@wingman-ai/gateway 0.5.3 → 0.6.0

package/dist/tests/gateway-http-security.test.js

@@ -1,312 +0,0 @@
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, describe, expect, it } from "vitest";
-import { GatewayServer } from "../gateway/server.js";
-const tempWorkspaces = [];
-function createGateway(config) {
-    const workspace = mkdtempSync(join(tmpdir(), "wingman-gateway-http-security-"));
-    tempWorkspaces.push(workspace);
-    return new GatewayServer({
-        logLevel: "silent",
-        workspace,
-        configDir: ".wingman-http-security-config",
-        stateDir: ".wingman-http-security-state",
-        ...config
-    });
-}
-function getGatewayInternals(server) {
-    return server;
-}
-function createTestSocket(initialData) {
-    const messages = [];
-    const ws = {
-        data: {
-            ...initialData || {}
-        },
-        send: (serialized)=>{
-            messages.push(JSON.parse(serialized));
-            return 1;
-        },
-        close: ()=>{}
-    };
-    return {
-        ws,
-        messages
-    };
-}
-afterAll(()=>{
-    for (const workspace of tempWorkspaces)rmSync(workspace, {
-        recursive: true,
-        force: true
-    });
-});
-describe("gateway HTTP security", ()=>{
-    it("requires auth for /api routes when token auth is enabled", async ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "token",
-                token: "test-token"
-            },
-            requireAuth: true
-        });
-        const internals = getGatewayInternals(server);
-        const unauthenticated = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/providers"));
-        expect(unauthenticated.status).toBe(401);
-        const authenticated = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/providers", {
-            headers: {
-                Authorization: "Bearer test-token"
-            }
-        }));
-        expect(authenticated.status).toBe(200);
-    });
-    it("returns summarization settings from /api/config without auth", async ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "token",
-                token: "test-token"
-            },
-            requireAuth: true
-        });
-        const internals = getGatewayInternals(server);
-        const response = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/config"));
-        expect(response.status).toBe(200);
-        const payload = await response.json();
-        expect(payload.summarization).toMatchObject({
-            enabled: true,
-            maxTokensBeforeSummary: 12000,
-            messagesToKeep: 8
-        });
-    });
-    it("rejects disallowed origins and allows loopback development preflight", async ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "token",
-                token: "test-token"
-            },
-            requireAuth: true
-        });
-        const internals = getGatewayInternals(server);
-        const denied = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/providers", {
-            method: "OPTIONS",
-            headers: {
-                Origin: "https://evil.example",
-                "Access-Control-Request-Method": "GET"
-            }
-        }));
-        expect(denied.status).toBe(403);
-        const allowed = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/providers", {
-            method: "OPTIONS",
-            headers: {
-                Origin: "http://localhost:5173",
-                "Access-Control-Request-Method": "GET"
-            }
-        }));
-        expect(allowed.status).toBe(204);
-        expect(allowed.headers.get("access-control-allow-origin")).toBe("http://localhost:5173");
-    });
-    it("allows tauri loopback origin preflight for desktop clients", async ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "token",
-                token: "test-token"
-            },
-            requireAuth: true
-        });
-        const internals = getGatewayInternals(server);
-        const allowed = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/providers", {
-            method: "OPTIONS",
-            headers: {
-                Origin: "tauri://localhost",
-                "Access-Control-Request-Method": "GET"
-            }
-        }));
-        expect(allowed.status).toBe(204);
-        expect(allowed.headers.get("access-control-allow-origin")).toBe("tauri://localhost");
-    });
-    it("does not trust tailscale identity headers on non-loopback hosts", ()=>{
-        const server = createGateway({
-            host: "0.0.0.0",
-            port: 18789,
-            auth: {
-                mode: "token",
-                token: "tailscale-token",
-                allowTailscale: true
-            },
-            requireAuth: true
-        });
-        const internals = getGatewayInternals(server);
-        const bypassAttempt = internals.requireHttpAuth(new Request("http://127.0.0.1:18789/api/providers", {
-            headers: {
-                "tailscale-user-login": "attacker@example.com"
-            }
-        }));
-        expect(bypassAttempt?.status).toBe(401);
-        const authenticated = internals.requireHttpAuth(new Request("http://127.0.0.1:18789/api/providers", {
-            headers: {
-                Authorization: "Bearer tailscale-token",
-                "tailscale-user-login": "attacker@example.com"
-            }
-        }));
-        expect(authenticated).toBeNull();
-    });
-    it("enforces bridge node capacity limits", async ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "none"
-            },
-            requireAuth: false,
-            maxNodes: 1
-        });
-        const internals = getGatewayInternals(server);
-        const registerBody = JSON.stringify({
-            type: "register",
-            payload: {
-                name: "bridge-node"
-            },
-            timestamp: Date.now()
-        });
-        const first = await internals.handleBridgeSend(new Request("http://127.0.0.1:18789/bridge/send", {
-            method: "POST",
-            headers: {
-                "Content-Type": "application/json"
-            },
-            body: registerBody
-        }));
-        expect(first.status).toBe(200);
-        const second = await internals.handleBridgeSend(new Request("http://127.0.0.1:18789/bridge/send", {
-            method: "POST",
-            headers: {
-                "Content-Type": "application/json"
-            },
-            body: registerBody
-        }));
-        expect(second.status).toBe(429);
-    });
-    it("rejects malformed /api/nodes client IDs with 400", async ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "none"
-            },
-            requireAuth: false
-        });
-        const internals = getGatewayInternals(server);
-        const res = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/nodes/%E0%A4%A", {
-            method: "PUT",
-            headers: {
-                "Content-Type": "application/json"
-            },
-            body: JSON.stringify({
-                enabled: true
-            })
-        }));
-        expect(res.status).toBe(400);
-    });
-    it("requires approved client identity for node execution capabilities", ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "none"
-            },
-            requireAuth: false
-        });
-        const internals = getGatewayInternals(server);
-        const blocked = createTestSocket({
-            authenticated: true
-        });
-        internals.handleRegister(blocked.ws, {
-            type: "register",
-            payload: {
-                name: "unpaired-node",
-                capabilities: [
-                    "system.run"
-                ]
-            },
-            timestamp: Date.now()
-        });
-        expect(blocked.messages.some((message)=>"error" === message.type && message.payload?.code === "NODE_NOT_ENABLED")).toBe(true);
-    });
-    it("rejects duplicate pending node request IDs", async ()=>{
-        const server = createGateway({
-            host: "127.0.0.1",
-            port: 18789,
-            auth: {
-                mode: "none"
-            },
-            requireAuth: false
-        });
-        const internals = getGatewayInternals(server);
-        const enableTarget = await internals.handleUiRequest(new Request("http://127.0.0.1:18789/api/nodes/desktop-target", {
-            method: "PUT",
-            headers: {
-                "Content-Type": "application/json"
-            },
-            body: JSON.stringify({
-                enabled: true,
-                name: "Desktop Target"
-            })
-        }));
-        expect(enableTarget.status).toBe(200);
-        const target = createTestSocket({
-            authenticated: true,
-            clientId: "desktop-target",
-            clientType: "desktop"
-        });
-        internals.handleRegister(target.ws, {
-            type: "register",
-            payload: {
-                name: "target-node",
-                capabilities: [
-                    "system.notify"
-                ]
-            },
-            timestamp: Date.now()
-        });
-        const nodeId = target.messages.find((message)=>"ack" === message.type && "string" == typeof message.payload?.nodeId)?.payload?.nodeId;
-        expect(nodeId).toBeTruthy();
-        const requester = createTestSocket({
-            authenticated: true,
-            clientId: "desktop-requester",
-            clientType: "desktop"
-        });
-        const duplicateRequestId = "dup-node-request-id";
-        internals.handleNodeRequest(requester.ws, {
-            type: "req:node",
-            id: duplicateRequestId,
-            targetNodeId: nodeId,
-            payload: {
-                tool: "system.notify",
-                args: {
-                    title: "test"
-                }
-            },
-            timestamp: Date.now()
-        });
-        internals.handleNodeRequest(requester.ws, {
-            type: "req:node",
-            id: duplicateRequestId,
-            targetNodeId: nodeId,
-            payload: {
-                tool: "system.notify",
-                args: {
-                    title: "test"
-                }
-            },
-            timestamp: Date.now()
-        });
-        expect(requester.messages.some((message)=>"error" === message.type && message.payload?.code === "DUPLICATE_REQUEST_ID")).toBe(true);
-    });
-});

package/dist/tests/gateway-node-mode.test.cjs

@@ -1,174 +0,0 @@
-"use strict";
-var __webpack_exports__ = {};
-const external_node_fs_namespaceObject = require("node:fs");
-const external_node_os_namespaceObject = require("node:os");
-const external_node_path_namespaceObject = require("node:path");
-const external_vitest_namespaceObject = require("vitest");
-const server_cjs_namespaceObject = require("../gateway/server.cjs");
-const isBun = void 0 !== globalThis.Bun;
-const describeIfBun = isBun ? external_vitest_namespaceObject.describe : external_vitest_namespaceObject.describe.skip;
-describeIfBun("Gateway node enablement", ()=>{
-    let server;
-    let port = 0;
-    let workspace;
-    (0, external_vitest_namespaceObject.beforeAll)(async ()=>{
-        workspace = (0, external_node_fs_namespaceObject.mkdtempSync)((0, external_node_path_namespaceObject.join)((0, external_node_os_namespaceObject.tmpdir)(), "wingman-gateway-node-mode-"));
-        server = new server_cjs_namespaceObject.GatewayServer({
-            port: 0,
-            host: "localhost",
-            requireAuth: false,
-            auth: {
-                mode: "none"
-            },
-            logLevel: "silent",
-            workspace,
-            configDir: ".wingman-node-test-config",
-            stateDir: ".wingman-node-test-state"
-        });
-        await server.start();
-        port = server.getPort();
-        if (!port) throw new Error("Unable to determine gateway port");
-    });
-    (0, external_vitest_namespaceObject.afterAll)(async ()=>{
-        await server.stop();
-        (0, external_node_fs_namespaceObject.rmSync)(workspace, {
-            recursive: true,
-            force: true
-        });
-    });
-    const connectClient = (instanceId, clientType = "desktop")=>new Promise((resolve, reject)=>{
-            const ws = new WebSocket(`ws://localhost:${port}/ws`);
-            const connectId = `connect-${instanceId}-${Date.now()}`;
-            const timeout = setTimeout(()=>reject(new Error("Connect timeout")), 5000);
-            ws.addEventListener("open", ()=>{
-                ws.send(JSON.stringify({
-                    type: "connect",
-                    id: connectId,
-                    client: {
-                        instanceId,
-                        clientType,
-                        version: "test"
-                    },
-                    timestamp: Date.now()
-                }));
-            });
-            ws.addEventListener("message", (event)=>{
-                const msg = JSON.parse(event.data);
-                if ("res" === msg.type && msg.id === connectId && msg.ok) {
-                    clearTimeout(timeout);
-                    resolve(ws);
-                }
-            });
-            ws.addEventListener("error", ()=>{
-                clearTimeout(timeout);
-                reject(new Error("WebSocket error"));
-            });
-        });
-    const waitForMessage = (ws, predicate, timeoutMs = 5000)=>new Promise((resolve, reject)=>{
-            const timeout = setTimeout(()=>reject(new Error("Message timeout")), timeoutMs);
-            const handler = (event)=>{
-                const data = event.data;
-                if ("string" != typeof data) return;
-                let msg;
-                try {
-                    msg = JSON.parse(data);
-                } catch  {
-                    return;
-                }
-                if (!predicate(msg)) return;
-                clearTimeout(timeout);
-                ws.removeEventListener("message", handler);
-                resolve(msg);
-            };
-            ws.addEventListener("message", handler);
-        });
-    (0, external_vitest_namespaceObject.it)("blocks node registration before device enablement", async ()=>{
-        const ws = await connectClient("desktop-node-blocked");
-        ws.send(JSON.stringify({
-            type: "register",
-            payload: {
-                name: "Blocked Node",
-                capabilities: [
-                    "system.notify"
-                ]
-            },
-            timestamp: Date.now()
-        }));
-        const errorMessage = await waitForMessage(ws, (msg)=>"error" === msg.type && msg.payload?.code === "NODE_NOT_ENABLED");
-        (0, external_vitest_namespaceObject.expect)(errorMessage.payload?.message).toContain("not approved");
-        ws.close();
-    });
-    (0, external_vitest_namespaceObject.it)("allows enabled devices to register, execute, and revoke", async ()=>{
-        const enableResponse = await fetch(`http://localhost:${port}/api/nodes/${encodeURIComponent("desktop-node-enabled")}`, {
-            method: "PUT",
-            headers: {
-                "Content-Type": "application/json"
-            },
-            body: JSON.stringify({
-                enabled: true,
-                name: "Enabled Desktop"
-            })
-        });
-        (0, external_vitest_namespaceObject.expect)(enableResponse.ok).toBe(true);
-        const nodeWs = await connectClient("desktop-node-enabled");
-        nodeWs.send(JSON.stringify({
-            type: "register",
-            payload: {
-                name: "Enabled Desktop",
-                capabilities: [
-                    "system.notify"
-                ]
-            },
-            timestamp: Date.now()
-        }));
-        const registrationAck = await waitForMessage(nodeWs, (msg)=>"ack" === msg.type && "string" == typeof msg.payload?.nodeId);
-        const nodeId = registrationAck.payload.nodeId;
-        (0, external_vitest_namespaceObject.expect)(nodeId).toBeTruthy();
-        const requesterWs = await connectClient("desktop-requester");
-        requesterWs.send(JSON.stringify({
-            type: "req:node",
-            id: "node-req-1",
-            targetNodeId: nodeId,
-            payload: {
-                tool: "system.notify",
-                args: {
-                    title: "Hello",
-                    body: "Node test"
-                }
-            },
-            timestamp: Date.now()
-        }));
-        const forwardedToNode = await waitForMessage(nodeWs, (msg)=>"req:node" === msg.type && "node-req-1" === msg.id);
-        (0, external_vitest_namespaceObject.expect)(forwardedToNode.targetNodeId).toBe(nodeId);
-        nodeWs.send(JSON.stringify({
-            type: "res",
-            id: "node-req-1",
-            ok: true,
-            payload: {
-                delivered: true
-            },
-            timestamp: Date.now()
-        }));
-        const returnedToRequester = await waitForMessage(requesterWs, (msg)=>"res" === msg.type && "node-req-1" === msg.id);
-        (0, external_vitest_namespaceObject.expect)(returnedToRequester.ok).toBe(true);
-        (0, external_vitest_namespaceObject.expect)(returnedToRequester.nodeId).toBe(nodeId);
-        const closePromise = new Promise((resolve)=>{
-            nodeWs.addEventListener("close", ()=>{
-                resolve();
-            }, {
-                once: true
-            });
-        });
-        const revokeResponse = await fetch(`http://localhost:${port}/api/nodes/${encodeURIComponent("desktop-node-enabled")}`, {
-            method: "DELETE"
-        });
-        (0, external_vitest_namespaceObject.expect)(revokeResponse.ok).toBe(true);
-        await closePromise;
-        requesterWs.close();
-        nodeWs.close();
-    });
-});
-for(var __rspack_i in __webpack_exports__)exports[__rspack_i] = __webpack_exports__[__rspack_i];
-Object.defineProperty(exports, '__esModule', {
-    value: true
-});

package/dist/tests/gateway-node-mode.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/tests/gateway-node-mode.test.js

@@ -1,168 +0,0 @@
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeAll, describe, expect, it } from "vitest";
-import { GatewayServer } from "../gateway/server.js";
-const isBun = void 0 !== globalThis.Bun;
-const describeIfBun = isBun ? describe : describe.skip;
-describeIfBun("Gateway node enablement", ()=>{
-    let server;
-    let port = 0;
-    let workspace;
-    beforeAll(async ()=>{
-        workspace = mkdtempSync(join(tmpdir(), "wingman-gateway-node-mode-"));
-        server = new GatewayServer({
-            port: 0,
-            host: "localhost",
-            requireAuth: false,
-            auth: {
-                mode: "none"
-            },
-            logLevel: "silent",
-            workspace,
-            configDir: ".wingman-node-test-config",
-            stateDir: ".wingman-node-test-state"
-        });
-        await server.start();
-        port = server.getPort();
-        if (!port) throw new Error("Unable to determine gateway port");
-    });
-    afterAll(async ()=>{
-        await server.stop();
-        rmSync(workspace, {
-            recursive: true,
-            force: true
-        });
-    });
-    const connectClient = (instanceId, clientType = "desktop")=>new Promise((resolve, reject)=>{
-            const ws = new WebSocket(`ws://localhost:${port}/ws`);
-            const connectId = `connect-${instanceId}-${Date.now()}`;
-            const timeout = setTimeout(()=>reject(new Error("Connect timeout")), 5000);
-            ws.addEventListener("open", ()=>{
-                ws.send(JSON.stringify({
-                    type: "connect",
-                    id: connectId,
-                    client: {
-                        instanceId,
-                        clientType,
-                        version: "test"
-                    },
-                    timestamp: Date.now()
-                }));
-            });
-            ws.addEventListener("message", (event)=>{
-                const msg = JSON.parse(event.data);
-                if ("res" === msg.type && msg.id === connectId && msg.ok) {
-                    clearTimeout(timeout);
-                    resolve(ws);
-                }
-            });
-            ws.addEventListener("error", ()=>{
-                clearTimeout(timeout);
-                reject(new Error("WebSocket error"));
-            });
-        });
-    const waitForMessage = (ws, predicate, timeoutMs = 5000)=>new Promise((resolve, reject)=>{
-            const timeout = setTimeout(()=>reject(new Error("Message timeout")), timeoutMs);
-            const handler = (event)=>{
-                const data = event.data;
-                if ("string" != typeof data) return;
-                let msg;
-                try {
-                    msg = JSON.parse(data);
-                } catch  {
-                    return;
-                }
-                if (!predicate(msg)) return;
-                clearTimeout(timeout);
-                ws.removeEventListener("message", handler);
-                resolve(msg);
-            };
-            ws.addEventListener("message", handler);
-        });
-    it("blocks node registration before device enablement", async ()=>{
-        const ws = await connectClient("desktop-node-blocked");
-        ws.send(JSON.stringify({
-            type: "register",
-            payload: {
-                name: "Blocked Node",
-                capabilities: [
-                    "system.notify"
-                ]
-            },
-            timestamp: Date.now()
-        }));
-        const errorMessage = await waitForMessage(ws, (msg)=>"error" === msg.type && msg.payload?.code === "NODE_NOT_ENABLED");
-        expect(errorMessage.payload?.message).toContain("not approved");
-        ws.close();
-    });
-    it("allows enabled devices to register, execute, and revoke", async ()=>{
-        const enableResponse = await fetch(`http://localhost:${port}/api/nodes/${encodeURIComponent("desktop-node-enabled")}`, {
-            method: "PUT",
-            headers: {
-                "Content-Type": "application/json"
-            },
-            body: JSON.stringify({
-                enabled: true,
-                name: "Enabled Desktop"
-            })
-        });
-        expect(enableResponse.ok).toBe(true);
-        const nodeWs = await connectClient("desktop-node-enabled");
-        nodeWs.send(JSON.stringify({
-            type: "register",
-            payload: {
-                name: "Enabled Desktop",
-                capabilities: [
-                    "system.notify"
-                ]
-            },
-            timestamp: Date.now()
-        }));
-        const registrationAck = await waitForMessage(nodeWs, (msg)=>"ack" === msg.type && "string" == typeof msg.payload?.nodeId);
-        const nodeId = registrationAck.payload.nodeId;
-        expect(nodeId).toBeTruthy();
-        const requesterWs = await connectClient("desktop-requester");
-        requesterWs.send(JSON.stringify({
-            type: "req:node",
-            id: "node-req-1",
-            targetNodeId: nodeId,
-            payload: {
-                tool: "system.notify",
-                args: {
-                    title: "Hello",
-                    body: "Node test"
-                }
-            },
-            timestamp: Date.now()
-        }));
-        const forwardedToNode = await waitForMessage(nodeWs, (msg)=>"req:node" === msg.type && "node-req-1" === msg.id);
-        expect(forwardedToNode.targetNodeId).toBe(nodeId);
-        nodeWs.send(JSON.stringify({
-            type: "res",
-            id: "node-req-1",
-            ok: true,
-            payload: {
-                delivered: true
-            },
-            timestamp: Date.now()
-        }));
-        const returnedToRequester = await waitForMessage(requesterWs, (msg)=>"res" === msg.type && "node-req-1" === msg.id);
-        expect(returnedToRequester.ok).toBe(true);
-        expect(returnedToRequester.nodeId).toBe(nodeId);
-        const closePromise = new Promise((resolve)=>{
-            nodeWs.addEventListener("close", ()=>{
-                resolve();
-            }, {
-                once: true
-            });
-        });
-        const revokeResponse = await fetch(`http://localhost:${port}/api/nodes/${encodeURIComponent("desktop-node-enabled")}`, {
-            method: "DELETE"
-        });
-        expect(revokeResponse.ok).toBe(true);
-        await closePromise;
-        requesterWs.close();
-        nodeWs.close();
-    });
-});