npm - auramaxx - Versions diffs - 0.0.12 → 0.0.13 - Mend

auramaxx 0.0.12 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (334) hide show

package/src/server/tests/cli/socket.test.ts CHANGED Viewed

@@ -214,7 +214,7 @@ describe('SocketServer auto-approve (in-process mode)', () => {
     );
   });
-  it('blocks auto-approve when disabled by default fallback', async () => {
+  it('enables auto-approve with default fallback and then fails on lock', async () => {
     vi.spyOn(defaults, 'getDefaultSync').mockImplementation(<T>(_key: string, fallback: T): T => fallback);
     const fetchSpy = vi.spyOn(globalThis, 'fetch');
@@ -238,7 +238,7 @@ describe('SocketServer auto-approve (in-process mode)', () => {
     const payload = JSON.parse((socket.write as unknown as ReturnType<typeof vi.fn>).mock.calls[0][0]);
     expect(payload).toMatchObject({
       type: 'error',
-      message: 'Auto-approve is disabled. Use standard approval flow.',
+      message: 'Wallet is locked. Unlock first.',
     });
   });

package/src/server/tests/endpoints/actions.test.ts CHANGED Viewed

@@ -853,7 +853,7 @@ describe('Actions Endpoints', () => {
       expect(pollRes.body.status).toBe('rejected');
     });
-    it('should default TTL to 600 when not specified', async () => {
+    it('should default TTL to 3600 when not specified', async () => {
       const createRes = await request(app)
         .post('/actions')
         .set('Authorization', `Bearer ${agentToken}`)
@@ -871,7 +871,7 @@ describe('Actions Endpoints', () => {
         .set('Authorization', `Bearer ${adminToken}`)
         .send({ approved: true });
-      expect(approveRes.body.expiresIn).toBe(600);
+      expect(approveRes.body.expiresIn).toBe(3600);
     });
     it('should store pre-computed action in metadata', async () => {

package/src/server/tests/endpoints/agent-profiles.test.ts ADDED Viewed

@@ -0,0 +1,117 @@
+import { afterAll, beforeEach, describe, expect, it } from 'vitest';
+import request from 'supertest';
+import { cleanDatabase, createTestApp, setupAndUnlockWallet, testPrisma } from '../setup';
+const app = createTestApp();
+describe('Agent Profile Endpoints', () => {
+  let adminToken: string;
+  beforeEach(async () => {
+    await cleanDatabase();
+    const setup = await setupAndUnlockWallet();
+    adminToken = setup.adminToken;
+  });
+  afterAll(async () => {
+    await testPrisma.$disconnect();
+  });
+  it('creates and retrieves an agent profile keyed by path agentId', async () => {
+    const putRes = await request(app)
+      .put('/agent-profiles/primary')
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({
+        email: 'ops@example.com',
+        phone: '+1 555 0100',
+        address: 'New York, US',
+        profileImage: 'https://cdn.example.com/avatar.png',
+        attributes: {
+          team: 'ops',
+          region: 'us-east',
+        },
+      });
+    expect(putRes.status).toBe(200);
+    expect(putRes.body.success).toBe(true);
+    expect(putRes.body.profile.agentId).toBe('primary');
+    expect(putRes.body.profile.email).toBe('ops@example.com');
+    expect(putRes.body.profile.attributes).toEqual({
+      team: 'ops',
+      region: 'us-east',
+    });
+    const getRes = await request(app)
+      .get('/agent-profiles/primary')
+      .set('Authorization', `Bearer ${adminToken}`);
+    expect(getRes.status).toBe(200);
+    expect(getRes.body.profile.agentId).toBe('primary');
+    expect(getRes.body.profile.profileImage).toBe('https://cdn.example.com/avatar.png');
+    const listRes = await request(app)
+      .get('/agent-profiles')
+      .set('Authorization', `Bearer ${adminToken}`);
+    expect(listRes.status).toBe(200);
+    expect(Array.isArray(listRes.body.profiles)).toBe(true);
+    expect(listRes.body.profiles).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({
+          agentId: 'primary',
+          email: 'ops@example.com',
+        }),
+      ]),
+    );
+  });
+  it('rejects mismatched body agentId', async () => {
+    const res = await request(app)
+      .put('/agent-profiles/primary')
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({
+        agentId: 'different-agent',
+        email: 'ops@example.com',
+      });
+    expect(res.status).toBe(400);
+    expect(String(res.body.error || '')).toContain('must match');
+  });
+  it('rejects invalid wildcard attribute keys', async () => {
+    const res = await request(app)
+      .put('/agent-profiles/primary')
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({
+        attributes: {
+          '   ': 'ops',
+        },
+      });
+    expect(res.status).toBe(400);
+    expect(String(res.body.error || '')).toContain('attribute keys');
+  });
+  it('supports underscore aliases and deletion', async () => {
+    const createRes = await request(app)
+      .put('/agent-profiles/primary')
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({
+        profile_image: 'https://cdn.example.com/avatar.png',
+        custom_attributes: { team: 'core' },
+      });
+    expect(createRes.status).toBe(200);
+    expect(createRes.body.profile.profileImage).toBe('https://cdn.example.com/avatar.png');
+    expect(createRes.body.profile.attributes).toEqual({ team: 'core' });
+    const deleteRes = await request(app)
+      .delete('/agent-profiles/primary')
+      .set('Authorization', `Bearer ${adminToken}`);
+    expect(deleteRes.status).toBe(200);
+    expect(deleteRes.body.deleted).toBe(true);
+    const missingRes = await request(app)
+      .get('/agent-profiles/primary')
+      .set('Authorization', `Bearer ${adminToken}`);
+    expect(missingRes.status).toBe(404);
+  });
+});

package/src/server/tests/endpoints/auth.test.ts CHANGED Viewed

@@ -337,6 +337,40 @@ describe('Auth Endpoints', () => {
       expect(res.body.compilerVersion).toBe('profile.v1');
     });
+    it('should include exact retryCommand derived from stored original command', async () => {
+      const authRes = await request(app)
+        .post('/auth')
+        .send({ agentId: TEST_AGENT_ID, profile: 'strict', pubkey: AUTH_TEST_PUBKEY });
+      const created = await testPrisma.humanAction.findUnique({
+        where: { id: authRes.body.requestId },
+      });
+      expect(created).toBeTruthy();
+      const metadata = JSON.parse(created!.metadata || '{}');
+      metadata.originalCommand = 'npx auramaxx get github';
+      await testPrisma.humanAction.update({
+        where: { id: authRes.body.requestId },
+        data: { metadata: JSON.stringify(metadata) },
+      });
+      await request(app)
+        .post(`/actions/${authRes.body.requestId}/resolve`)
+        .set('Authorization', `Bearer ${adminToken}`)
+        .send({ approved: true });
+      const claim = await request(app)
+        .get(`/auth/${authRes.body.requestId}?secret=${authRes.body.secret}`);
+      expect(claim.status).toBe(200);
+      expect(claim.body.status).toBe('approved');
+      expect(claim.body.retryCommand).toBe(`npx auramaxx get github --reqId ${authRes.body.requestId}`);
+      expect(Array.isArray(claim.body.instructions)).toBe(true);
+      expect(claim.body.instructions[0]).toBe(
+        `Run this exact command now: npx auramaxx get github --reqId ${authRes.body.requestId}`,
+      );
+    });
     it('should allow only one successful claim when claimed concurrently', async () => {
       const authRes = await request(app)
         .post('/auth')

package/src/server/tests/lib/credential-transport.test.ts CHANGED Viewed

@@ -4,8 +4,9 @@ import {
   generateKeyPairSync,
   privateDecrypt,
 } from 'crypto';
-import { describe, expect, it, vi } from 'vitest';
+import { afterEach, describe, expect, it, vi } from 'vitest';
 import {
+  bootstrapViaAuthRequest,
   createReadToken,
   encryptToAgentPubkey,
   buildScopedReadTokenIssueRequest,
@@ -13,6 +14,7 @@ import {
   isValidAgentPubkey,
   normalizeAgentPubkey,
 } from '../../lib/credential-transport';
+import * as defaults from '../../lib/defaults';
 interface HybridEnvelope {
   v: number;
@@ -63,6 +65,12 @@ function decryptWithPrivateKey(encryptedBase64: string, privateKeyPem: string):
 }
 describe('credential-transport', () => {
+  afterEach(() => {
+    vi.restoreAllMocks();
+    delete process.env.AURA_AUTH_PROFILE;
+    delete process.env.AURA_AGENT_PROFILE;
+  });
   const { publicKey, privateKey } = generateKeyPairSync('rsa', {
     modulusLength: 2048,
     publicKeyEncoding: { type: 'spki', format: 'pem' },
@@ -188,7 +196,65 @@ describe('credential-transport', () => {
     fetchSpy.mockRestore();
   });
-it('createReadToken should fail when encryptedToken is missing', async () => {
+  it('bootstrapViaAuthRequest defaults to trust.localProfile when unset', async () => {
+    const keypair = generateEphemeralKeypair();
+    vi.spyOn(defaults, 'getDefault').mockImplementation(async (key: string) => {
+      if (key === 'trust.localProfile') return 'admin';
+      if (key === 'trust.localProfileVersion') return 'v1';
+      return null;
+    });
+    const fetchSpy = vi.spyOn(globalThis, 'fetch').mockResolvedValue(
+      new Response(JSON.stringify({
+        success: true,
+        requestId: 'req_123',
+        secret: 'secret_123',
+      }), {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      }),
+    );
+    const result = await bootstrapViaAuthRequest('https://wallet.local', 'cli-test-auth', keypair, {
+      noWait: true,
+    });
+    expect(result).toEqual({
+      requestId: 'req_123',
+      secret: 'secret_123',
+      approveUrl: undefined,
+    });
+    const call = fetchSpy.mock.calls[0]?.[1] as RequestInit;
+    const body = JSON.parse(String(call.body));
+    expect(body.profile).toBe('admin');
+    expect(body.profileVersion).toBe('v1');
+  });
+  it('bootstrapViaAuthRequest falls back to defaults.ts seeds when local trust defaults are empty', async () => {
+    const keypair = generateEphemeralKeypair();
+    vi.spyOn(defaults, 'getDefault').mockResolvedValue('');
+    const fetchSpy = vi.spyOn(globalThis, 'fetch').mockResolvedValue(
+      new Response(JSON.stringify({
+        success: true,
+        requestId: 'req_123',
+        secret: 'secret_123',
+      }), {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      }),
+    );
+    await bootstrapViaAuthRequest('https://wallet.local', 'cli-test-auth', keypair, {
+      noWait: true,
+    });
+    const call = fetchSpy.mock.calls[0]?.[1] as RequestInit;
+    const body = JSON.parse(String(call.body));
+    expect(body.profile).toBe('admin');
+    expect(body.profileVersion).toBe('v1');
+  });
+  it('createReadToken should fail when encryptedToken is missing', async () => {
     const keypair = generateEphemeralKeypair();
     const fetchSpy = vi.spyOn(globalThis, 'fetch').mockResolvedValue(
       new Response(JSON.stringify({ token: 'plaintext-token' }), {

package/src/server/tests/lib/defaults.test.ts CHANGED Viewed

@@ -26,9 +26,9 @@ describe('defaults helper', () => {
     expect(value).toBe(0);
   });
-  it('defaults local socket auto-approve to off', async () => {
+  it('defaults local socket auto-approve to on', async () => {
     const value = await getDefault('trust.localAutoApprove', true);
-    expect(value).toBe(false);
+    expect(value).toBe(true);
   });
   it('setDefault persists value and cache serves sync reads', async () => {

package/src/server/tests/lib/escalation-responder.test.ts CHANGED Viewed

@@ -214,8 +214,8 @@ describe('escalation hard-deny schema', () => {
 });
 describe('escalation profile resolver', () => {
-  it('uses strict when required permissions fit strict profile', () => {
-    expect(_testOnly.resolveEscalationProfile(['secret:read'])).toBe('strict');
+  it('uses dev when required permissions fit dev profile', () => {
+    expect(_testOnly.resolveEscalationProfile(['secret:read'])).toBe('dev');
   });
   it('uses dev when strict cannot satisfy but dev can', () => {

package/src/server/tests/setup.ts CHANGED Viewed

@@ -32,6 +32,7 @@ import strategyRoutes from '../routes/strategy';
 import actionsRoutes from '../routes/actions';
 import credentialAgentRoutes from '../routes/credential-agents';
 import credentialsRoutes from '../routes/credentials';
+import agentProfilesRoutes from '../routes/agent-profiles';
 import credentialSharesRoutes from '../routes/credential-shares';
 import importRoutes from '../routes/import';
 import adaptersRoutes from '../routes/adapters';
@@ -73,6 +74,7 @@ export function createTestApp() {
   app.use('/actions', actionsRoutes);
   app.use('/agents/credential', credentialAgentRoutes);
   app.use('/credentials', credentialsRoutes);
+  app.use('/agent-profiles', agentProfilesRoutes);
   app.use('/credential-shares', credentialSharesRoutes);
   app.use('/credentials/import', importRoutes);
   app.use('/adapters', adaptersRoutes);
@@ -165,6 +167,11 @@ export async function cleanDatabase() {
       }
     }
   }
+  const agentProfilesPath = path.join(DATA_PATHS.wallets, 'agent-profiles.json');
+  if (fs.existsSync(agentProfilesPath)) {
+    fs.unlinkSync(agentProfilesPath);
+  }
 }
 // Test constants