@wopr-network/platform-core 1.68.0 → 1.69.0

package/dist/server/__tests__/mount-routes.test.js

@@ -0,0 +1,151 @@
+import { Hono } from "hono";
+import { describe, expect, it } from "vitest";
+import { mountRoutes } from "../mount-routes.js";
+import { createTestContainer } from "../test-container.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function defaultMountConfig() {
+    return {
+        provisionSecret: "test-secret",
+        cryptoServiceKey: "test-crypto-key",
+        platformDomain: "example.com",
+    };
+}
+function makeApp(container) {
+    const app = new Hono();
+    mountRoutes(app, container, defaultMountConfig());
+    return app;
+}
+async function req(app, method, path, opts) {
+    const request = new Request(`http://localhost${path}`, { method, ...opts });
+    return app.request(request);
+}
+// ---------------------------------------------------------------------------
+// Minimal stubs for feature sub-containers
+// ---------------------------------------------------------------------------
+function stubCrypto() {
+    return {
+        chargeRepo: {},
+        webhookSeenRepo: {},
+    };
+}
+function stubStripe() {
+    return {
+        stripe: {},
+        webhookSecret: "whsec_test",
+        customerRepo: {},
+        processor: {
+            handleWebhook: async () => ({ ok: true }),
+        },
+    };
+}
+function stubFleet() {
+    return {
+        manager: {},
+        docker: {},
+        proxy: {
+            start: async () => { },
+            addRoute: async () => { },
+            removeRoute: () => { },
+            getRoutes: () => [],
+        },
+        profileStore: { list: async () => [] },
+        serviceKeyRepo: {},
+    };
+}
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe("mountRoutes", () => {
+    // 1. Health endpoint always available
+    it("mounts /health endpoint", async () => {
+        const app = makeApp(createTestContainer());
+        const res = await req(app, "GET", "/health");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body).toEqual({ ok: true });
+    });
+    // 2. Crypto webhook mounted when crypto enabled
+    it("mounts crypto webhook when crypto enabled", async () => {
+        const container = createTestContainer({ crypto: stubCrypto() });
+        const app = makeApp(container);
+        const res = await req(app, "POST", "/api/webhooks/crypto", {
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        // Should return 401 (no auth), NOT 404 (not found)
+        expect(res.status).toBe(401);
+    });
+    // 3. Crypto webhook NOT mounted when crypto disabled
+    it("does not mount crypto webhook when crypto disabled", async () => {
+        const container = createTestContainer({ crypto: null });
+        const app = makeApp(container);
+        const res = await req(app, "POST", "/api/webhooks/crypto", {
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        expect(res.status).toBe(404);
+    });
+    // 4. Stripe webhook mounted when stripe enabled
+    it("mounts stripe webhook when stripe enabled", async () => {
+        const container = createTestContainer({ stripe: stubStripe() });
+        const app = makeApp(container);
+        const res = await req(app, "POST", "/api/webhooks/stripe", {
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        // Should return 400 (missing stripe-signature), NOT 404
+        expect(res.status).toBe(400);
+    });
+    // 5. Stripe webhook NOT mounted when stripe disabled
+    it("does not mount stripe webhook when stripe disabled", async () => {
+        const container = createTestContainer({ stripe: null });
+        const app = makeApp(container);
+        const res = await req(app, "POST", "/api/webhooks/stripe", {
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        expect(res.status).toBe(404);
+    });
+    // 6. Provision webhook mounted when fleet enabled
+    it("mounts provision webhook when fleet enabled", async () => {
+        const container = createTestContainer({ fleet: stubFleet() });
+        const app = makeApp(container);
+        const res = await req(app, "POST", "/api/provision/create", {
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        // Should return 401 (no auth), NOT 404
+        expect(res.status).toBe(401);
+    });
+    // 7. Provision webhook NOT mounted when fleet disabled
+    it("does not mount provision webhook when fleet disabled", async () => {
+        const container = createTestContainer({ fleet: null });
+        const app = makeApp(container);
+        const res = await req(app, "POST", "/api/provision/create", {
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        expect(res.status).toBe(404);
+    });
+    // 8. Product-specific route plugins
+    it("mounts product-specific route plugins", async () => {
+        const container = createTestContainer();
+        const app = new Hono();
+        mountRoutes(app, container, defaultMountConfig(), [
+            {
+                path: "/api/custom",
+                handler: () => {
+                    const sub = new Hono();
+                    sub.get("/ping", (c) => c.json({ pong: true }));
+                    return sub;
+                },
+            },
+        ]);
+        const res = await req(app, "GET", "/api/custom/ping");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body).toEqual({ pong: true });
+    });
+});

package/dist/server/boot-config.d.ts

@@ -0,0 +1,51 @@
+/**
+ * BootConfig — declarative configuration for platformBoot().
+ *
+ * Products pass a BootConfig describing which features to enable and
+ * receive back a fully-wired Hono app + PlatformContainer.
+ */
+import type { Hono } from "hono";
+import type { PlatformContainer } from "./container.js";
+export interface FeatureFlags {
+    fleet: boolean;
+    crypto: boolean;
+    stripe: boolean;
+    gateway: boolean;
+    hotPool: boolean;
+}
+export interface RoutePlugin {
+    path: string;
+    handler: (container: PlatformContainer) => Hono;
+}
+export interface BootConfig {
+    /** Short product identifier (e.g. "paperclip", "wopr", "holyship"). */
+    slug: string;
+    /** PostgreSQL connection string. */
+    databaseUrl: string;
+    /** Bind host (default "0.0.0.0"). */
+    host?: string;
+    /** Bind port (default 3001). */
+    port?: number;
+    /** Which optional feature slices to wire up. */
+    features: FeatureFlags;
+    /** Additional Hono sub-apps mounted after core routes. */
+    routes?: RoutePlugin[];
+    /** Required when features.stripe is true. */
+    stripeSecretKey?: string;
+    /** Required when features.stripe is true. */
+    stripeWebhookSecret?: string;
+    /** Service key for the crypto chain server webhook endpoint. */
+    cryptoServiceKey?: string;
+    /** Shared secret used to authenticate provision requests. */
+    provisionSecret: string;
+}
+export interface BootResult {
+    /** The fully-wired Hono application. */
+    app: Hono;
+    /** The assembled DI container — useful for tests and ad-hoc access. */
+    container: PlatformContainer;
+    /** Start listening. Uses BootConfig.port unless overridden. */
+    start: (port?: number) => Promise<void>;
+    /** Graceful shutdown: drain connections, close pool. */
+    stop: () => Promise<void>;
+}

package/dist/server/boot-config.js

@@ -0,0 +1,7 @@
+/**
+ * BootConfig — declarative configuration for platformBoot().
+ *
+ * Products pass a BootConfig describing which features to enable and
+ * receive back a fully-wired Hono app + PlatformContainer.
+ */
+export {};

package/dist/server/container.d.ts

@@ -0,0 +1,81 @@
+/**
+ * PlatformContainer — the central DI container for platform-core.
+ *
+ * Products compose a container at boot time, enabling only the feature
+ * slices they need. Nullable sub-containers (fleet, crypto, stripe,
+ * gateway, hotPool) let each product opt in without pulling unused deps.
+ */
+import type Docker from "dockerode";
+import type { Pool } from "pg";
+import type Stripe from "stripe";
+import type { IUserRoleRepository } from "../auth/user-role-repository.js";
+import type { ICryptoChargeRepository } from "../billing/crypto/charge-store.js";
+import type { IWebhookSeenRepository } from "../billing/webhook-seen-repository.js";
+import type { ILedger } from "../credits/ledger.js";
+import type { ITenantCustomerRepository } from "../credits/tenant-customer-repository.js";
+import type { DrizzleDb } from "../db/index.js";
+import type { FleetManager } from "../fleet/fleet-manager.js";
+import type { IProfileStore } from "../fleet/profile-store.js";
+import type { IServiceKeyRepository } from "../gateway/service-key-repository.js";
+import type { ProductConfig } from "../product-config/repository-types.js";
+import type { ProxyManagerInterface } from "../proxy/types.js";
+import type { IOrgMemberRepository } from "../tenancy/org-member-repository.js";
+import type { OrgService } from "../tenancy/org-service.js";
+import type { BootConfig } from "./boot-config.js";
+export interface FleetServices {
+    manager: FleetManager;
+    docker: Docker;
+    proxy: ProxyManagerInterface;
+    profileStore: IProfileStore;
+    serviceKeyRepo: IServiceKeyRepository;
+}
+export interface CryptoServices {
+    chargeRepo: ICryptoChargeRepository;
+    webhookSeenRepo: IWebhookSeenRepository;
+}
+export interface StripeServices {
+    stripe: Stripe;
+    webhookSecret: string;
+    customerRepo: ITenantCustomerRepository;
+    processor: {
+        handleWebhook(payload: Buffer, signature: string): Promise<unknown>;
+    };
+}
+export interface GatewayServices {
+    serviceKeyRepo: IServiceKeyRepository;
+}
+export interface HotPoolServices {
+    /** Will be typed properly when extracted from nemoclaw. */
+    poolManager: unknown;
+}
+export interface PlatformContainer {
+    db: DrizzleDb;
+    pool: Pool;
+    productConfig: ProductConfig;
+    creditLedger: ILedger;
+    orgMemberRepo: IOrgMemberRepository;
+    orgService: OrgService;
+    userRoleRepo: IUserRoleRepository;
+    /** Null when the product does not use fleet management. */
+    fleet: FleetServices | null;
+    /** Null when the product does not accept crypto payments. */
+    crypto: CryptoServices | null;
+    /** Null when the product does not use Stripe billing. */
+    stripe: StripeServices | null;
+    /** Null when the product does not expose a metered inference gateway. */
+    gateway: GatewayServices | null;
+    /** Null when the product does not use a hot-pool of pre-provisioned instances. */
+    hotPool: HotPoolServices | null;
+}
+/**
+ * Build a fully-wired PlatformContainer from a declarative BootConfig.
+ *
+ * Construction order mirrors the proven boot sequence from product index.ts
+ * files: DB pool -> Drizzle -> migrations -> productConfig -> credit ledger
+ * -> org repos -> org service -> user role repo -> feature services.
+ *
+ * Feature sub-containers (fleet, crypto, stripe, gateway) are only
+ * constructed when their corresponding feature flag is enabled in
+ * `bootConfig.features`. Disabled features yield `null`.
+ */
+export declare function buildContainer(bootConfig: BootConfig): Promise<PlatformContainer>;

package/dist/server/container.js

@@ -0,0 +1,134 @@
+/**
+ * PlatformContainer — the central DI container for platform-core.
+ *
+ * Products compose a container at boot time, enabling only the feature
+ * slices they need. Nullable sub-containers (fleet, crypto, stripe,
+ * gateway, hotPool) let each product opt in without pulling unused deps.
+ */
+// ---------------------------------------------------------------------------
+// buildContainer — construct a PlatformContainer from a BootConfig
+// ---------------------------------------------------------------------------
+/**
+ * Build a fully-wired PlatformContainer from a declarative BootConfig.
+ *
+ * Construction order mirrors the proven boot sequence from product index.ts
+ * files: DB pool -> Drizzle -> migrations -> productConfig -> credit ledger
+ * -> org repos -> org service -> user role repo -> feature services.
+ *
+ * Feature sub-containers (fleet, crypto, stripe, gateway) are only
+ * constructed when their corresponding feature flag is enabled in
+ * `bootConfig.features`. Disabled features yield `null`.
+ */
+export async function buildContainer(bootConfig) {
+    if (!bootConfig.databaseUrl) {
+        throw new Error("buildContainer: databaseUrl is required");
+    }
+    // 1. Database pool
+    const { Pool: PgPool } = await import("pg");
+    const pool = new PgPool({ connectionString: bootConfig.databaseUrl });
+    // 2. Drizzle ORM instance
+    const { createDb } = await import("../db/index.js");
+    const db = createDb(pool);
+    // 3. Run Drizzle migrations
+    const { migrate } = await import("drizzle-orm/node-postgres/migrator");
+    const path = await import("node:path");
+    const migrationsFolder = path.resolve(path.dirname(new URL(import.meta.url).pathname), "../../drizzle");
+    await migrate(db, { migrationsFolder });
+    // 4. Bootstrap product config from DB (auto-seeds from presets if needed)
+    const { platformBoot } = await import("../product-config/boot.js");
+    const { config: productConfig } = await platformBoot({ slug: bootConfig.slug, db });
+    // 5. Credit ledger
+    const { DrizzleLedger } = await import("../credits/ledger.js");
+    const creditLedger = new DrizzleLedger(db);
+    await creditLedger.seedSystemAccounts();
+    // 6. Org repositories + OrgService
+    const { DrizzleOrgMemberRepository } = await import("../tenancy/org-member-repository.js");
+    const { DrizzleOrgRepository } = await import("../tenancy/drizzle-org-repository.js");
+    const { OrgService: OrgServiceClass } = await import("../tenancy/org-service.js");
+    const { BetterAuthUserRepository } = await import("../db/auth-user-repository.js");
+    const orgMemberRepo = new DrizzleOrgMemberRepository(db);
+    const orgRepo = new DrizzleOrgRepository(db);
+    const authUserRepo = new BetterAuthUserRepository(pool);
+    const orgService = new OrgServiceClass(orgRepo, orgMemberRepo, db, {
+        userRepo: authUserRepo,
+    });
+    // 7. User role repository
+    const { DrizzleUserRoleRepository } = await import("../auth/user-role-repository.js");
+    const userRoleRepo = new DrizzleUserRoleRepository(db);
+    // 8. Fleet services (when enabled)
+    let fleet = null;
+    if (bootConfig.features.fleet) {
+        const { FleetManager: FleetManagerClass } = await import("../fleet/fleet-manager.js");
+        const { ProfileStore } = await import("../fleet/profile-store.js");
+        const { ProxyManager } = await import("../proxy/manager.js");
+        const { DrizzleServiceKeyRepository } = await import("../gateway/service-key-repository.js");
+        const DockerModule = await import("dockerode");
+        const DockerClass = DockerModule.default ?? DockerModule;
+        const docker = new DockerClass();
+        const fleetDataDir = productConfig.fleet?.fleetDataDir ?? "/data/fleet";
+        const profileStore = new ProfileStore(fleetDataDir);
+        const proxy = new ProxyManager();
+        const serviceKeyRepo = new DrizzleServiceKeyRepository(db);
+        const manager = new FleetManagerClass(docker, profileStore, undefined, // platformDiscovery
+        undefined, // networkPolicy
+        proxy);
+        fleet = { manager, docker, proxy, profileStore, serviceKeyRepo };
+    }
+    // 9. Crypto services (when enabled)
+    let crypto = null;
+    if (bootConfig.features.crypto) {
+        const { DrizzleCryptoChargeRepository } = await import("../billing/crypto/charge-store.js");
+        const { DrizzleWebhookSeenRepository } = await import("../billing/drizzle-webhook-seen-repository.js");
+        const chargeRepo = new DrizzleCryptoChargeRepository(db);
+        const webhookSeenRepo = new DrizzleWebhookSeenRepository(db);
+        crypto = { chargeRepo, webhookSeenRepo };
+    }
+    // 10. Stripe services (when enabled)
+    let stripe = null;
+    if (bootConfig.features.stripe && bootConfig.stripeSecretKey) {
+        const StripeModule = await import("stripe");
+        const StripeClass = StripeModule.default;
+        const stripeClient = new StripeClass(bootConfig.stripeSecretKey);
+        const { DrizzleTenantCustomerRepository } = await import("../billing/stripe/tenant-store.js");
+        const { loadCreditPriceMap } = await import("../billing/stripe/credit-prices.js");
+        const { StripePaymentProcessor } = await import("../billing/stripe/stripe-payment-processor.js");
+        const customerRepo = new DrizzleTenantCustomerRepository(db);
+        const priceMap = loadCreditPriceMap();
+        const processor = new StripePaymentProcessor({
+            stripe: stripeClient,
+            tenantRepo: customerRepo,
+            webhookSecret: bootConfig.stripeWebhookSecret ?? "",
+            priceMap,
+            creditLedger,
+        });
+        stripe = {
+            stripe: stripeClient,
+            webhookSecret: bootConfig.stripeWebhookSecret ?? "",
+            customerRepo,
+            processor,
+        };
+    }
+    // 11. Gateway services (when enabled)
+    let gateway = null;
+    if (bootConfig.features.gateway) {
+        const { DrizzleServiceKeyRepository } = await import("../gateway/service-key-repository.js");
+        const serviceKeyRepo = new DrizzleServiceKeyRepository(db);
+        gateway = { serviceKeyRepo };
+    }
+    // hotPool: not yet implemented — needs nemoclaw extraction
+    const hotPool = null;
+    return {
+        db,
+        pool,
+        productConfig,
+        creditLedger,
+        orgMemberRepo,
+        orgService,
+        userRoleRepo,
+        fleet,
+        crypto,
+        stripe,
+        gateway,
+        hotPool,
+    };
+}

package/dist/server/index.d.ts

@@ -0,0 +1,33 @@
+/**
+ * platform-core server entry point.
+ *
+ * Re-exports types, the test helper, and provides bootPlatformServer() —
+ * the single-call boot function products use to go from a declarative
+ * BootConfig to a running Hono server with DI container.
+ */
+import type { BootConfig, BootResult } from "./boot-config.js";
+export type { BootConfig, BootResult, FeatureFlags, RoutePlugin } from "./boot-config.js";
+export type { CryptoServices, FleetServices, GatewayServices, HotPoolServices, PlatformContainer, StripeServices, } from "./container.js";
+export { buildContainer } from "./container.js";
+export { type BackgroundHandles, gracefulShutdown, startBackgroundServices } from "./lifecycle.js";
+export { type MountConfig, mountRoutes } from "./mount-routes.js";
+export { createTestContainer } from "./test-container.js";
+/**
+ * Boot a fully-wired platform server from a declarative config.
+ *
+ * 1. Builds the DI container (DB, migrations, product config, feature slices)
+ * 2. Creates a Hono app and mounts shared routes
+ * 3. Returns start/stop lifecycle hooks
+ *
+ * Products call this from their index.ts:
+ * ```ts
+ * const { app, container, start, stop } = await bootPlatformServer({
+ *   slug: "paperclip",
+ *   databaseUrl: process.env.DATABASE_URL!,
+ *   provisionSecret: process.env.PROVISION_SECRET!,
+ *   features: { fleet: true, crypto: true, stripe: true, gateway: true, hotPool: false },
+ * });
+ * await start();
+ * ```
+ */
+export declare function bootPlatformServer(config: BootConfig): Promise<BootResult>;

package/dist/server/index.js

@@ -0,0 +1,66 @@
+/**
+ * platform-core server entry point.
+ *
+ * Re-exports types, the test helper, and provides bootPlatformServer() —
+ * the single-call boot function products use to go from a declarative
+ * BootConfig to a running Hono server with DI container.
+ */
+import { Hono } from "hono";
+import { buildContainer } from "./container.js";
+import { gracefulShutdown, startBackgroundServices } from "./lifecycle.js";
+import { mountRoutes } from "./mount-routes.js";
+export { buildContainer } from "./container.js";
+export { gracefulShutdown, startBackgroundServices } from "./lifecycle.js";
+export { mountRoutes } from "./mount-routes.js";
+export { createTestContainer } from "./test-container.js";
+// ---------------------------------------------------------------------------
+// bootPlatformServer
+// ---------------------------------------------------------------------------
+/**
+ * Boot a fully-wired platform server from a declarative config.
+ *
+ * 1. Builds the DI container (DB, migrations, product config, feature slices)
+ * 2. Creates a Hono app and mounts shared routes
+ * 3. Returns start/stop lifecycle hooks
+ *
+ * Products call this from their index.ts:
+ * ```ts
+ * const { app, container, start, stop } = await bootPlatformServer({
+ *   slug: "paperclip",
+ *   databaseUrl: process.env.DATABASE_URL!,
+ *   provisionSecret: process.env.PROVISION_SECRET!,
+ *   features: { fleet: true, crypto: true, stripe: true, gateway: true, hotPool: false },
+ * });
+ * await start();
+ * ```
+ */
+export async function bootPlatformServer(config) {
+    const container = await buildContainer(config);
+    const app = new Hono();
+    mountRoutes(app, container, {
+        provisionSecret: config.provisionSecret,
+        cryptoServiceKey: config.cryptoServiceKey,
+        platformDomain: container.productConfig.product?.domain ?? "localhost",
+    }, config.routes);
+    let handles = null;
+    let server = null;
+    return {
+        app,
+        container,
+        start: async (port) => {
+            const { serve } = await import("@hono/node-server");
+            const listenPort = port ?? config.port ?? 3001;
+            const hostname = config.host ?? "0.0.0.0";
+            server = serve({ fetch: app.fetch, hostname, port: listenPort }, async () => {
+                handles = await startBackgroundServices(container);
+            });
+        },
+        stop: async () => {
+            if (server)
+                server.close();
+            if (handles) {
+                await gracefulShutdown(container, handles);
+            }
+        },
+    };
+}

package/dist/server/lifecycle.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Lifecycle management — background services and graceful shutdown.
+ *
+ * Products currently handle background tasks in their serve() callbacks.
+ * This module provides a standard interface for starting and stopping
+ * those tasks so bootPlatformServer can manage them uniformly.
+ */
+import type { PlatformContainer } from "./container.js";
+export interface BackgroundHandles {
+    intervals: ReturnType<typeof setInterval>[];
+    unsubscribes: (() => void)[];
+}
+/**
+ * Start background services that run after the server is listening.
+ *
+ * Currently a thin scaffold — the hooks exist so products can migrate their
+ * background tasks (fleet updater, notification worker, caddy hydration,
+ * health monitor) incrementally without changing the boot contract.
+ */
+export declare function startBackgroundServices(container: PlatformContainer): Promise<BackgroundHandles>;
+/**
+ * Graceful shutdown: clear intervals, call unsubscribe hooks, close the
+ * database connection pool.
+ */
+export declare function gracefulShutdown(container: PlatformContainer, handles: BackgroundHandles): Promise<void>;

package/dist/server/lifecycle.js

@@ -0,0 +1,46 @@
+/**
+ * Lifecycle management — background services and graceful shutdown.
+ *
+ * Products currently handle background tasks in their serve() callbacks.
+ * This module provides a standard interface for starting and stopping
+ * those tasks so bootPlatformServer can manage them uniformly.
+ */
+// ---------------------------------------------------------------------------
+// startBackgroundServices
+// ---------------------------------------------------------------------------
+/**
+ * Start background services that run after the server is listening.
+ *
+ * Currently a thin scaffold — the hooks exist so products can migrate their
+ * background tasks (fleet updater, notification worker, caddy hydration,
+ * health monitor) incrementally without changing the boot contract.
+ */
+export async function startBackgroundServices(container) {
+    const handles = { intervals: [], unsubscribes: [] };
+    // Caddy proxy hydration (if fleet + proxy are enabled)
+    if (container.fleet?.proxy) {
+        try {
+            await container.fleet.proxy.start?.();
+        }
+        catch {
+            // Non-fatal — proxy sync will retry on next health tick
+        }
+    }
+    return handles;
+}
+// ---------------------------------------------------------------------------
+// gracefulShutdown
+// ---------------------------------------------------------------------------
+/**
+ * Graceful shutdown: clear intervals, call unsubscribe hooks, close the
+ * database connection pool.
+ */
+export async function gracefulShutdown(container, handles) {
+    for (const interval of handles.intervals) {
+        clearInterval(interval);
+    }
+    for (const unsub of handles.unsubscribes) {
+        unsub();
+    }
+    await container.pool.end();
+}

package/dist/server/middleware/__tests__/admin-auth.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/server/middleware/__tests__/admin-auth.test.js

@@ -0,0 +1,59 @@
+import { Hono } from "hono";
+import { describe, expect, it } from "vitest";
+import { createAdminAuthMiddleware } from "../admin-auth.js";
+function createApp(adminApiKey) {
+    const app = new Hono();
+    app.use("/admin/*", createAdminAuthMiddleware({ adminApiKey }));
+    app.get("/admin/status", (c) => c.json({ ok: true }));
+    return app;
+}
+describe("createAdminAuthMiddleware", () => {
+    const API_KEY = "test-admin-key-abc123";
+    it("returns 401 without Authorization header", async () => {
+        const app = createApp(API_KEY);
+        const res = await app.request("/admin/status");
+        expect(res.status).toBe(401);
+        const body = await res.json();
+        expect(body.error).toContain("Unauthorized");
+    });
+    it("returns 401 with wrong API key", async () => {
+        const app = createApp(API_KEY);
+        const res = await app.request("/admin/status", {
+            headers: { authorization: "Bearer wrong-key" },
+        });
+        expect(res.status).toBe(401);
+        const body = await res.json();
+        expect(body.error).toContain("invalid admin credentials");
+    });
+    it("passes through with correct API key (timing-safe)", async () => {
+        const app = createApp(API_KEY);
+        const res = await app.request("/admin/status", {
+            headers: { authorization: `Bearer ${API_KEY}` },
+        });
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.ok).toBe(true);
+    });
+    it("rejects keys of different length (timing-safe length check)", async () => {
+        const app = createApp(API_KEY);
+        // Key with same prefix but different length
+        const res = await app.request("/admin/status", {
+            headers: { authorization: `Bearer ${API_KEY}extra` },
+        });
+        expect(res.status).toBe(401);
+    });
+    it("returns 503 when admin key is not configured (fail-closed)", async () => {
+        const app = createApp("");
+        const res = await app.request("/admin/status", {
+            headers: { authorization: "Bearer anything" },
+        });
+        expect(res.status).toBe(503);
+    });
+    it("rejects non-Bearer auth schemes", async () => {
+        const app = createApp(API_KEY);
+        const res = await app.request("/admin/status", {
+            headers: { authorization: `Basic ${API_KEY}` },
+        });
+        expect(res.status).toBe(401);
+    });
+});

package/dist/server/middleware/__tests__/tenant-proxy.test.d.ts

@@ -0,0 +1 @@
+export {};