@urateam/dashboard 0.1.4 → 0.1.5

package/dist/__tests__/cost.test.js

@@ -0,0 +1,197 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { generateKeyPairSync, sign } from "node:crypto";
+import { createDashboard } from "../server.js";
+import { createDb } from "@urateam/core";
+import { pipelineRuns, stageRuns } from "@urateam/core/dist/db/schema.js";
+import { _resetLicenseCache } from "@urateam/core/dist/license.js";
+// ---------------- license test helper (inlined from audit.test.ts) ----------------
+function b64url(buf) {
+    return buf
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+function makeJwt(privateKey, payload) {
+    const header = { alg: "EdDSA", typ: "JWT" };
+    const headerB64 = b64url(Buffer.from(JSON.stringify(header)));
+    const payloadB64 = b64url(Buffer.from(JSON.stringify(payload)));
+    const signingInput = `${headerB64}.${payloadB64}`;
+    const sig = sign(null, Buffer.from(signingInput), privateKey);
+    return `${signingInput}.${b64url(sig)}`;
+}
+let savedPublicKey;
+let savedEnv;
+async function installEnterpriseLicense() {
+    const { publicKey, privateKey } = generateKeyPairSync("ed25519");
+    const publicKeyB64 = Buffer.from(publicKey.export({ format: "der", type: "spki" })).toString("base64");
+    const mod = await import("@urateam/core/dist/license-public-key.js");
+    if (savedPublicKey === undefined) {
+        savedPublicKey = mod
+            .LICENSE_PUBLIC_KEY_DER_B64;
+    }
+    Object.defineProperty(mod, "LICENSE_PUBLIC_KEY_DER_B64", {
+        value: publicKeyB64,
+        writable: true,
+        configurable: true,
+    });
+    const now = Math.floor(Date.now() / 1000);
+    const jwt = makeJwt(privateKey, {
+        iss: "urateams.com",
+        sub: "cust_test",
+        tier: "enterprise",
+        seats: 25,
+        iat: now,
+        exp: now + 86_400,
+    });
+    if (savedEnv === undefined)
+        savedEnv = process.env.URATEAM_LICENSE_KEY;
+    process.env.URATEAM_LICENSE_KEY = jwt;
+    _resetLicenseCache();
+}
+async function restoreLicense() {
+    if (savedPublicKey !== undefined) {
+        const mod = await import("@urateam/core/dist/license-public-key.js");
+        Object.defineProperty(mod, "LICENSE_PUBLIC_KEY_DER_B64", {
+            value: savedPublicKey,
+            writable: true,
+            configurable: true,
+        });
+        savedPublicKey = undefined;
+    }
+    if (savedEnv === undefined) {
+        delete process.env.URATEAM_LICENSE_KEY;
+    }
+    else {
+        process.env.URATEAM_LICENSE_KEY = savedEnv;
+        savedEnv = undefined;
+    }
+    _resetLicenseCache();
+}
+function basicAuthHeader(u, p) {
+    return "Basic " + Buffer.from(`${u}:${p}`).toString("base64");
+}
+const AUTH = { Authorization: basicAuthHeader("admin", "secret") };
+const testCosts = {
+    modelPricing: {
+        "claude-sonnet-4-6": { inputPerMillion: 3, outputPerMillion: 15 },
+    },
+    hourlyEngRate: 50,
+    timeSavedPerPrDefault: 4,
+};
+const testPipelineConfigs = {
+    "quick-fix": { profile: { model: "claude-sonnet-4-6" } },
+};
+async function seedCompletedRun(db) {
+    const now = new Date();
+    const started = new Date(now.getTime() - 60_000);
+    await db.insert(pipelineRuns).values({
+        id: "run-cost-1",
+        issueId: "BEC-1",
+        issueTitle: "seed",
+        pipelineKey: "quick-fix",
+        repoUrl: "https://github.com/acme/api",
+        status: "completed",
+        startedAt: started,
+        completedAt: now,
+        linearTeamId: "T1",
+    });
+    await db.insert(stageRuns).values({
+        id: "stage-cost-1",
+        pipelineRunId: "run-cost-1",
+        stage: "implement",
+        status: "completed",
+        startedAt: started,
+        completedAt: now,
+        inputTokens: 100_000,
+        outputTokens: 50_000,
+    });
+}
+// ---------------- tests ----------------
+describe("cost route — unlicensed", () => {
+    beforeEach(async () => {
+        await restoreLicense();
+    });
+    it("returns 404 for GET /cost when feature is not licensed", async () => {
+        const db = await createDb({ connectionString: ":memory:" });
+        const app = createDashboard({
+            db,
+            pipelineConfigs: testPipelineConfigs,
+            repoConfigs: {},
+            costs: testCosts,
+            auth: { username: "admin", password: "secret" },
+        });
+        const res = await app.request("/cost", { headers: AUTH });
+        expect(res.status).toBe(404);
+    });
+    it("returns 404 for GET /cost/page when feature is not licensed", async () => {
+        const db = await createDb({ connectionString: ":memory:" });
+        const app = createDashboard({
+            db,
+            pipelineConfigs: testPipelineConfigs,
+            repoConfigs: {},
+            costs: testCosts,
+            auth: { username: "admin", password: "secret" },
+        });
+        const res = await app.request("/cost/page", { headers: AUTH });
+        expect(res.status).toBe(404);
+    });
+    it("returns 404 for GET /cost/export.csv when feature is not licensed", async () => {
+        const db = await createDb({ connectionString: ":memory:" });
+        const app = createDashboard({
+            db,
+            pipelineConfigs: testPipelineConfigs,
+            repoConfigs: {},
+            costs: testCosts,
+            auth: { username: "admin", password: "secret" },
+        });
+        const res = await app.request("/cost/export.csv", { headers: AUTH });
+        expect(res.status).toBe(404);
+    });
+});
+describe("cost route — licensed (enterprise)", () => {
+    beforeEach(async () => {
+        await installEnterpriseLicense();
+    });
+    afterEach(async () => {
+        await restoreLicense();
+    });
+    it("GET /cost returns 200 and renders summary with seeded run", async () => {
+        const db = await createDb({ connectionString: ":memory:" });
+        await seedCompletedRun(db);
+        const app = createDashboard({
+            db,
+            pipelineConfigs: testPipelineConfigs,
+            repoConfigs: {},
+            costs: testCosts,
+            auth: { username: "admin", password: "secret" },
+        });
+        const res = await app.request("/cost", { headers: AUTH });
+        expect(res.status).toBe(200);
+        const html = await res.text();
+        expect(html).toContain("PRs merged");
+        expect(html).toContain("quick-fix");
+        expect(html).toMatch(/\$\d/);
+        expect(html).toContain("Cost");
+    });
+    it("GET /cost/export.csv returns 200 text/csv with header row and disposition", async () => {
+        const db = await createDb({ connectionString: ":memory:" });
+        await seedCompletedRun(db);
+        const app = createDashboard({
+            db,
+            pipelineConfigs: testPipelineConfigs,
+            repoConfigs: {},
+            costs: testCosts,
+            auth: { username: "admin", password: "secret" },
+        });
+        const res = await app.request("/cost/export.csv", { headers: AUTH });
+        expect(res.status).toBe(200);
+        expect(res.headers.get("content-type") ?? "").toContain("text/csv");
+        const disposition = res.headers.get("content-disposition") ?? "";
+        expect(disposition).toMatch(/attachment; filename="cost-\d{4}-\d{2}-\d{2}-\d{4}-\d{2}-\d{2}\.csv"/);
+        const body = await res.text();
+        expect(body).toContain("completed_at,run_id,issue_id,pipeline_key,linear_team_id,repo_url,input_tokens,output_tokens,dollars,time_saved_hours");
+        expect(body).toContain("run-cost-1");
+    });
+});
+//# sourceMappingURL=cost.test.js.map

package/dist/__tests__/cost.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost.test.js","sourceRoot":"","sources":["../../src/__tests__/cost.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAkB,IAAI,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAEnE,qFAAqF;AACrF,SAAS,MAAM,CAAC,GAAW;IACzB,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,OAAO,CAAC,UAAqB,EAAE,OAAe;IACrD,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,UAAU,CAAC,CAAC;IAC9D,OAAO,GAAG,YAAY,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;AAC1C,CAAC;AAED,IAAI,cAAkC,CAAC;AACvC,IAAI,QAA4B,CAAC;AAEjC,KAAK,UAAU,wBAAwB;IACrC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAC9B,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAClD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;IACrE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,cAAc,GAAI,GAA8C;aAC7D,0BAA0B,CAAC;IAChC,CAAC;IACD,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE;QACvD,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,IAAI;QACd,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE;QAC9B,GAAG,EAAE,cAAc;QACnB,GAAG,EAAE,WAAW;QAChB,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,EAAE;QACT,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,MAAM;KAClB,CAAC,CAAC;IAEH,IAAI,QAAQ,KAAK,SAAS;QAAE,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACvE,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,GAAG,CAAC;IACtC,kBAAkB,EAAE,CAAC;AACvB,CAAC;AAED,KAAK,UAAU,cAAc;IAC3B,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;QACrE,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE;YACvD,KAAK,EAAE,cAAc;YACrB,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QACH,cAAc,GAAG,SAAS,CAAC;IAC7B,CAAC;IACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACzC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,QAAQ,CAAC;QAC3C,QAAQ,GAAG,SAAS,CAAC;IACvB,CAAC;IACD,kBAAkB,EAAE,CAAC;AACvB,CAAC;AAED,SAAS,eAAe,CAAC,CAAS,EAAE,CAAS;IAC3C,OAAO,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,IAAI,GAAG,EAAE,aAAa,EAAE,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;AAEnE,MAAM,SAAS,GAAG;IAChB,YAAY,EAAE;QACZ,mBAAmB,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE;KAClE;IACD,aAAa,EAAE,EAAE;IACjB,qBAAqB,EAAE,CAAC;CACzB,CAAC;AAEF,MAAM,mBAAmB,GAAwB;IAC/C,WAAW,EAAE,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE;CACzD,CAAC;AAEF,KAAK,UAAU,gBAAgB,CAAC,EAAM;IACpC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,CAAC;IACjD,MAAO,EAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;QAC5C,EAAE,EAAE,YAAY;QAChB,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,MAAM;QAClB,WAAW,EAAE,WAAW;QACxB,OAAO,EAAE,6BAA6B;QACtC,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,OAAO;QAClB,WAAW,EAAE,GAAG;QAChB,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,MAAO,EAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACzC,EAAE,EAAE,cAAc;QAClB,aAAa,EAAE,YAAY;QAC3B,KAAK,EAAE,WAAW;QAClB,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,OAAO;QAClB,WAAW,EAAE,GAAG;QAChB,WAAW,EAAE,OAAO;QACpB,YAAY,EAAE,MAAM;KACrB,CAAC,CAAC;AACL,CAAC;AAED,0CAA0C;AAC1C,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,cAAc,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,mBAAmB;YACpC,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAChD,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;QAC3E,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,mBAAmB;YACpC,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAChD,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,mBAAmB;YACpC,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAChD,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,wBAAwB,EAAE,CAAC;IACnC,CAAC,CAAC,CAAC;IACH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,cAAc,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;QAC5D,MAAM,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAE3B,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,mBAAmB;YACpC,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAChD,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;QAC5D,MAAM,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAE3B,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,mBAAmB;YACpC,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAChD,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,EAAE,CAAC;QACjE,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,sEAAsE,CAAC,CAAC;QAEpG,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CACpB,uHAAuH,CACxH,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/helpers/license.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Install a test license at the requested tier, replacing the embedded
+ * public key with a generated one so the JWT verifies. Used by dashboard
+ * tests for enterprise-tier features (audit-log, sso).
+ */
+export declare function installTestProLicense(tier?: "pro" | "enterprise"): Promise<void>;
+export declare function restoreLicense(): Promise<void>;
+//# sourceMappingURL=license.d.ts.map

package/dist/__tests__/helpers/license.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/license.ts"],"names":[],"mappings":"AAuBA;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,GAAE,KAAK,GAAG,YAA2B,GACxC,OAAO,CAAC,IAAI,CAAC,CA8Bf;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAiBpD"}

package/dist/__tests__/helpers/license.js

@@ -0,0 +1,71 @@
+import { generateKeyPairSync, sign } from "node:crypto";
+import { _resetLicenseCache } from "@urateam/core/dist/license.js";
+function b64url(buf) {
+    return buf
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+function makeJwt(privateKey, payload) {
+    const header = { alg: "EdDSA", typ: "JWT" };
+    const headerB64 = b64url(Buffer.from(JSON.stringify(header)));
+    const payloadB64 = b64url(Buffer.from(JSON.stringify(payload)));
+    const signingInput = `${headerB64}.${payloadB64}`;
+    const sig = sign(null, Buffer.from(signingInput), privateKey);
+    return `${signingInput}.${b64url(sig)}`;
+}
+let savedPublicKey;
+let savedEnv;
+/**
+ * Install a test license at the requested tier, replacing the embedded
+ * public key with a generated one so the JWT verifies. Used by dashboard
+ * tests for enterprise-tier features (audit-log, sso).
+ */
+export async function installTestProLicense(tier = "enterprise") {
+    const { publicKey, privateKey } = generateKeyPairSync("ed25519");
+    const publicKeyB64 = Buffer.from(publicKey.export({ format: "der", type: "spki" })).toString("base64");
+    const mod = await import("@urateam/core/dist/license-public-key.js");
+    if (savedPublicKey === undefined) {
+        savedPublicKey = mod
+            .LICENSE_PUBLIC_KEY_DER_B64;
+    }
+    Object.defineProperty(mod, "LICENSE_PUBLIC_KEY_DER_B64", {
+        value: publicKeyB64,
+        writable: true,
+        configurable: true,
+    });
+    const now = Math.floor(Date.now() / 1000);
+    const jwt = makeJwt(privateKey, {
+        iss: "urateams.com",
+        sub: "cust_test",
+        tier,
+        seats: 25,
+        iat: now,
+        exp: now + 86_400,
+    });
+    if (savedEnv === undefined)
+        savedEnv = process.env.URATEAM_LICENSE_KEY;
+    process.env.URATEAM_LICENSE_KEY = jwt;
+    _resetLicenseCache();
+}
+export async function restoreLicense() {
+    if (savedPublicKey !== undefined) {
+        const mod = await import("@urateam/core/dist/license-public-key.js");
+        Object.defineProperty(mod, "LICENSE_PUBLIC_KEY_DER_B64", {
+            value: savedPublicKey,
+            writable: true,
+            configurable: true,
+        });
+        savedPublicKey = undefined;
+    }
+    if (savedEnv === undefined) {
+        delete process.env.URATEAM_LICENSE_KEY;
+    }
+    else {
+        process.env.URATEAM_LICENSE_KEY = savedEnv;
+        savedEnv = undefined;
+    }
+    _resetLicenseCache();
+}
+//# sourceMappingURL=license.js.map

package/dist/__tests__/helpers/license.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"license.js","sourceRoot":"","sources":["../../../src/__tests__/helpers/license.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAkB,IAAI,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAEnE,SAAS,MAAM,CAAC,GAAW;IACzB,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,OAAO,CAAC,UAAqB,EAAE,OAAe;IACrD,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,UAAU,CAAC,CAAC;IAC9D,OAAO,GAAG,YAAY,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;AAC1C,CAAC;AAED,IAAI,cAAkC,CAAC;AACvC,IAAI,QAA4B,CAAC;AAEjC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAA6B,YAAY;IAEzC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAC9B,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAClD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;IACrE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,cAAc,GAAI,GAA8C;aAC7D,0BAA0B,CAAC;IAChC,CAAC;IACD,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE;QACvD,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,IAAI;QACd,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE;QAC9B,GAAG,EAAE,cAAc;QACnB,GAAG,EAAE,WAAW;QAChB,IAAI;QACJ,KAAK,EAAE,EAAE;QACT,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,MAAM;KAClB,CAAC,CAAC;IAEH,IAAI,QAAQ,KAAK,SAAS;QAAE,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACvE,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,GAAG,CAAC;IACtC,kBAAkB,EAAE,CAAC;AACvB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;QACrE,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE;YACvD,KAAK,EAAE,cAAc;YACrB,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QACH,cAAc,GAAG,SAAS,CAAC;IAC7B,CAAC;IACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACzC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,QAAQ,CAAC;QAC3C,QAAQ,GAAG,SAAS,CAAC;IACvB,CAAC;IACD,kBAAkB,EAAE,CAAC;AACvB,CAAC"}

package/dist/__tests__/rbac-middleware.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=rbac-middleware.test.d.ts.map

package/dist/__tests__/rbac-middleware.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-middleware.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/rbac-middleware.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/rbac-middleware.test.js

@@ -0,0 +1,59 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { Hono } from "hono";
+import { requirePermission } from "../middleware/rbac.js";
+import { installTestProLicense, restoreLicense } from "./helpers/license.js";
+afterEach(async () => {
+    await restoreLicense();
+});
+function appWithRoute(permission, role) {
+    const app = new Hono();
+    app.use("*", async (c, next) => {
+        if (role)
+            c.set("user", {
+                id: "u_1",
+                role,
+                email: "u@b.com",
+            });
+        await next();
+    });
+    app.get("/test", 
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    requirePermission(permission), (c) => c.text("ok"));
+    return app;
+}
+describe("requirePermission", () => {
+    it("unlicensed → no-op, all roles pass", async () => {
+        const app = appWithRoute("config.view", "viewer");
+        expect((await app.request("/test")).status).toBe(200);
+    });
+    describe("licensed", () => {
+        beforeEach(async () => {
+            await installTestProLicense("enterprise");
+        });
+        it("admin passes runs.view", async () => {
+            const res = await appWithRoute("runs.view", "admin").request("/test");
+            expect(res.status).toBe(200);
+        });
+        it("viewer passes runs.view", async () => {
+            const res = await appWithRoute("runs.view", "viewer").request("/test");
+            expect(res.status).toBe(200);
+        });
+        it("viewer gets 403 on audit.view", async () => {
+            const res = await appWithRoute("audit.view", "viewer").request("/test");
+            expect(res.status).toBe(403);
+        });
+        it("operator gets 403 on config.view", async () => {
+            const res = await appWithRoute("config.view", "operator").request("/test");
+            expect(res.status).toBe(403);
+        });
+        it("admin passes config.view", async () => {
+            const res = await appWithRoute("config.view", "admin").request("/test");
+            expect(res.status).toBe(200);
+        });
+        it("no session → 401", async () => {
+            const res = await appWithRoute("runs.view", undefined).request("/test");
+            expect(res.status).toBe(401);
+        });
+    });
+});
+//# sourceMappingURL=rbac-middleware.test.js.map

package/dist/__tests__/rbac-middleware.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-middleware.test.js","sourceRoot":"","sources":["../../src/__tests__/rbac-middleware.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE7E,SAAS,CAAC,KAAK,IAAI,EAAE;IACnB,MAAM,cAAc,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,SAAS,YAAY,CAAC,UAAkB,EAAE,IAAwB;IAChE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,IAAI,IAAI;YACN,CAAC,CAAC,GAAG,CAAC,MAAe,EAAE;gBACrB,EAAE,EAAE,KAAK;gBACT,IAAI;gBACJ,KAAK,EAAE,SAAS;aACR,CAAC,CAAC;QACd,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CACL,OAAO;IACP,8DAA8D;IAC9D,iBAAiB,CAAC,UAAiB,CAAC,EACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACpB,CAAC;IACF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,GAAG,GAAG,YAAY,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAClD,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACvE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,OAAO,CAC/D,OAAO,CACR,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YACxC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kBAAkB,EAAE,KAAK,IAAI,EAAE;YAChC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/retry-route.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=retry-route.test.d.ts.map

package/dist/__tests__/retry-route.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry-route.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/retry-route.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/retry-route.test.js

@@ -0,0 +1,115 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { Hono } from "hono";
+import { eq } from "drizzle-orm";
+import { createDb } from "@urateam/core";
+import { pipelineRuns, auditEvents } from "@urateam/core/dist/db/schema.js";
+import { createRunsRouter } from "../routes/runs.js";
+import { installTestProLicense, restoreLicense } from "./helpers/license.js";
+let db;
+beforeEach(async () => {
+    db = await createDb({ connectionString: ":memory:" });
+    await db.insert(pipelineRuns).values({
+        id: "run_1",
+        issueId: "BEC-42",
+        issueTitle: "fix bug",
+        pipelineKey: "auto-implement",
+        repoUrl: "https://github.com/acme/api",
+        status: "failed",
+        startedAt: new Date(),
+        completedAt: new Date(),
+        errorMessage: "boom",
+    });
+});
+afterEach(async () => {
+    await restoreLicense();
+});
+function appWith(role, runner = { resume: vi.fn(), start: vi.fn() }) {
+    const app = new Hono();
+    app.use("*", async (c, next) => {
+        if (role) {
+            c.set("user", {
+                id: "u_1",
+                email: "u@b.com",
+                role,
+            });
+        }
+        await next();
+    });
+    app.route("/", createRunsRouter({ db, runner, basePath: "" }));
+    return app;
+}
+describe("POST /runs/:id/retry", () => {
+    it("unlicensed → 404 even for valid retry requests", async () => {
+        // Do NOT install enterprise license
+        const runner = { resume: vi.fn(), start: vi.fn() };
+        const app = appWith("operator", runner); // operator role set but feature off
+        const res = await app.request("/runs/run_1/retry", { method: "POST" });
+        expect(res.status).toBe(404);
+        expect(runner.resume).not.toHaveBeenCalled();
+    });
+    describe("licensed", () => {
+        beforeEach(async () => {
+            await installTestProLicense("enterprise");
+        });
+        it("viewer → 403", async () => {
+            const res = await appWith("viewer").request("/runs/run_1/retry", {
+                method: "POST",
+            });
+            expect(res.status).toBe(403);
+        });
+        it("operator → 302 redirect, runner.resume called, audit event written", async () => {
+            // Give the run a resumePayload so runner.resume is called (not start).
+            await db
+                .update(pipelineRuns)
+                .set({ resumePayload: JSON.stringify({ stageIndex: 1 }) })
+                .where(eq(pipelineRuns.id, "run_1"));
+            const runner = {
+                resume: vi.fn().mockResolvedValue(undefined),
+                start: vi.fn(),
+            };
+            const app = appWith("operator", runner);
+            const res = await app.request("/runs/run_1/retry", { method: "POST" });
+            expect(res.status).toBe(302);
+            expect(runner.resume).toHaveBeenCalledWith("run_1");
+            // Give fire-and-forget logAuditEvent a chance to flush
+            await new Promise((r) => setTimeout(r, 50));
+            const events = await db.select().from(auditEvents);
+            const retry = events.find((e) => {
+                const p = typeof e.payload === "string" ? JSON.parse(e.payload) : e.payload;
+                return (e.eventType === "dashboard.manual_action" && p.action === "retry_run");
+            });
+            expect(retry).toBeDefined();
+        });
+        it("admin → 302, runner.resume called (with resumePayload)", async () => {
+            await db
+                .update(pipelineRuns)
+                .set({ resumePayload: JSON.stringify({ stageIndex: 1 }) })
+                .where(eq(pipelineRuns.id, "run_1"));
+            const runner = {
+                resume: vi.fn().mockResolvedValue(undefined),
+                start: vi.fn(),
+            };
+            const app = appWith("admin", runner);
+            const res = await app.request("/runs/run_1/retry", { method: "POST" });
+            expect(res.status).toBe(302);
+            expect(runner.resume).toHaveBeenCalled();
+        });
+        it("operator retrying a completed run → 409", async () => {
+            await db
+                .update(pipelineRuns)
+                .set({ status: "completed" })
+                .where(eq(pipelineRuns.id, "run_1"));
+            const res = await appWith("operator").request("/runs/run_1/retry", {
+                method: "POST",
+            });
+            expect(res.status).toBe(409);
+        });
+        it("operator retrying a non-existent run → 404", async () => {
+            const res = await appWith("operator").request("/runs/nope/retry", {
+                method: "POST",
+            });
+            expect(res.status).toBe(404);
+        });
+    });
+});
+//# sourceMappingURL=retry-route.test.js.map

package/dist/__tests__/retry-route.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry-route.test.js","sourceRoot":"","sources":["../../src/__tests__/retry-route.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE7E,IAAI,EAAO,CAAC;AAEZ,UAAU,CAAC,KAAK,IAAI,EAAE;IACpB,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;IACtD,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;QACnC,EAAE,EAAE,OAAO;QACX,OAAO,EAAE,QAAQ;QACjB,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE,gBAAgB;QAC7B,OAAO,EAAE,6BAA6B;QACtC,MAAM,EAAE,QAAQ;QAChB,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,WAAW,EAAE,IAAI,IAAI,EAAE;QACvB,YAAY,EAAE,MAAM;KACrB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,KAAK,IAAI,EAAE;IACnB,MAAM,cAAc,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,SAAS,OAAO,CACd,IAAwB,EACxB,SAAc,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE;IAEjD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,IAAI,IAAI,EAAE,CAAC;YACT,CAAC,CAAC,GAAG,CAAC,MAAe,EAAE;gBACrB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,SAAS;gBAChB,IAAI;aACE,CAAC,CAAC;QACZ,CAAC;QACD,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,CAAC;AACb,CAAC;AAED,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,oCAAoC;QACpC,MAAM,MAAM,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;QACnD,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,oCAAoC;QAC7E,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,cAAc,EAAE,KAAK,IAAI,EAAE;YAC5B,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE;gBAC/D,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;YAClF,uEAAuE;YACvE,MAAM,EAAE;iBACL,MAAM,CAAC,YAAY,CAAC;iBACpB,GAAG,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;iBACzD,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG;gBACb,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;gBAC5C,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE;aACf,CAAC;YACF,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YACvE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;YACpD,uDAAuD;YACvD,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE;gBACnC,MAAM,CAAC,GACL,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBACpE,OAAO,CACL,CAAC,CAAC,SAAS,KAAK,yBAAyB,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CACtE,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;YACtE,MAAM,EAAE;iBACL,MAAM,CAAC,YAAY,CAAC;iBACpB,GAAG,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;iBACzD,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG;gBACb,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;gBAC5C,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE;aACf,CAAC;YACF,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACrC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YACvE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,EAAE;iBACL,MAAM,CAAC,YAAY,CAAC;iBACpB,GAAG,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;iBAC5B,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;YACvC,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE;gBACjE,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,kBAAkB,EAAE;gBAChE,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/sso-integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=sso-integration.test.d.ts.map

package/dist/__tests__/sso-integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-integration.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/sso-integration.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/sso-integration.test.js

@@ -0,0 +1,91 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { createDb } from "@urateam/core";
+import { installTestProLicense, restoreLicense } from "./helpers/license.js";
+import { createDashboard } from "../server.js";
+let db;
+const ssoConfig = {
+    enabled: true,
+    workosApiKey: "sk_test",
+    workosClientId: "client_test",
+    redirectUri: "https://x/auth/callback",
+    sessionDurationHours: 24,
+    cookieName: "urateam_session",
+    cookieSecure: false,
+    stateSigningSecret: "0123456789abcdef0123456789abcdef",
+};
+const stubWorkos = {
+    async getAuthorizationUrl(args) {
+        return `https://workos.example/auth?state=${args.state}&client=${args.clientId}`;
+    },
+    async authenticateWithCode(_args) {
+        return {
+            user: {
+                id: "wu_test",
+                email: "alice@acme.com",
+                firstName: "Alice",
+                lastName: "X",
+            },
+        };
+    },
+};
+beforeEach(async () => {
+    db = await createDb({ connectionString: ":memory:" });
+});
+afterEach(async () => {
+    await restoreLicense();
+});
+describe("server with SSO", () => {
+    it("redirects /runs to /auth/login when SSO is licensed and enabled with no cookie", async () => {
+        await installTestProLicense("enterprise");
+        const app = createDashboard({
+            db,
+            pipelineConfigs: {},
+            repoConfigs: {},
+            sso: ssoConfig,
+            workos: stubWorkos,
+        });
+        const res = await app.request("/runs");
+        expect(res.status).toBe(302);
+        expect(res.headers.get("location")).toContain("/auth/login");
+    });
+    it("falls back to basic auth when SSO is not licensed even if enabled", async () => {
+        await restoreLicense();
+        const app = createDashboard({
+            db,
+            pipelineConfigs: {},
+            repoConfigs: {},
+            sso: ssoConfig,
+            workos: stubWorkos,
+            auth: { username: "u", password: "p" },
+        });
+        const res = await app.request("/runs");
+        expect(res.status).toBe(401); // basic auth challenge
+    });
+    it("uses basic auth when SSO is licensed but disabled", async () => {
+        await installTestProLicense("enterprise");
+        const app = createDashboard({
+            db,
+            pipelineConfigs: {},
+            repoConfigs: {},
+            sso: { ...ssoConfig, enabled: false },
+            workos: stubWorkos,
+            auth: { username: "u", password: "p" },
+        });
+        const res = await app.request("/runs");
+        expect(res.status).toBe(401);
+    });
+    it("serves /auth/login (302 to WorkOS) without basic auth when SSO active", async () => {
+        await installTestProLicense("enterprise");
+        const app = createDashboard({
+            db,
+            pipelineConfigs: {},
+            repoConfigs: {},
+            sso: ssoConfig,
+            workos: stubWorkos,
+        });
+        const res = await app.request("/auth/login?next=/runs");
+        expect(res.status).toBe(302);
+        expect(res.headers.get("location")).toContain("workos.example");
+    });
+});
+//# sourceMappingURL=sso-integration.test.js.map

package/dist/__tests__/sso-integration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-integration.test.js","sourceRoot":"","sources":["../../src/__tests__/sso-integration.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/C,IAAI,EAAO,CAAC;AAEZ,MAAM,SAAS,GAAG;IAChB,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,SAAS;IACvB,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,yBAAyB;IACtC,oBAAoB,EAAE,EAAE;IACxB,UAAU,EAAE,iBAAiB;IAC7B,YAAY,EAAE,KAAK;IACnB,kBAAkB,EAAE,kCAAkC;CACvD,CAAC;AAEF,MAAM,UAAU,GAAiB;IAC/B,KAAK,CAAC,mBAAmB,CAAC,IAAI;QAC5B,OAAO,qCAAqC,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,QAAQ,EAAE,CAAC;IACnF,CAAC;IACD,KAAK,CAAC,oBAAoB,CAAC,KAAK;QAC9B,OAAO;YACL,IAAI,EAAE;gBACJ,EAAE,EAAE,SAAS;gBACb,KAAK,EAAE,gBAAgB;gBACvB,SAAS,EAAE,OAAO;gBAClB,QAAQ,EAAE,GAAG;aACd;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,UAAU,CAAC,KAAK,IAAI,EAAE;IACpB,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,KAAK,IAAI,EAAE;IACnB,MAAM,cAAc,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,gFAAgF,EAAE,KAAK,IAAI,EAAE;QAC9F,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,EAAE;YACnB,WAAW,EAAE,EAAE;YACf,GAAG,EAAE,SAAgB;YACrB,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,cAAc,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,EAAE;YACnB,WAAW,EAAE,EAAE;YACf,GAAG,EAAE,SAAgB;YACrB,MAAM,EAAE,UAAU;YAClB,IAAI,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;SACvC,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,uBAAuB;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,EAAE;YACnB,WAAW,EAAE,EAAE;YACf,GAAG,EAAE,EAAE,GAAG,SAAS,EAAE,OAAO,EAAE,KAAK,EAAS;YAC5C,MAAM,EAAE,UAAU;YAClB,IAAI,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;SACvC,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,eAAe,CAAC;YAC1B,EAAE;YACF,eAAe,EAAE,EAAE;YACnB,WAAW,EAAE,EAAE;YACf,GAAG,EAAE,SAAgB;YACrB,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/sso-middleware.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=sso-middleware.test.d.ts.map

package/dist/__tests__/sso-middleware.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-middleware.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/sso-middleware.test.ts"],"names":[],"mappings":""}