npm - aios-management-web - Versions diffs - 0.1.0 - Mend

aios-management-web 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (91) hide show

package/.env.json +21 -0
package/README.md +257 -0
package/data/management-console.db +0 -0
package/data/management-console.db-shm +0 -0
package/data/management-console.db-wal +0 -0
package/dist/assets/index-CV_wjCAG.js +464 -0
package/dist/assets/index-DfMPB0eV.css +1 -0
package/dist/index.html +13 -0
package/docs/spec.md +199 -0
package/index.html +12 -0
package/package.json +37 -0
package/scripts/reset-kernel.js +59 -0
package/scripts/reset-password.js +22 -0
package/server/fakes.js +57 -0
package/server/index.js +21 -0
package/server/src/api/middleware/auth.js +29 -0
package/server/src/api/middleware/internal.js +44 -0
package/server/src/api/routes/index.js +677 -0
package/server/src/app.js +90 -0
package/server/src/background/index.js +106 -0
package/server/src/background/protocol.js +15 -0
package/server/src/config/env.js +90 -0
package/server/src/db/index.js +501 -0
package/server/src/infra/mqtt/management-rpc-client.js +213 -0
package/server/src/infra/providers/hzg-provider-client.js +39 -0
package/server/src/infra/s3/object-storage.js +97 -0
package/server/src/services/agent-quota.js +54 -0
package/server/src/services/agent-service.js +696 -0
package/server/src/services/agent-status-sync-service.js +132 -0
package/server/src/services/audit-log-service.js +39 -0
package/server/src/services/auth-service.js +153 -0
package/server/src/services/catalog-sync-service.js +712 -0
package/server/src/services/external-service.js +308 -0
package/server/src/services/kernel-reset-service.js +86 -0
package/server/src/services/portal-service.js +555 -0
package/server/src/services/system-service.js +580 -0
package/server/src/services/topic-ping-service.js +282 -0
package/server/src/utils/errors.js +36 -0
package/server/src/utils/security.js +22 -0
package/server/test/agent-service-alignment.test.js +316 -0
package/server/test/agent-service-create.test.js +662 -0
package/server/test/agent-status-sync-service.test.js +167 -0
package/server/test/agent-update-audit.test.js +63 -0
package/server/test/auth-middleware.test.js +71 -0
package/server/test/background-services.test.js +160 -0
package/server/test/catalog-sync-service.test.js +920 -0
package/server/test/db-reset-migration.test.js +123 -0
package/server/test/env-config.test.js +68 -0
package/server/test/external-service.test.js +380 -0
package/server/test/hzg-provider-client.test.js +50 -0
package/server/test/internal-auth-middleware.test.js +66 -0
package/server/test/kernel-reset-service.test.js +112 -0
package/server/test/management-rpc-client.test.js +105 -0
package/server/test/portal-service-access-tokens.test.js +121 -0
package/server/test/portal-service-alignment.test.js +318 -0
package/server/test/portal-service-management-logs.test.js +114 -0
package/server/test/reset-kernel-cli.test.js +23 -0
package/server/test/service-api-auth-middleware.test.js +59 -0
package/server/test/system-service-alignment.test.js +265 -0
package/server/test/topic-ping-service.test.js +182 -0
package/server/test/usage-refresh-audit-route.test.js +82 -0
package/src/App.jsx +1 -0
package/src/api.js +1 -0
package/src/app/App.jsx +346 -0
package/src/app/api-client.js +112 -0
package/src/components/AppShell.jsx +117 -0
package/src/components/CardTitleWithReload.jsx +20 -0
package/src/components/DeleteActionButton.jsx +31 -0
package/src/main.jsx +14 -0
package/src/pages/AgentsPage.jsx +647 -0
package/src/pages/AiosUsersPage.jsx +151 -0
package/src/pages/DashboardPage.jsx +72 -0
package/src/pages/LoginPage.jsx +41 -0
package/src/pages/SettingsPage.jsx +431 -0
package/src/pages/SkillsPage.jsx +175 -0
package/src/pages/SystemLogsPage.jsx +349 -0
package/src/pages/SystemsPage.jsx +498 -0
package/src/pages/TemplatesPage.jsx +207 -0
package/src/pages/UserManagementPage.jsx +25 -0
package/src/pages/UsersPage.jsx +192 -0
package/src/pages/system-logs/SystemLogsTabs.jsx +362 -0
package/src/styles.css +222 -0
package/src/utils/format.js +63 -0
package/test/.reports/fast-2026-05-25T08-32-39-420Z.json +299 -0
package/test/integration/common.js +208 -0
package/test/integration/fast.js +135 -0
package/test/integration/full.js +306 -0
package/test/run-browser-e2e.js +212 -0
package/test/run-jasmine.js +21 -0
package/test/setup.js +1 -0
package/vite.config.js +12 -0

package/server/test/db-reset-migration.test.js ADDED Viewed

@@ -0,0 +1,123 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { DatabaseSync } from "node:sqlite";
+it("resets drifted legacy schemas to the latest database structure", async () => {
+  const previousDataDir = process.env.AIOS_WEB_DATA_DIR;
+  const dataDir = fs.mkdtempSync(path.join(os.tmpdir(), "aios-web-db-reset-test-"));
+  const dbFile = path.join(dataDir, "management-console.db");
+  const setupDb = new DatabaseSync(dbFile);
+  setupDb.exec(`
+    CREATE TABLE schema_meta (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL
+    );
+    INSERT INTO schema_meta (key, value) VALUES ('schema_version', '14');
+    CREATE TABLE users (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      role TEXT NOT NULL,
+      username TEXT NOT NULL UNIQUE,
+      display_name TEXT NOT NULL,
+      status TEXT NOT NULL,
+      password_hash TEXT NOT NULL DEFAULT '',
+      must_change_password INTEGER NOT NULL DEFAULT 0,
+      is_builtin INTEGER NOT NULL DEFAULT 0,
+      tags_json TEXT NOT NULL DEFAULT '[]',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+    CREATE TABLE agents (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      slug TEXT NOT NULL UNIQUE,
+      agent_name TEXT NOT NULL,
+      description TEXT NOT NULL,
+      docs_content TEXT NOT NULL DEFAULT '',
+      template_name TEXT NOT NULL,
+      status TEXT NOT NULL CHECK (status IN ('active', 'disabled')),
+      tags_json TEXT NOT NULL DEFAULT '[]',
+      daily_limit INTEGER NOT NULL,
+      usage_snapshot_json TEXT NOT NULL DEFAULT '{}',
+      remote_state_json TEXT NOT NULL DEFAULT '{}',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+    CREATE TABLE agents_legacy_v14 (
+      id INTEGER PRIMARY KEY AUTOINCREMENT
+    );
+    CREATE TABLE agent_permissions (
+      agent_id INTEGER NOT NULL,
+      user_id INTEGER NOT NULL,
+      PRIMARY KEY (agent_id, user_id),
+      FOREIGN KEY (agent_id) REFERENCES agents_legacy_v14(id) ON DELETE CASCADE,
+      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+    );
+  `);
+  setupDb.close();
+  process.env.AIOS_WEB_DATA_DIR = dataDir;
+  const moduleUrl = new URL(`../src/db/index.js?case=${Date.now()}`, import.meta.url);
+  const { db } = await import(moduleUrl.href);
+  const schemaVersion = db.prepare("SELECT value FROM schema_meta WHERE key = 'schema_version'").get();
+  const permissionColumns = db.prepare("PRAGMA table_info(agent_permissions)").all().map((row) => row.name);
+  const skillColumns = db.prepare("PRAGMA table_info(skills)").all().map((row) => row.name);
+  const systemColumns = db.prepare("PRAGMA table_info(business_systems)").all().map((row) => row.name);
+  const invocationColumns = db.prepare("PRAGMA table_info(system_invocation_logs)").all().map((row) => row.name);
+  const sessionCookieColumns = db.prepare("PRAGMA table_info(external_session_cookies)").all();
+  const externalSessionColumns = db.prepare("PRAGMA table_info(external_sessions)").all();
+  const aiosUsersTable = db.prepare(`
+    SELECT name
+    FROM sqlite_master
+    WHERE type = 'table' AND name = 'aios_users'
+  `).get();
+  const sessionIdIndexes = db.prepare(`
+    SELECT name
+    FROM sqlite_master
+    WHERE type = 'index' AND name = 'idx_system_invocation_logs_session_id'
+  `).get();
+  const legacyTables = db.prepare(`
+    SELECT name
+    FROM sqlite_master
+    WHERE type = 'table' AND name LIKE '%legacy%'
+    ORDER BY name
+  `).all().map((row) => row.name);
+  expect(schemaVersion?.value).toBe("1");
+  expect(aiosUsersTable?.name).toBe("aios_users");
+  expect(permissionColumns).toContain("aios_user_id");
+  expect(permissionColumns).not.toContain("directory_user_id");
+  expect(permissionColumns).not.toContain("user_id");
+  expect(skillColumns).not.toContain("remote_slug");
+  expect(skillColumns).not.toContain("source_type");
+  expect(skillColumns).not.toContain("distribution_scope");
+  expect(skillColumns).toContain("is_builtin");
+  expect(systemColumns).toContain("scheme");
+  expect(systemColumns).not.toContain("schema");
+  expect(systemColumns).toContain("last_connectivity_test_status");
+  expect(systemColumns).toContain("last_connectivity_test_result_json");
+  expect(systemColumns).not.toContain("name");
+  expect(systemColumns).not.toContain("connectivity_status");
+  expect(systemColumns).not.toContain("last_test_result_json");
+  expect(invocationColumns).not.toContain("system_name");
+  expect(sessionCookieColumns.find((column) => column.name === "cookie")?.notnull).toBe(1);
+  expect(externalSessionColumns.find((column) => column.name === "session_id")?.pk).toBe(1);
+  expect(sessionIdIndexes?.name).toBe("idx_system_invocation_logs_session_id");
+  expect(() => db.prepare(`
+    INSERT INTO external_session_cookies (
+      session_id, provider, cookie, created_at, updated_at
+    ) VALUES (?, ?, ?, ?, ?)
+  `).run("missing", "hzg", "a".repeat(16385), "2026-05-26T00:00:00.000Z", "2026-05-26T00:00:00.000Z")).toThrow();
+  expect(legacyTables).toEqual([]);
+  if (previousDataDir === undefined) {
+    delete process.env.AIOS_WEB_DATA_DIR;
+  } else {
+    process.env.AIOS_WEB_DATA_DIR = previousDataDir;
+  }
+});

package/server/test/env-config.test.js ADDED Viewed

@@ -0,0 +1,68 @@
+import path from "node:path";
+import { loadEnv } from "../src/config/env.js";
+it("falls back to .env.json for runtime integrations", () => {
+  const originalBroker = process.env.AIOS_MQTT_CHANNEL_BROKER;
+  const originalS3 = process.env.AIOS_S3_ENDPOINT;
+  delete process.env.AIOS_MQTT_CHANNEL_BROKER;
+  delete process.env.AIOS_S3_ENDPOINT;
+  try {
+    const env = loadEnv();
+    expect(env.mqtt.brokerUrl).toBe("mqtt://172.16.12.2:1883");
+    expect(env.s3.endpoint).toBe("http://172.16.12.2:9000");
+  } finally {
+    if (originalBroker === undefined) {
+      delete process.env.AIOS_MQTT_CHANNEL_BROKER;
+    } else {
+      process.env.AIOS_MQTT_CHANNEL_BROKER = originalBroker;
+    }
+    if (originalS3 === undefined) {
+      delete process.env.AIOS_S3_ENDPOINT;
+    } else {
+      process.env.AIOS_S3_ENDPOINT = originalS3;
+    }
+  }
+});
+it("defaults web data dir under AIOS_ROOT when available", () => {
+  const originalRoot = process.env.AIOS_ROOT;
+  const originalDataDir = process.env.AIOS_WEB_DATA_DIR;
+  process.env.AIOS_ROOT = "/var/aios-apps";
+  delete process.env.AIOS_WEB_DATA_DIR;
+  try {
+    const env = loadEnv();
+    expect(env.dataDir).toBe(path.resolve("/var/aios-apps/data/web"));
+  } finally {
+    if (originalRoot === undefined) {
+      delete process.env.AIOS_ROOT;
+    } else {
+      process.env.AIOS_ROOT = originalRoot;
+    }
+    if (originalDataDir === undefined) {
+      delete process.env.AIOS_WEB_DATA_DIR;
+    } else {
+      process.env.AIOS_WEB_DATA_DIR = originalDataDir;
+    }
+  }
+});
+it("reads management website timeout from environment in seconds", () => {
+  const originalTimeout = process.env.AIOS_MANAGEMENT_WEBSITE_TIMEOUT;
+  process.env.AIOS_MANAGEMENT_WEBSITE_TIMEOUT = "180";
+  try {
+    const env = loadEnv();
+    expect(env.managementTimeoutMs).toBe(180000);
+  } finally {
+    if (originalTimeout === undefined) {
+      delete process.env.AIOS_MANAGEMENT_WEBSITE_TIMEOUT;
+    } else {
+      process.env.AIOS_MANAGEMENT_WEBSITE_TIMEOUT = originalTimeout;
+    }
+  }
+});

package/server/test/external-service.test.js ADDED Viewed

@@ -0,0 +1,380 @@
+import { DatabaseSync } from "node:sqlite";
+import { ExternalService } from "../src/services/external-service.js";
+function createDb() {
+  const db = new DatabaseSync(":memory:");
+  db.exec(`
+    CREATE TABLE agents (
+      id INTEGER PRIMARY KEY,
+      slug TEXT NOT NULL UNIQUE,
+      agent_name TEXT NOT NULL DEFAULT '',
+      status TEXT NOT NULL,
+      remote_state_json TEXT NOT NULL DEFAULT '{}'
+    );
+    CREATE TABLE aios_users (
+      id INTEGER PRIMARY KEY,
+      username TEXT NOT NULL UNIQUE
+    );
+    CREATE TABLE agent_permissions (
+      agent_id INTEGER NOT NULL,
+      aios_user_id INTEGER NOT NULL,
+      PRIMARY KEY (agent_id, aios_user_id)
+    );
+    CREATE TABLE external_sessions (
+      session_id TEXT PRIMARY KEY,
+      aios_user_id INTEGER NOT NULL,
+      agent_id INTEGER NOT NULL,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      UNIQUE (aios_user_id, agent_id)
+    );
+    CREATE TABLE external_session_cookies (
+      session_id TEXT NOT NULL,
+      provider TEXT NOT NULL,
+      cookie TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      PRIMARY KEY (session_id, provider)
+    );
+    CREATE TABLE business_systems (
+      id INTEGER PRIMARY KEY,
+      provider TEXT NOT NULL,
+      application_name TEXT NOT NULL,
+      description TEXT NOT NULL DEFAULT '',
+      ontology_artifact_id INTEGER,
+      scheme TEXT NOT NULL,
+      host TEXT NOT NULL,
+      port INTEGER NOT NULL,
+      status TEXT NOT NULL,
+      last_connectivity_test_status TEXT NOT NULL DEFAULT 'unknown',
+      last_connectivity_test_result_json TEXT NOT NULL DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT '2026-05-26T00:00:00.000Z',
+      updated_at TEXT NOT NULL DEFAULT '2026-05-26T00:00:00.000Z'
+    );
+    INSERT INTO aios_users (id, username) VALUES (1, 'zhangsan');
+    INSERT INTO agents (id, slug, agent_name, status, remote_state_json)
+    VALUES (
+      1,
+      'agent-a',
+      'Agent Alpha',
+      'normal',
+      '{"inboundTopic":"aios/agent-a/inbound","outboundTopic":"aios/agent-a/outbound"}'
+    );
+    INSERT INTO agent_permissions (agent_id, aios_user_id) VALUES (1, 1);
+    INSERT INTO business_systems (
+      id, provider, application_name, scheme, host, port, status
+    ) VALUES (1, 'hzg', 'crm-app', 'https', 'example.com', 443, 'active');
+  `);
+  return db;
+}
+function createService(db, overrides = {}) {
+  return new ExternalService({
+    db,
+    agentService: {
+      async listAgentDirectoryForUser() {
+        return [];
+      }
+    },
+    systemService: {
+      findLatestActiveSystemByProvider() {
+        return {
+          provider: "hzg",
+          application_name: "crm-app",
+          base_url: "https://example.com:443/crm-app"
+        };
+      },
+      findSystemForInvocation(_provider, applicationName) {
+        return {
+          provider: "hzg",
+          application_name: applicationName,
+          base_url: `https://example.com:443/${applicationName}`
+        };
+      },
+      async recordInvocation() {}
+    },
+    hzgProviderClient: {},
+    auditLogService: {
+      write() {}
+    },
+    ...overrides
+  });
+}
+it("creates and reuses external session ids per user-agent pair and returns topics", async () => {
+  const db = createDb();
+  const auditWrites = [];
+  const service = createService(db, {
+    auditLogService: {
+      write(entry) {
+        auditWrites.push(entry);
+      }
+    }
+  });
+  const first = service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a"
+  });
+  const second = service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a"
+  });
+  expect(first).toEqual(jasmine.objectContaining({
+    sessionId: jasmine.stringMatching(/^s-/),
+    inboundTopic: "aios/agent-a/inbound",
+    outboundTopic: "aios/agent-a/outbound"
+  }));
+  expect(second).toEqual(first);
+  expect(auditWrites.length).toBe(1);
+  expect(auditWrites[0].detail).toContain("agent状态=normal");
+});
+it("throws internal error with reason when creating session for disabled agent", () => {
+  const db = createDb();
+  db.prepare("UPDATE agents SET status = 'disabled' WHERE slug = ?").run("agent-a");
+  const service = createService(db);
+  expect(() => service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a"
+  })).toThrowMatching((error) => (
+    error.status === 500
+    && error.code === "internal_error"
+    && error.message.includes("已停用")
+  ));
+});
+it("throws internal error with reason when creating session for overlimit agent", () => {
+  const db = createDb();
+  db.prepare("UPDATE agents SET status = 'overlimit' WHERE slug = ?").run("agent-a");
+  const service = createService(db);
+  expect(() => service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a"
+  })).toThrowMatching((error) => (
+    error.status === 500
+    && error.code === "internal_error"
+    && error.message.includes("已超出用量限额")
+  ));
+});
+it("lists every assigned agent for a user with status", async () => {
+  const db = createDb();
+  const service = createService(db, {
+    agentService: {
+      async listAgentDirectoryForUser(username) {
+        expect(username).toBe("zhangsan");
+        return [
+          { agent_id: "agent-a", agent_name: "Agent Alpha", status: "normal" },
+          { agent_id: "agent-disabled", agent_name: "Agent Disabled", status: "disabled" },
+          { agent_id: "agent-overlimit", agent_name: "Agent Overlimit", status: "overlimit" }
+        ];
+      }
+    }
+  });
+  expect(await service.listAgentsForUser("zhangsan")).toEqual([
+    { agent_id: "agent-a", agent_name: "Agent Alpha", status: "normal" },
+    { agent_id: "agent-disabled", agent_name: "Agent Disabled", status: "disabled" },
+    { agent_id: "agent-overlimit", agent_name: "Agent Overlimit", status: "overlimit" }
+  ]);
+});
+it("persists caller cookie on session creation and reuses it for external cookie lookup", async () => {
+  const db = createDb();
+  const service = createService(db, {
+    hzgProviderClient: {
+      async createSessionCookie() {
+        throw new Error("should not create cookie when caller already provided one");
+      }
+    }
+  });
+  const session = service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a",
+    cookie: "ForguncyServer=caller-cookie"
+  });
+  const stored = db.prepare(`
+    SELECT provider, cookie
+    FROM external_session_cookies
+    WHERE session_id = ?
+  `).get(session.sessionId);
+  expect(stored).toEqual({
+    provider: "hzg",
+    cookie: "ForguncyServer=caller-cookie"
+  });
+  const cookie = await service.getCookie(session.sessionId, "hzg");
+  expect(cookie).toEqual({
+    provider: "hzg",
+    cookie: "ForguncyServer=caller-cookie"
+  });
+});
+it("updates stored caller cookie when the session already exists", async () => {
+  const db = createDb();
+  const service = createService(db);
+  const first = service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a",
+    cookie: "ForguncyServer=old-cookie"
+  });
+  const second = service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a",
+    cookie: "ForguncyServer=new-cookie"
+  });
+  expect(second.sessionId).toBe(first.sessionId);
+  expect(second.inboundTopic).toBe("aios/agent-a/inbound");
+  expect(second.outboundTopic).toBe("aios/agent-a/outbound");
+  const stored = db.prepare(`
+    SELECT cookie
+    FROM external_session_cookies
+    WHERE session_id = ? AND provider = 'hzg'
+  `).get(first.sessionId);
+  expect(stored?.cookie).toBe("ForguncyServer=new-cookie");
+});
+it("loads cached cookie and lazily creates missing hzg cookie", async () => {
+  const db = createDb();
+  db.prepare(`
+    INSERT INTO external_sessions (session_id, aios_user_id, agent_id, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?)
+  `).run("s-1", 1, 1, "2026-05-26T00:00:00.000Z", "2026-05-26T00:00:00.000Z");
+  let createCount = 0;
+  const service = createService(db, {
+    hzgProviderClient: {
+      async createSessionCookie(baseUrl, sessionId) {
+        createCount += 1;
+        expect(baseUrl).toBe("https://example.com:443/crm-app");
+        expect(sessionId).toBe("s-1");
+        return "ForguncyServer=test-cookie";
+      }
+    }
+  });
+  const first = await service.getCookie("s-1", "hzg");
+  const second = await service.getCookie("s-1", "hzg");
+  expect(first).toEqual({
+    provider: "hzg",
+    cookie: "ForguncyServer=test-cookie"
+  });
+  expect(second).toEqual(first);
+  expect(createCount).toBe(1);
+});
+it("loads external context from session and agent records", async () => {
+  const db = createDb();
+  db.prepare(`
+    INSERT INTO external_sessions (session_id, aios_user_id, agent_id, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?)
+  `).run("s-context", 1, 1, "2026-05-26T00:00:00.000Z", "2026-05-26T00:00:00.000Z");
+  const service = createService(db);
+  const context = service.getContext("s-context");
+  expect(context).toEqual({
+    inboundTopic: "aios/agent-a/inbound",
+    outboundTopic: "aios/agent-a/outbound",
+    agentName: "Agent Alpha",
+    agentId: "agent-a",
+    userName: "zhangsan"
+  });
+});
+it("throws not found when external context session does not exist", () => {
+  const db = createDb();
+  const service = createService(db);
+  expect(() => service.getContext("missing-session")).toThrowError(/会话不存在/);
+});
+it("records external invocation using session-bound agent and resolved business system", async () => {
+  const db = createDb();
+  db.prepare(`
+    INSERT INTO external_sessions (session_id, aios_user_id, agent_id, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?)
+  `).run("s-2", 1, 1, "2026-05-26T00:00:00.000Z", "2026-05-26T00:00:00.000Z");
+  const recorded = [];
+  const service = createService(db, {
+    systemService: {
+      findLatestActiveSystemByProvider() {
+        return null;
+      },
+      findSystemForInvocation(provider, applicationName) {
+        expect(provider).toBe("hzg");
+        expect(applicationName).toBe("crm-app");
+        return {
+          provider: "hzg",
+          application_name: "crm-app",
+          base_url: "https://example.com:443/crm-app"
+        };
+      },
+      async recordInvocation(log) {
+        recorded.push(log);
+      }
+    }
+  });
+  await service.recordInvocation({
+    sessionId: "s-2",
+    provider: "hzg",
+    applicationName: "crm-app",
+    commandName: "GetList",
+    paramaters: "{\"page\":1}",
+    isOK: false,
+    errorMessage: "boom",
+    response: "{\"ok\":false}",
+    durationInMS: 123
+  });
+  expect(recorded.length).toBe(1);
+  expect(recorded[0]).toEqual(jasmine.objectContaining({
+    agent_slug: "agent-a",
+    session_id: "s-2",
+    provider: "hzg",
+    application_name: "crm-app",
+    command_name: "GetList",
+    response_time_ms: 123,
+    success: false,
+    error_message: "boom"
+  }));
+  expect(recorded[0].request_payload).toEqual({ page: 1 });
+  expect(recorded[0].response_payload).toEqual({ ok: false });
+});
+it("rejects oversized caller cookies before persisting sessions", () => {
+  const db = createDb();
+  const service = createService(db);
+  expect(() => service.getOrCreateSession({
+    userName: "zhangsan",
+    agentId: "agent-a",
+    cookie: "a".repeat(16 * 1024 + 1)
+  })).toThrowMatching((error) => (
+    error.status === 400
+    && error.code === "bad_request"
+    && error.message.includes("cookie 长度")
+  ));
+  expect(db.prepare("SELECT COUNT(*) AS count FROM external_sessions").get().count).toBe(0);
+});

package/server/test/hzg-provider-client.test.js ADDED Viewed

@@ -0,0 +1,50 @@
+import { HzgProviderClient } from "../src/infra/providers/hzg-provider-client.js";
+it("creates session cookie from the ServerCommand endpoint response header", async () => {
+  const fetchCalls = [];
+  const client = new HzgProviderClient({
+    fetchImpl: async (url, options) => {
+      fetchCalls.push({ url, options });
+      return {
+        headers: {
+          get: (name) => (name === "set-cookie" ? "ForguncyServer=session-cookie" : null)
+        },
+        text: async () => ""
+      };
+    }
+  });
+  const result = await client.createSessionCookie(
+    "https://example.com:443/demo-app",
+    "thread-1"
+  );
+  expect(result).toBe("ForguncyServer=session-cookie");
+  expect(fetchCalls).toEqual([
+    jasmine.objectContaining({
+      url: "https://example.com:443/demo-app/ServerCommand/",
+      options: jasmine.objectContaining({
+        method: "POST",
+        body: JSON.stringify({ ManageThreadId: "thread-1" })
+      })
+    })
+  ]);
+});
+it("falls back to a cookie field in the response body when header is missing", async () => {
+  const client = new HzgProviderClient({
+    fetchImpl: async () => ({
+      headers: {
+        get: () => null
+      },
+      text: async () => JSON.stringify({ cookie: "ForguncyServer=session-cookie" })
+    })
+  });
+  const result = await client.createSessionCookie(
+    "https://example.com:443/demo-app",
+    "thread-1"
+  );
+  expect(result).toBe("ForguncyServer=session-cookie");
+});

package/server/test/internal-auth-middleware.test.js ADDED Viewed

@@ -0,0 +1,66 @@
+import { createInternalAuthMiddleware } from "../src/api/middleware/internal.js";
+function runMiddleware(middleware, { headers = {}, remoteAddress = "" } = {}) {
+  return new Promise((resolve) => {
+    middleware({
+      headers,
+      socket: {
+        remoteAddress
+      }
+    }, {}, (error) => resolve(error ?? null));
+  });
+}
+it("accepts matching bearer token", async () => {
+  const middleware = createInternalAuthMiddleware({
+    hasAccessToken(token) {
+      return token === "sk-abcdef";
+    }
+  });
+  const error = await runMiddleware(middleware, {
+    headers: {
+      authorization: "Bearer sk-abcdef"
+    }
+  });
+  expect(error).toBeNull();
+});
+it("rejects missing or mismatched bearer token", async () => {
+  const middleware = createInternalAuthMiddleware({
+    hasAccessToken(token) {
+      return token === "sk-abcdef";
+    }
+  });
+  const missingError = await runMiddleware(middleware);
+  expect(missingError.status).toBe(401);
+  expect(missingError.message).toBe("缺少 Bearer Token");
+  const invalidError = await runMiddleware(middleware, {
+    headers: {
+      authorization: "Bearer sk-other"
+    }
+  });
+  expect(invalidError.status).toBe(403);
+  expect(invalidError.message).toMatch(/invalid bearer token/i);
+});
+it("bypasses token checks for localhost calls", async () => {
+  const middleware = createInternalAuthMiddleware({
+    hasAccessToken() {
+      return false;
+    }
+  });
+  const ipv4Error = await runMiddleware(middleware, {
+    remoteAddress: "127.0.0.1"
+  });
+  expect(ipv4Error).toBeNull();
+  const ipv6Error = await runMiddleware(middleware, {
+    remoteAddress: "::1"
+  });
+  expect(ipv6Error).toBeNull();
+});