@vellumai/assistant 0.4.13 → 0.4.15

package/src/runtime/auth/__tests__/guard-tests.test.ts

@@ -0,0 +1,289 @@
+/**
+ * Guard tests for the single-header JWT auth system.
+ *
+ * These tests enforce architectural invariants that protect the auth
+ * system from regressions:
+ *
+ * 1. Route policy coverage — every dispatched endpoint has a policy.
+ * 2. No X-Actor-Token references in production code.
+ * 3. No ~/.vellum/http-token file-path references in production code
+ *    (the file itself is still used; the guard prevents new code from
+ *    reading it directly instead of using the platform utility).
+ * 4. Scope profile contract — every profile resolves to the expected scopes.
+ */
+
+import { execSync } from 'node:child_process';
+import { readFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+
+import { describe, expect, test } from 'bun:test';
+
+import { resolveScopeProfile } from '../scopes.js';
+import type { Scope, ScopeProfile } from '../types.js';
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/** Project root (one level above assistant/). */
+const PROJECT_ROOT = resolve(import.meta.dir, '../../../../..');
+
+function isTestFile(filePath: string): boolean {
+  return (
+    filePath.includes('/__tests__/') ||
+    filePath.endsWith('.test.ts') ||
+    filePath.endsWith('.test.js') ||
+    filePath.endsWith('.spec.ts') ||
+    filePath.endsWith('.spec.js')
+  );
+}
+
+function isDocFile(filePath: string): boolean {
+  return filePath.endsWith('.md');
+}
+
+// ---------------------------------------------------------------------------
+// 1. Route policy coverage
+// ---------------------------------------------------------------------------
+
+describe('route policy coverage', () => {
+  test('every endpoint dispatched in http-server.ts has a policy entry in route-policy.ts', () => {
+    // Read both files as source text.
+    const httpServerPath = resolve(import.meta.dir, '../../http-server.ts');
+    const routePolicyPath = resolve(import.meta.dir, '../route-policy.ts');
+
+    const httpServerSrc = readFileSync(httpServerPath, 'utf-8');
+    const routePolicySrc = readFileSync(routePolicyPath, 'utf-8');
+
+    // Extract endpoint strings from dispatchEndpoint. We look for patterns
+    // like `endpoint === 'foo'` which is the dispatch pattern.
+    const endpointMatches = httpServerSrc.matchAll(
+      /endpoint\s*===\s*'([^']+)'/g,
+    );
+    const dispatchedEndpoints = new Set<string>();
+    for (const m of endpointMatches) {
+      dispatchedEndpoints.add(m[1]);
+    }
+
+    // These endpoints are handled in dispatchEndpoint but intentionally
+    // don't need a route policy (they are unprotected utility endpoints).
+    const UNPROTECTED_ENDPOINTS = new Set([
+      'health',
+    ]);
+
+    // Extract registered policy endpoint strings from route-policy.ts.
+    // Match: `{ endpoint: 'foo' }` entries, `registerPolicy('foo', ...)`
+    // calls, and bare string literals in arrays like INTERNAL_ENDPOINTS.
+    const policyEndpointMatches = routePolicySrc.matchAll(
+      /endpoint:\s*'([^']+)'|registerPolicy\(\s*'([^']+)'/g,
+    );
+    const registeredPolicies = new Set<string>();
+    for (const m of policyEndpointMatches) {
+      registeredPolicies.add(m[1] ?? m[2]);
+    }
+
+    // Also extract string literals from the INTERNAL_ENDPOINTS array,
+    // which uses a loop to register policies dynamically.
+    const internalArrayMatch = routePolicySrc.match(
+      /INTERNAL_ENDPOINTS\s*=\s*\[([\s\S]*?)\]/,
+    );
+    if (internalArrayMatch) {
+      const arrayLiterals = internalArrayMatch[1].matchAll(/'([^']+)'/g);
+      for (const m of arrayLiterals) {
+        registeredPolicies.add(m[1]);
+      }
+    }
+
+    // For method-specific dispatches like `endpoint === 'messages' && req.method === 'POST'`,
+    // the policy key might be `messages:POST` or just `messages`. We need to
+    // check that either the plain endpoint key or a method-qualified key exists.
+    const missingPolicies: string[] = [];
+    for (const endpoint of dispatchedEndpoints) {
+      if (UNPROTECTED_ENDPOINTS.has(endpoint)) continue;
+
+      // Check if the plain endpoint or any method-qualified variant is registered
+      const hasPlainPolicy = registeredPolicies.has(endpoint);
+      const hasMethodPolicy = [...registeredPolicies].some(
+        (p) => p.startsWith(endpoint + ':'),
+      );
+
+      if (!hasPlainPolicy && !hasMethodPolicy) {
+        missingPolicies.push(endpoint);
+      }
+    }
+
+    if (missingPolicies.length > 0) {
+      const message = [
+        'Endpoints dispatched in http-server.ts have no route policy in route-policy.ts:',
+        '',
+        ...missingPolicies.map((e) => `  - ${e}`),
+        '',
+        'Every protected endpoint must have a policy entry.',
+        'Add a registerPolicy() call or ACTOR_ENDPOINTS entry in route-policy.ts.',
+        'If truly unprotected, add to UNPROTECTED_ENDPOINTS in this guard test.',
+      ].join('\n');
+      expect(missingPolicies, message).toEqual([]);
+    }
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 2. No X-Actor-Token references in production code
+// ---------------------------------------------------------------------------
+
+describe('no X-Actor-Token in production code', () => {
+  test('production files do not reference X-Actor-Token', () => {
+    let grepOutput = '';
+    try {
+      grepOutput = execSync(
+        `git grep -liE "X-Actor-Token" -- '*.ts' '*.tsx' '*.js' '*.swift'`,
+        { encoding: 'utf-8', cwd: PROJECT_ROOT },
+      ).trim();
+    } catch (err) {
+      // Exit code 1 means no matches — that's the happy path.
+      if ((err as { status?: number }).status === 1) return;
+      throw err;
+    }
+
+    const files = grepOutput.split('\n').filter((f) => f.length > 0);
+
+    // Files that are allowed to mention X-Actor-Token (comments explaining
+    // the migration, or this guard test itself).
+    const ALLOWLIST = new Set([
+      // This guard test references it by definition
+      'assistant/src/runtime/auth/__tests__/guard-tests.test.ts',
+    ]);
+
+    const violations = files.filter((f) => {
+      if (isTestFile(f)) return false;
+      if (isDocFile(f)) return false;
+      if (ALLOWLIST.has(f)) return false;
+      return true;
+    });
+
+    if (violations.length > 0) {
+      const message = [
+        'Production files still reference X-Actor-Token.',
+        'The old two-header auth model has been replaced by single JWT auth.',
+        '',
+        'Violations:',
+        ...violations.map((f) => `  - ${f}`),
+        '',
+        'Remove or update these references.',
+        'If a comment explains the migration, that is fine — add the file to the ALLOWLIST.',
+      ].join('\n');
+      expect(violations, message).toEqual([]);
+    }
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 3. No legacy GATEWAY_ORIGIN_HEADER / verifyGatewayOrigin in production code
+// ---------------------------------------------------------------------------
+
+describe('no legacy gateway-origin proof in production code', () => {
+  test('production files do not import or use GATEWAY_ORIGIN_HEADER or verifyGatewayOrigin', () => {
+    let grepOutput = '';
+    try {
+      grepOutput = execSync(
+        `git grep -lE "GATEWAY_ORIGIN_HEADER|verifyGatewayOrigin" -- '*.ts' '*.tsx'`,
+        { encoding: 'utf-8', cwd: PROJECT_ROOT },
+      ).trim();
+    } catch (err) {
+      if ((err as { status?: number }).status === 1) return;
+      throw err;
+    }
+
+    const files = grepOutput.split('\n').filter((f) => f.length > 0);
+
+    const ALLOWLIST = new Set([
+      'assistant/src/runtime/auth/__tests__/guard-tests.test.ts',
+    ]);
+
+    const violations = files.filter((f) => {
+      if (isTestFile(f)) return false;
+      if (isDocFile(f)) return false;
+      if (ALLOWLIST.has(f)) return false;
+      return true;
+    });
+
+    if (violations.length > 0) {
+      const message = [
+        'Production files still reference GATEWAY_ORIGIN_HEADER or verifyGatewayOrigin.',
+        'Gateway origin is now proven by JWT principal type (svc_gateway), not a separate header.',
+        '',
+        'Violations:',
+        ...violations.map((f) => `  - ${f}`),
+        '',
+        'Remove or update these references.',
+      ].join('\n');
+      expect(violations, message).toEqual([]);
+    }
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 4. Scope profile contract
+// ---------------------------------------------------------------------------
+
+describe('scope profile contract', () => {
+  const EXPECTED_PROFILES: Record<ScopeProfile, Scope[]> = {
+    actor_client_v1: [
+      'chat.read',
+      'chat.write',
+      'approval.read',
+      'approval.write',
+      'settings.read',
+      'settings.write',
+      'attachments.read',
+      'attachments.write',
+      'calls.read',
+      'calls.write',
+      'feature_flags.read',
+      'feature_flags.write',
+    ],
+    gateway_ingress_v1: [
+      'ingress.write',
+      'internal.write',
+    ],
+    gateway_service_v1: [
+      'chat.write',
+      'settings.read',
+      'settings.write',
+      'attachments.read',
+      'attachments.write',
+      'internal.write',
+    ],
+    ipc_v1: [
+      'ipc.all',
+    ],
+  };
+
+  for (const [profile, expectedScopes] of Object.entries(EXPECTED_PROFILES)) {
+    test(`${profile} resolves to exactly the expected scopes`, () => {
+      const resolved = resolveScopeProfile(profile as ScopeProfile);
+      const resolvedArray = [...resolved].sort();
+      const expectedSorted = [...expectedScopes].sort();
+
+      expect(resolvedArray).toEqual(expectedSorted);
+      expect(resolved.size).toBe(expectedScopes.length);
+    });
+  }
+
+  test('all ScopeProfile values are covered by the contract test', () => {
+    // The type system ensures EXPECTED_PROFILES covers all ScopeProfile
+    // values via the Record<ScopeProfile, ...> type. This test verifies
+    // that resolveScopeProfile returns a non-empty set for each.
+    const profiles: ScopeProfile[] = [
+      'actor_client_v1',
+      'gateway_ingress_v1',
+      'gateway_service_v1',
+      'ipc_v1',
+    ];
+
+    for (const profile of profiles) {
+      const scopes = resolveScopeProfile(profile);
+      expect(scopes.size).toBeGreaterThan(0);
+    }
+  });
+});

package/src/runtime/auth/__tests__/ipc-auth-context.test.ts

@@ -0,0 +1,71 @@
+import { describe, expect, test } from 'bun:test';
+
+import { buildIpcAuthContext } from '../../../daemon/ipc-handler.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../../assistant-scope.js';
+import { CURRENT_POLICY_EPOCH } from '../policy.js';
+import { resolveScopeProfile } from '../scopes.js';
+
+describe('buildIpcAuthContext', () => {
+  test('produces correct subject pattern', () => {
+    const ctx = buildIpcAuthContext('session-abc');
+    expect(ctx.subject).toBe('ipc:self:session-abc');
+  });
+
+  test('sets principalType to ipc', () => {
+    const ctx = buildIpcAuthContext('session-abc');
+    expect(ctx.principalType).toBe('ipc');
+  });
+
+  test('uses DAEMON_INTERNAL_ASSISTANT_ID for assistantId', () => {
+    const ctx = buildIpcAuthContext('session-abc');
+    expect(ctx.assistantId).toBe(DAEMON_INTERNAL_ASSISTANT_ID);
+    expect(ctx.assistantId).toBe('self');
+  });
+
+  test('includes sessionId from argument', () => {
+    const ctx = buildIpcAuthContext('my-session-123');
+    expect(ctx.sessionId).toBe('my-session-123');
+  });
+
+  test('uses ipc_v1 scope profile', () => {
+    const ctx = buildIpcAuthContext('session-abc');
+    expect(ctx.scopeProfile).toBe('ipc_v1');
+  });
+
+  test('resolves scopes from ipc_v1 profile', () => {
+    const ctx = buildIpcAuthContext('session-abc');
+    const expectedScopes = resolveScopeProfile('ipc_v1');
+    expect(ctx.scopes).toBe(expectedScopes);
+    expect(ctx.scopes.has('ipc.all')).toBe(true);
+  });
+
+  test('uses current policy epoch', () => {
+    const ctx = buildIpcAuthContext('session-abc');
+    expect(ctx.policyEpoch).toBe(CURRENT_POLICY_EPOCH);
+  });
+
+  test('does not set actorPrincipalId', () => {
+    const ctx = buildIpcAuthContext('session-abc');
+    expect(ctx.actorPrincipalId).toBeUndefined();
+  });
+
+  test('matches AuthContext shape from HTTP JWT-derived contexts', () => {
+    const ctx = buildIpcAuthContext('session-xyz');
+
+    // Verify all required AuthContext fields are present
+    expect(typeof ctx.subject).toBe('string');
+    expect(typeof ctx.principalType).toBe('string');
+    expect(typeof ctx.assistantId).toBe('string');
+    expect(typeof ctx.scopeProfile).toBe('string');
+    expect(typeof ctx.policyEpoch).toBe('number');
+    expect(ctx.scopes).toBeDefined();
+    expect(typeof ctx.scopes.has).toBe('function');
+  });
+
+  test('different session IDs produce different subjects', () => {
+    const ctx1 = buildIpcAuthContext('session-1');
+    const ctx2 = buildIpcAuthContext('session-2');
+    expect(ctx1.subject).not.toBe(ctx2.subject);
+    expect(ctx1.sessionId).not.toBe(ctx2.sessionId);
+  });
+});

package/src/runtime/auth/__tests__/middleware.test.ts

@@ -0,0 +1,239 @@
+/**
+ * Tests for the JWT bearer auth middleware (authenticateRequest).
+ *
+ * Covers:
+ * - Missing Authorization header returns 401
+ * - Invalid/expired JWT returns 401
+ * - Stale policy epoch returns 401 with refresh_required code
+ * - Valid JWT returns AuthContext
+ * - Dev bypass returns synthetic AuthContext
+ */
+
+import { mkdtempSync, realpathSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+
+const testDir = realpathSync(mkdtempSync(join(tmpdir(), 'auth-middleware-test-')));
+
+mock.module('../../../util/logger.js', () => ({
+  getLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+}));
+
+// Track auth bypass state for tests
+let authDisabled = false;
+mock.module('../../../config/env.js', () => ({
+  isHttpAuthDisabled: () => authDisabled,
+  hasUngatedHttpAuthDisabled: () => false,
+  getGatewayInternalBaseUrl: () => 'http://localhost:7822',
+}));
+
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../../assistant-scope.js';
+import { authenticateRequest } from '../middleware.js';
+import { initAuthSigningKey, mintToken } from '../token-service.js';
+import type { ScopeProfile,TokenAudience } from '../types.js';
+
+const TEST_KEY = Buffer.from('test-signing-key-32-bytes-long!!');
+
+function mintValidToken(overrides?: {
+  aud?: TokenAudience;
+  sub?: string;
+  scope_profile?: ScopeProfile;
+  policy_epoch?: number;
+  exp?: number;
+  ttlSeconds?: number;
+}): string {
+  // When exp is provided explicitly, compute ttlSeconds from it.
+  // Otherwise use a default 300-second TTL.
+  let ttl = overrides?.ttlSeconds ?? 300;
+  if (overrides?.exp !== undefined) {
+    const now = Math.floor(Date.now() / 1000);
+    ttl = overrides.exp - now;
+  }
+  return mintToken({
+    aud: overrides?.aud ?? 'vellum-daemon',
+    sub: overrides?.sub ?? 'actor:self:principal-test',
+    scope_profile: overrides?.scope_profile ?? 'actor_client_v1',
+    policy_epoch: overrides?.policy_epoch ?? 1,
+    ttlSeconds: ttl,
+  });
+}
+
+beforeEach(() => {
+  initAuthSigningKey(TEST_KEY);
+  authDisabled = false;
+});
+
+afterAll(() => {
+  try { rmSync(testDir, { recursive: true, force: true }); } catch {}
+});
+
+describe('authenticateRequest', () => {
+  test('returns 401 when Authorization header is missing', () => {
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+
+  test('returns 401 when Authorization header has wrong scheme', () => {
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { Authorization: 'Basic dXNlcjpwYXNz' },
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+
+  test('returns 401 when JWT is invalid', () => {
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { Authorization: 'Bearer invalid.token.here' },
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+
+  test('returns 401 when JWT has expired', () => {
+    const now = Math.floor(Date.now() / 1000);
+    const token = mintValidToken({ exp: now - 100 });
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+
+  test('returns AuthContext for valid JWT', () => {
+    const token = mintValidToken();
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.subject).toBe('actor:self:principal-test');
+      expect(result.context.principalType).toBe('actor');
+      expect(result.context.assistantId).toBe(DAEMON_INTERNAL_ASSISTANT_ID);
+      expect(result.context.actorPrincipalId).toBe('principal-test');
+      expect(result.context.scopeProfile).toBe('actor_client_v1');
+      expect(result.context.scopes.has('chat.read')).toBe(true);
+      expect(result.context.scopes.has('chat.write')).toBe(true);
+    }
+  });
+
+  test('returns AuthContext for svc_gateway JWT', () => {
+    const token = mintValidToken({
+      sub: 'svc:gateway:self',
+      scope_profile: 'gateway_ingress_v1',
+    });
+
+    const req = new Request('http://localhost/v1/channels/inbound', {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.principalType).toBe('svc_gateway');
+      expect(result.context.scopes.has('ingress.write')).toBe(true);
+    }
+  });
+
+  test('dev bypass returns synthetic AuthContext without Authorization header', () => {
+    authDisabled = true;
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.principalType).toBe('actor');
+      expect(result.context.actorPrincipalId).toBe('dev-bypass');
+      expect(result.context.scopeProfile).toBe('actor_client_v1');
+      expect(result.context.scopes.has('chat.read')).toBe(true);
+    }
+  });
+
+  test('returns 401 with refresh_required when policy epoch is stale', async () => {
+    // Mint a token with a very old policy epoch. The token service checks
+    // isStaleEpoch which compares against CURRENT_POLICY_EPOCH.
+    const token = mintValidToken({ policy_epoch: 0 });
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    });
+
+    const result = authenticateRequest(req);
+    // This test depends on whether CURRENT_POLICY_EPOCH > 0.
+    // If CURRENT_POLICY_EPOCH is 1 and the token has epoch 0, it should be stale.
+    // If CURRENT_POLICY_EPOCH is 0, then epoch 0 is not stale and the token is valid.
+    // We test the behavior regardless -- either it's valid or it reports stale_epoch.
+    if (!result.ok) {
+      const body = await result.response.json() as { error: { code: string } };
+      expect(body.error.code).toBe('refresh_required');
+      expect(result.response.status).toBe(401);
+    }
+    // If the current epoch is 0, the token is valid, which is also correct behavior
+  });
+
+  test('rejects token with wrong audience', () => {
+    // Mint a token with audience vellum-gateway instead of vellum-daemon
+    const token = mintValidToken({ aud: 'vellum-gateway' });
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+
+  test('rejects token with unparseable sub', () => {
+    const token = mintValidToken({ sub: 'garbage' });
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    });
+
+    const result = authenticateRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+});

package/src/runtime/auth/__tests__/policy.test.ts

@@ -0,0 +1,29 @@
+import { describe, expect, test } from 'bun:test';
+
+import { CURRENT_POLICY_EPOCH, isStaleEpoch } from '../policy.js';
+
+describe('policy epoch', () => {
+  test('CURRENT_POLICY_EPOCH is 1', () => {
+    expect(CURRENT_POLICY_EPOCH).toBe(1);
+  });
+
+  test('epoch equal to current is not stale', () => {
+    expect(isStaleEpoch(CURRENT_POLICY_EPOCH)).toBe(false);
+  });
+
+  test('epoch greater than current is not stale', () => {
+    expect(isStaleEpoch(CURRENT_POLICY_EPOCH + 1)).toBe(false);
+  });
+
+  test('epoch less than current is stale', () => {
+    expect(isStaleEpoch(CURRENT_POLICY_EPOCH - 1)).toBe(true);
+  });
+
+  test('epoch 0 is stale', () => {
+    expect(isStaleEpoch(0)).toBe(true);
+  });
+
+  test('negative epoch is stale', () => {
+    expect(isStaleEpoch(-1)).toBe(true);
+  });
+});