auth/idp/index.ts +8 -0
package/src/auth/idp/ldap.ts +340 -0
package/src/auth/idp/oidc.ts +117 -0
package/src/auth/idp/role-mapping.ts +22 -0
package/src/auth/idp/saml.ts +148 -0
package/src/auth/idp/types.ts +22 -0
package/src/fleet/fleet-executor.ts +309 -0
package/src/fleet/fleet-store.ts +13 -0
package/src/fleet/index.ts +4 -0
package/src/fleet/representative-selector.ts +83 -0
package/src/graph/graph-executor.ts +446 -0
package/src/graph/graph-inference.ts +184 -0
package/src/graph/graph-store.ts +75 -0
package/src/graph/index.ts +4 -0
package/src/index.ts +916 -0
package/src/intake/index.ts +5 -0
package/src/intake/intake-processor.ts +111 -0
package/src/intake/intake-store.ts +7 -0
package/src/intake/registry-poller.ts +230 -0
package/src/intake/webhook-handlers.ts +328 -0
package/src/logger.ts +19 -0
package/src/mcp/resources.ts +98 -0
package/src/mcp/server.ts +34 -0
package/src/mcp/tools.ts +117 -0
package/src/middleware/auth.ts +103 -0
package/src/middleware/permissions.ts +35 -0
package/src/pattern-store.ts +409 -0
package/tests/agent-mode.test.ts +536 -0
package/tests/api-handlers.test.ts +1245 -0
package/tests/archive-unpacker.test.ts +179 -0
package/tests/artifact-analyzer.test.ts +240 -0
package/tests/auth-middleware.test.ts +189 -0
package/tests/decision-diary.test.ts +957 -0
package/tests/diary-reader.test.ts +782 -0
package/tests/envoy-client.test.ts +342 -0
package/tests/envoy-reports.test.ts +156 -0
package/tests/mcp-tools.test.ts +213 -0
package/tests/orchestration.test.ts +536 -0
package/tests/partition-deletion.test.ts +143 -0
package/tests/partition-isolation.test.ts +830 -0
package/tests/pattern-store.test.ts +371 -0
package/tests/rbac-enforcement.test.ts +409 -0
package/tests/ssrf-validation.test.ts +56 -0
package/tests/stale-deployment.test.ts +85 -0
package/tests/step-runner.test.ts +308 -0
package/tests/ui-journey.test.ts +330 -0
package/tsconfig.json +11 -0
package/vitest.config.ts +27 -0

package/tests/envoy-client.test.ts ADDED Viewed

@@ -0,0 +1,342 @@
+import { describe, it, expect, vi, afterEach } from "vitest";
+import { EnvoyClient, EnvoyHealthChecker } from "../src/agent/envoy-client.js";
+import type { EnvoyHealthResponse } from "../src/agent/envoy-client.js";
+// ---------------------------------------------------------------------------
+// Shared helpers
+// ---------------------------------------------------------------------------
+function makeHealthResponse(overrides: Partial<EnvoyHealthResponse> = {}): EnvoyHealthResponse {
+  return {
+    status: "healthy",
+    service: "envoy",
+    hostname: "test-host",
+    timestamp: new Date().toISOString(),
+    readiness: { ready: true, reason: "ok" },
+    summary: { totalDeployments: 5, succeeded: 4, failed: 1, executing: 0, environments: 2 },
+    ...overrides,
+  };
+}
+const originalFetch = globalThis.fetch;
+afterEach(() => {
+  globalThis.fetch = originalFetch;
+  vi.restoreAllMocks();
+});
+// ===========================================================================
+// EnvoyClient retry logic
+// ===========================================================================
+describe("EnvoyClient retry logic", () => {
+  it("succeeds on first attempt without retry", async () => {
+    const mockFetch = vi.fn().mockResolvedValueOnce(
+      new Response(JSON.stringify(makeHealthResponse()), { status: 200 }),
+    );
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    const result = await client.checkHealth();
+    expect(result.status).toBe("healthy");
+    expect(mockFetch).toHaveBeenCalledTimes(1);
+  });
+  it("retries on connection error and succeeds", async () => {
+    const mockFetch = vi.fn()
+      .mockRejectedValueOnce(new Error("fetch failed: ECONNREFUSED"))
+      .mockResolvedValueOnce(new Response(JSON.stringify(makeHealthResponse()), { status: 200 }));
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    const result = await client.checkHealth();
+    expect(result.status).toBe("healthy");
+    expect(mockFetch).toHaveBeenCalledTimes(2);
+  });
+  it("retries on 503 and succeeds", async () => {
+    const mockFetch = vi.fn()
+      .mockResolvedValueOnce(new Response("Service Unavailable", { status: 503 }))
+      .mockResolvedValueOnce(new Response(JSON.stringify(makeHealthResponse()), { status: 200 }));
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    const result = await client.checkHealth();
+    expect(result.status).toBe("healthy");
+    expect(mockFetch).toHaveBeenCalledTimes(2);
+  });
+  it("does not retry on 400 (permanent error)", async () => {
+    const mockFetch = vi.fn()
+      .mockResolvedValueOnce(new Response("Bad Request", { status: 400 }));
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    await expect(client.checkHealth()).rejects.toThrow("HTTP 400");
+    expect(mockFetch).toHaveBeenCalledTimes(1);
+  });
+});
+// ===========================================================================
+// EnvoyClient.checkHealth — detailed scenarios
+// ===========================================================================
+describe("EnvoyClient.checkHealth", () => {
+  it("returns full health response with all fields", async () => {
+    const expected = makeHealthResponse({
+      summary: { totalDeployments: 10, succeeded: 8, failed: 2, executing: 0, environments: 3 },
+    });
+    globalThis.fetch = vi.fn().mockResolvedValueOnce(
+      new Response(JSON.stringify(expected), { status: 200 }),
+    );
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    const result = await client.checkHealth();
+    expect(result.status).toBe("healthy");
+    expect(result.service).toBe("envoy");
+    expect(result.hostname).toBe("test-host");
+    expect(result.readiness.ready).toBe(true);
+    expect(result.summary.totalDeployments).toBe(10);
+    expect(result.summary.succeeded).toBe(8);
+    expect(result.summary.environments).toBe(3);
+  });
+  it("throws on non-retryable HTTP error without retrying", async () => {
+    const mockFetch = vi.fn().mockResolvedValueOnce(
+      new Response("Internal Server Error", { status: 500 }),
+    );
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    await expect(client.checkHealth()).rejects.toThrow("HTTP 500");
+    // 500 is not in the retryable set (502, 503, 504), so no retry
+    expect(mockFetch).toHaveBeenCalledTimes(1);
+  });
+  it("throws on malformed JSON response", async () => {
+    globalThis.fetch = vi.fn().mockResolvedValueOnce(
+      new Response("this is not json", { status: 200, headers: { "Content-Type": "text/plain" } }),
+    );
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    // response.json() will throw a SyntaxError on invalid JSON
+    await expect(client.checkHealth()).rejects.toThrow();
+  });
+  it("throws on non-transient error without retrying", async () => {
+    // Errors that do NOT match isTransientError patterns are thrown immediately
+    const mockFetch = vi.fn().mockRejectedValueOnce(new Error("certificate expired"));
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    await expect(client.checkHealth()).rejects.toThrow("certificate expired");
+    // Non-transient error should not trigger retries
+    expect(mockFetch).toHaveBeenCalledTimes(1);
+  });
+  it("calls the correct URL for health endpoint", async () => {
+    const mockFetch = vi.fn().mockResolvedValueOnce(
+      new Response(JSON.stringify(makeHealthResponse()), { status: 200 }),
+    );
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://my-envoy:9090", 5000);
+    await client.checkHealth();
+    const [url] = mockFetch.mock.calls[0];
+    expect(url).toBe("http://my-envoy:9090/health");
+  });
+});
+// ===========================================================================
+// EnvoyClient.deploy
+// ===========================================================================
+describe("EnvoyClient.deploy", () => {
+  const deployInstruction = {
+    deploymentId: "dep-1",
+    partitionId: "part-1",
+    environmentId: "env-1",
+    operationId: "op-1",
+    version: "1.0.0",
+    variables: { DB_HOST: "localhost" },
+    environmentName: "staging",
+    partitionName: "acme-corp",
+  };
+  it("sends POST with JSON body and returns deploy result", async () => {
+    const deployResult = {
+      deploymentId: "dep-1",
+      success: true,
+      workspacePath: "/tmp/deploy",
+      artifacts: ["artifact.tar.gz"],
+      executionDurationMs: 500,
+      totalDurationMs: 800,
+      verificationPassed: true,
+      verificationChecks: [],
+      failureReason: null,
+      debriefEntryIds: ["entry-1"],
+      debriefEntries: [],
+    };
+    const mockFetch = vi.fn().mockResolvedValueOnce(
+      new Response(JSON.stringify(deployResult), { status: 200 }),
+    );
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    const result = await client.deploy(deployInstruction);
+    expect(result.deploymentId).toBe("dep-1");
+    expect(result.success).toBe(true);
+    expect(result.workspacePath).toBe("/tmp/deploy");
+    // Verify the fetch was called with correct URL and method
+    expect(mockFetch).toHaveBeenCalledTimes(1);
+    const [url, init] = mockFetch.mock.calls[0];
+    expect(url).toBe("http://envoy.test:8080/deploy");
+    expect(init.method).toBe("POST");
+    expect(init.headers).toEqual({ "Content-Type": "application/json" });
+    expect(JSON.parse(init.body as string)).toEqual(deployInstruction);
+  });
+  it("uses 3x the base timeout for deploy calls", async () => {
+    const deployResult = {
+      deploymentId: "dep-1",
+      success: true,
+      workspacePath: "/tmp/deploy",
+      artifacts: [],
+      executionDurationMs: 100,
+      totalDurationMs: 200,
+      verificationPassed: true,
+      verificationChecks: [],
+      failureReason: null,
+      debriefEntryIds: [],
+      debriefEntries: [],
+    };
+    // Track the abort signal to verify timeout is set
+    let capturedSignal: AbortSignal | undefined;
+    const mockFetch = vi.fn().mockImplementation((_url: string, init: RequestInit) => {
+      capturedSignal = init.signal ?? undefined;
+      return Promise.resolve(new Response(JSON.stringify(deployResult), { status: 200 }));
+    });
+    globalThis.fetch = mockFetch;
+    const client = new EnvoyClient("http://envoy.test:8080", 5000);
+    await client.deploy(deployInstruction);
+    // The signal should exist (fetchWithRetry always creates one)
+    expect(capturedSignal).toBeDefined();
+  });
+});
+// ===========================================================================
+// EnvoyHealthChecker — adapter for ServiceHealthChecker interface
+//
+// These tests mock EnvoyClient.checkHealth directly to avoid going through
+// the retry/fetch layer, which would introduce real sleep delays.
+// ===========================================================================
+describe("EnvoyHealthChecker", () => {
+  const context = { partitionId: "part-1", environmentName: "staging" };
+  it("returns healthy when no envoy is registered for serviceId", async () => {
+    const checker = new EnvoyHealthChecker();
+    const result = await checker.check("op-1/staging", context);
+    expect(result.reachable).toBe(true);
+    expect(result.responseTimeMs).toBe(0);
+    expect(result.error).toBeNull();
+  });
+  it("returns healthy when registered envoy reports healthy", async () => {
+    const checker = new EnvoyHealthChecker();
+    const envoyClient = new EnvoyClient("http://envoy.test:8080", 5000);
+    vi.spyOn(envoyClient, "checkHealth").mockResolvedValueOnce(makeHealthResponse());
+    checker.registerEnvoy("op-1/staging", envoyClient);
+    const result = await checker.check("op-1/staging", context);
+    expect(result.reachable).toBe(true);
+    expect(result.error).toBeNull();
+    expect(typeof result.responseTimeMs).toBe("number");
+  });
+  it("returns not reachable when envoy reports degraded and not ready", async () => {
+    const checker = new EnvoyHealthChecker();
+    const envoyClient = new EnvoyClient("http://envoy.test:8080", 5000);
+    vi.spyOn(envoyClient, "checkHealth").mockResolvedValueOnce(
+      makeHealthResponse({
+        status: "degraded",
+        readiness: { ready: false, reason: "disk full" },
+      }),
+    );
+    checker.registerEnvoy("op-1/staging", envoyClient);
+    const result = await checker.check("op-1/staging", context);
+    expect(result.reachable).toBe(false);
+    expect(result.error).toContain("degraded");
+    expect(result.error).toContain("disk full");
+  });
+  it("returns ETIMEDOUT error when envoy health check is aborted", async () => {
+    const checker = new EnvoyHealthChecker();
+    const envoyClient = new EnvoyClient("http://envoy.test:8080", 1);
+    vi.spyOn(envoyClient, "checkHealth").mockRejectedValueOnce(
+      new DOMException("The operation was aborted", "AbortError"),
+    );
+    checker.registerEnvoy("op-1/staging", envoyClient);
+    const result = await checker.check("op-1/staging", context);
+    expect(result.reachable).toBe(false);
+    expect(result.error).toContain("ETIMEDOUT");
+  });
+  it("returns ECONNREFUSED error when envoy is not responding", async () => {
+    const checker = new EnvoyHealthChecker();
+    const envoyClient = new EnvoyClient("http://envoy.test:8080", 5000);
+    vi.spyOn(envoyClient, "checkHealth").mockRejectedValueOnce(
+      new Error("fetch failed: ECONNREFUSED"),
+    );
+    checker.registerEnvoy("op-1/staging", envoyClient);
+    const result = await checker.check("op-1/staging", context);
+    expect(result.reachable).toBe(false);
+    expect(result.error).toContain("ECONNREFUSED");
+  });
+  it("returns generic error for unexpected failures", async () => {
+    const checker = new EnvoyHealthChecker();
+    const envoyClient = new EnvoyClient("http://envoy.test:8080", 5000);
+    vi.spyOn(envoyClient, "checkHealth").mockRejectedValueOnce(
+      new Error("something completely unexpected"),
+    );
+    checker.registerEnvoy("op-1/staging", envoyClient);
+    const result = await checker.check("op-1/staging", context);
+    expect(result.reachable).toBe(false);
+    expect(result.error).toContain("health check failed");
+  });
+  it("returns healthy=true even when status is healthy but readiness is false", async () => {
+    const checker = new EnvoyHealthChecker();
+    const envoyClient = new EnvoyClient("http://envoy.test:8080", 5000);
+    vi.spyOn(envoyClient, "checkHealth").mockResolvedValueOnce(
+      makeHealthResponse({
+        status: "healthy",
+        readiness: { ready: false, reason: "warming up" },
+      }),
+    );
+    checker.registerEnvoy("op-1/staging", envoyClient);
+    const result = await checker.check("op-1/staging", context);
+    // healthy status but not ready -> not reachable
+    expect(result.reachable).toBe(false);
+    expect(result.error).toContain("warming up");
+  });
+});

package/tests/envoy-reports.test.ts ADDED Viewed

@@ -0,0 +1,156 @@
+import { describe, it, expect, beforeEach, afterAll } from "vitest";
+import Fastify from "fastify";
+import type { FastifyInstance } from "fastify";
+import { DecisionDebrief } from "@synth-deploy/core";
+import { InMemoryDeploymentStore } from "../src/agent/synth-agent.js";
+import { registerEnvoyReportRoutes } from "../src/api/envoy-reports.js";
+import type { EnvoyRegistry } from "../src/agent/envoy-registry.js";
+const TEST_TOKEN = "test-envoy-token";
+// Minimal mock registry — validates TEST_TOKEN, rejects all others
+const mockRegistry = {
+  validateToken: (token: string) => token === TEST_TOKEN ? { id: "envoy-1" } : undefined,
+} as unknown as EnvoyRegistry;
+function makeReport(overrides: Record<string, unknown> = {}) {
+  return {
+    type: "deployment-result",
+    envoyId: "envoy-1",
+    deploymentId: "dep-1",
+    success: true,
+    failureReason: null,
+    debriefEntries: [
+      {
+        id: "entry-1",
+        timestamp: new Date().toISOString(),
+        partitionId: "part-1",
+        deploymentId: "dep-1",
+        agent: "envoy",
+        decisionType: "deployment-execution",
+        decision: "Ran step",
+        reasoning: "It was the next step",
+        context: {},
+      },
+    ],
+    summary: {
+      artifacts: [],
+      workspacePath: "/tmp/ws",
+      executionDurationMs: 100,
+      totalDurationMs: 200,
+      verificationPassed: true,
+      verificationChecks: [],
+    },
+    ...overrides,
+  };
+}
+describe("Envoy report ingestion", () => {
+  let app: FastifyInstance;
+  let debrief: DecisionDebrief;
+  let deployments: InMemoryDeploymentStore;
+  beforeEach(async () => {
+    app = Fastify();
+    debrief = new DecisionDebrief();
+    deployments = new InMemoryDeploymentStore();
+    registerEnvoyReportRoutes(app, debrief, deployments, mockRegistry);
+    await app.ready();
+  });
+  afterAll(async () => {
+    await app?.close();
+  });
+  it("accepts a valid report when deployment belongs to partition", async () => {
+    deployments.save({
+      id: "dep-1",
+      operationId: "op-1",
+      partitionId: "part-1",
+      environmentId: "env-1",
+      version: "1.0",
+      status: "running",
+      variables: {},
+      debriefEntryIds: [],
+      orderId: null,
+      createdAt: new Date(),
+    });
+    const res = await app.inject({
+      method: "POST",
+      url: "/api/envoy/report",
+      headers: { Authorization: `Bearer ${TEST_TOKEN}` },
+      payload: makeReport(),
+    });
+    expect(res.statusCode).toBe(200);
+    expect(res.json().accepted).toBe(true);
+    expect(res.json().entriesIngested).toBe(1);
+  });
+  it("rejects report with cross-partition deployment (403)", async () => {
+    // Deployment belongs to part-2, but report claims part-1
+    deployments.save({
+      id: "dep-1",
+      operationId: "op-1",
+      partitionId: "part-2",
+      environmentId: "env-1",
+      version: "1.0",
+      status: "running",
+      variables: {},
+      debriefEntryIds: [],
+      orderId: null,
+      createdAt: new Date(),
+    });
+    const res = await app.inject({
+      method: "POST",
+      url: "/api/envoy/report",
+      headers: { Authorization: `Bearer ${TEST_TOKEN}` },
+      payload: makeReport(),
+    });
+    expect(res.statusCode).toBe(403);
+    expect(res.json().error).toContain("Partition boundary");
+  });
+  it("rejects report with unknown deployment (403)", async () => {
+    // No deployment saved — dep-1 doesn't exist
+    const res = await app.inject({
+      method: "POST",
+      url: "/api/envoy/report",
+      headers: { Authorization: `Bearer ${TEST_TOKEN}` },
+      payload: makeReport(),
+    });
+    expect(res.statusCode).toBe(403);
+  });
+  it("rejects invalid decisionType", async () => {
+    deployments.save({
+      id: "dep-1",
+      operationId: "op-1",
+      partitionId: "part-1",
+      environmentId: "env-1",
+      version: "1.0",
+      status: "running",
+      variables: {},
+      debriefEntryIds: [],
+      orderId: null,
+      createdAt: new Date(),
+    });
+    const report = makeReport();
+    (report as any).debriefEntries[0].decisionType = "totally-fake-type";
+    const res = await app.inject({
+      method: "POST",
+      url: "/api/envoy/report",
+      headers: { Authorization: `Bearer ${TEST_TOKEN}` },
+      payload: report,
+    });
+    expect(res.statusCode).toBe(400);
+    expect(res.json().error).toContain("Invalid");
+  });
+});