comisai 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (255) hide show
  1. package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +1 -0
  2. package/node_modules/@comis/agent/dist/session/comis-session-manager.js +9 -9
  3. package/node_modules/@comis/agent/package.json +1 -1
  4. package/node_modules/@comis/channels/package.json +1 -1
  5. package/node_modules/@comis/cli/package.json +1 -1
  6. package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +2 -0
  7. package/node_modules/@comis/core/package.json +1 -1
  8. package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +12 -1
  9. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +1 -0
  10. package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +1 -0
  11. package/node_modules/@comis/daemon/package.json +1 -1
  12. package/node_modules/@comis/gateway/package.json +1 -1
  13. package/node_modules/@comis/infra/package.json +1 -1
  14. package/node_modules/@comis/memory/package.json +1 -1
  15. package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +6 -0
  16. package/node_modules/@comis/scheduler/dist/cron/cron-types.js +2 -0
  17. package/node_modules/@comis/scheduler/package.json +1 -1
  18. package/node_modules/@comis/shared/package.json +1 -1
  19. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.d.ts +1 -1
  20. package/node_modules/@comis/skills/package.json +1 -1
  21. package/package.json +18 -18
  22. package/node_modules/@comis/core/dist/approval/approval-gate.test.d.ts +0 -1
  23. package/node_modules/@comis/core/dist/approval/approval-gate.test.js +0 -1003
  24. package/node_modules/@comis/core/dist/bootstrap.test.d.ts +0 -1
  25. package/node_modules/@comis/core/dist/bootstrap.test.js +0 -150
  26. package/node_modules/@comis/core/dist/config/backup.test.d.ts +0 -1
  27. package/node_modules/@comis/core/dist/config/backup.test.js +0 -160
  28. package/node_modules/@comis/core/dist/config/env-substitution.test.d.ts +0 -1
  29. package/node_modules/@comis/core/dist/config/env-substitution.test.js +0 -259
  30. package/node_modules/@comis/core/dist/config/field-metadata.test.d.ts +0 -1
  31. package/node_modules/@comis/core/dist/config/field-metadata.test.js +0 -72
  32. package/node_modules/@comis/core/dist/config/git-manager.test.d.ts +0 -1
  33. package/node_modules/@comis/core/dist/config/git-manager.test.js +0 -1042
  34. package/node_modules/@comis/core/dist/config/immutable-keys.test.d.ts +0 -1
  35. package/node_modules/@comis/core/dist/config/immutable-keys.test.js +0 -283
  36. package/node_modules/@comis/core/dist/config/include-resolver.test.d.ts +0 -1
  37. package/node_modules/@comis/core/dist/config/include-resolver.test.js +0 -292
  38. package/node_modules/@comis/core/dist/config/layered.test.d.ts +0 -1
  39. package/node_modules/@comis/core/dist/config/layered.test.js +0 -211
  40. package/node_modules/@comis/core/dist/config/loader.test.d.ts +0 -1
  41. package/node_modules/@comis/core/dist/config/loader.test.js +0 -300
  42. package/node_modules/@comis/core/dist/config/migrate.test.d.ts +0 -1
  43. package/node_modules/@comis/core/dist/config/migrate.test.js +0 -244
  44. package/node_modules/@comis/core/dist/config/partial-validator.test.d.ts +0 -1
  45. package/node_modules/@comis/core/dist/config/partial-validator.test.js +0 -98
  46. package/node_modules/@comis/core/dist/config/schema-agent-model.test.d.ts +0 -1
  47. package/node_modules/@comis/core/dist/config/schema-agent-model.test.js +0 -279
  48. package/node_modules/@comis/core/dist/config/schema-agent-session.test.d.ts +0 -1
  49. package/node_modules/@comis/core/dist/config/schema-agent-session.test.js +0 -242
  50. package/node_modules/@comis/core/dist/config/schema-agent.test.d.ts +0 -1
  51. package/node_modules/@comis/core/dist/config/schema-agent.test.js +0 -645
  52. package/node_modules/@comis/core/dist/config/schema-channel.test.d.ts +0 -1
  53. package/node_modules/@comis/core/dist/config/schema-channel.test.js +0 -341
  54. package/node_modules/@comis/core/dist/config/schema-coalescer.test.d.ts +0 -1
  55. package/node_modules/@comis/core/dist/config/schema-coalescer.test.js +0 -51
  56. package/node_modules/@comis/core/dist/config/schema-context-engine.test.d.ts +0 -1
  57. package/node_modules/@comis/core/dist/config/schema-context-engine.test.js +0 -797
  58. package/node_modules/@comis/core/dist/config/schema-context-guard.test.d.ts +0 -1
  59. package/node_modules/@comis/core/dist/config/schema-context-guard.test.js +0 -111
  60. package/node_modules/@comis/core/dist/config/schema-daemon.test.d.ts +0 -1
  61. package/node_modules/@comis/core/dist/config/schema-daemon.test.js +0 -107
  62. package/node_modules/@comis/core/dist/config/schema-delivery-timing.test.d.ts +0 -1
  63. package/node_modules/@comis/core/dist/config/schema-delivery-timing.test.js +0 -51
  64. package/node_modules/@comis/core/dist/config/schema-documentation.test.d.ts +0 -1
  65. package/node_modules/@comis/core/dist/config/schema-documentation.test.js +0 -63
  66. package/node_modules/@comis/core/dist/config/schema-gateway.test.d.ts +0 -1
  67. package/node_modules/@comis/core/dist/config/schema-gateway.test.js +0 -219
  68. package/node_modules/@comis/core/dist/config/schema-gemini-cache.test.d.ts +0 -1
  69. package/node_modules/@comis/core/dist/config/schema-gemini-cache.test.js +0 -41
  70. package/node_modules/@comis/core/dist/config/schema-integrations.test.d.ts +0 -1
  71. package/node_modules/@comis/core/dist/config/schema-integrations.test.js +0 -92
  72. package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.test.d.ts +0 -1
  73. package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.test.js +0 -61
  74. package/node_modules/@comis/core/dist/config/schema-misc.test.d.ts +0 -1
  75. package/node_modules/@comis/core/dist/config/schema-misc.test.js +0 -394
  76. package/node_modules/@comis/core/dist/config/schema-observability.test.d.ts +0 -1
  77. package/node_modules/@comis/core/dist/config/schema-observability.test.js +0 -76
  78. package/node_modules/@comis/core/dist/config/schema-providers.test.d.ts +0 -1
  79. package/node_modules/@comis/core/dist/config/schema-providers.test.js +0 -294
  80. package/node_modules/@comis/core/dist/config/schema-queue.test.d.ts +0 -1
  81. package/node_modules/@comis/core/dist/config/schema-queue.test.js +0 -234
  82. package/node_modules/@comis/core/dist/config/schema-response-prefix.test.d.ts +0 -1
  83. package/node_modules/@comis/core/dist/config/schema-response-prefix.test.js +0 -36
  84. package/node_modules/@comis/core/dist/config/schema-security.test.d.ts +0 -1
  85. package/node_modules/@comis/core/dist/config/schema-security.test.js +0 -54
  86. package/node_modules/@comis/core/dist/config/schema-sender-trust-display.test.d.ts +0 -1
  87. package/node_modules/@comis/core/dist/config/schema-sender-trust-display.test.js +0 -60
  88. package/node_modules/@comis/core/dist/config/schema-serializer.test.d.ts +0 -1
  89. package/node_modules/@comis/core/dist/config/schema-serializer.test.js +0 -73
  90. package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.test.d.ts +0 -1
  91. package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.test.js +0 -39
  92. package/node_modules/@comis/core/dist/context/context.test.d.ts +0 -1
  93. package/node_modules/@comis/core/dist/context/context.test.js +0 -276
  94. package/node_modules/@comis/core/dist/domain/agent-response.test.d.ts +0 -1
  95. package/node_modules/@comis/core/dist/domain/agent-response.test.js +0 -159
  96. package/node_modules/@comis/core/dist/domain/credential-mapping.test.d.ts +0 -1
  97. package/node_modules/@comis/core/dist/domain/credential-mapping.test.js +0 -135
  98. package/node_modules/@comis/core/dist/domain/delivery-origin.test.d.ts +0 -1
  99. package/node_modules/@comis/core/dist/domain/delivery-origin.test.js +0 -68
  100. package/node_modules/@comis/core/dist/domain/execution-graph.test.d.ts +0 -1
  101. package/node_modules/@comis/core/dist/domain/execution-graph.test.js +0 -441
  102. package/node_modules/@comis/core/dist/domain/memory-entry.test.d.ts +0 -1
  103. package/node_modules/@comis/core/dist/domain/memory-entry.test.js +0 -193
  104. package/node_modules/@comis/core/dist/domain/normalized-message.test.d.ts +0 -1
  105. package/node_modules/@comis/core/dist/domain/normalized-message.test.js +0 -255
  106. package/node_modules/@comis/core/dist/domain/session-key.test.d.ts +0 -1
  107. package/node_modules/@comis/core/dist/domain/session-key.test.js +0 -291
  108. package/node_modules/@comis/core/dist/domain/subagent-context-config.test.d.ts +0 -1
  109. package/node_modules/@comis/core/dist/domain/subagent-context-config.test.js +0 -131
  110. package/node_modules/@comis/core/dist/domain/subagent-context-types.test.d.ts +0 -1
  111. package/node_modules/@comis/core/dist/domain/subagent-context-types.test.js +0 -182
  112. package/node_modules/@comis/core/dist/event-bus/bus.test.d.ts +0 -1
  113. package/node_modules/@comis/core/dist/event-bus/bus.test.js +0 -152
  114. package/node_modules/@comis/core/dist/event-bus/events-agent.test.d.ts +0 -1
  115. package/node_modules/@comis/core/dist/event-bus/events-agent.test.js +0 -409
  116. package/node_modules/@comis/core/dist/event-bus/events-channel.test.d.ts +0 -1
  117. package/node_modules/@comis/core/dist/event-bus/events-channel.test.js +0 -240
  118. package/node_modules/@comis/core/dist/event-bus/events-infra.test.d.ts +0 -1
  119. package/node_modules/@comis/core/dist/event-bus/events-infra.test.js +0 -416
  120. package/node_modules/@comis/core/dist/event-bus/events-messaging.test.d.ts +0 -1
  121. package/node_modules/@comis/core/dist/event-bus/events-messaging.test.js +0 -433
  122. package/node_modules/@comis/core/dist/event-bus/events.test.d.ts +0 -1
  123. package/node_modules/@comis/core/dist/event-bus/events.test.js +0 -93
  124. package/node_modules/@comis/core/dist/hooks/hook-runner-global.test.d.ts +0 -1
  125. package/node_modules/@comis/core/dist/hooks/hook-runner-global.test.js +0 -29
  126. package/node_modules/@comis/core/dist/hooks/hook-runner.test.d.ts +0 -1
  127. package/node_modules/@comis/core/dist/hooks/hook-runner.test.js +0 -490
  128. package/node_modules/@comis/core/dist/hooks/hook-strategies.test.d.ts +0 -1
  129. package/node_modules/@comis/core/dist/hooks/hook-strategies.test.js +0 -209
  130. package/node_modules/@comis/core/dist/hooks/integration.test.d.ts +0 -1
  131. package/node_modules/@comis/core/dist/hooks/integration.test.js +0 -235
  132. package/node_modules/@comis/core/dist/hooks/plugin-registry.test.d.ts +0 -1
  133. package/node_modules/@comis/core/dist/hooks/plugin-registry.test.js +0 -470
  134. package/node_modules/@comis/core/dist/load-env.test.d.ts +0 -1
  135. package/node_modules/@comis/core/dist/load-env.test.js +0 -21
  136. package/node_modules/@comis/core/dist/security/action-classifier.test.d.ts +0 -1
  137. package/node_modules/@comis/core/dist/security/action-classifier.test.js +0 -298
  138. package/node_modules/@comis/core/dist/security/audit-aggregator.test.d.ts +0 -1
  139. package/node_modules/@comis/core/dist/security/audit-aggregator.test.js +0 -128
  140. package/node_modules/@comis/core/dist/security/audit.test.d.ts +0 -1
  141. package/node_modules/@comis/core/dist/security/audit.test.js +0 -154
  142. package/node_modules/@comis/core/dist/security/canary-token.test.d.ts +0 -1
  143. package/node_modules/@comis/core/dist/security/canary-token.test.js +0 -45
  144. package/node_modules/@comis/core/dist/security/config-redaction.test.d.ts +0 -1
  145. package/node_modules/@comis/core/dist/security/config-redaction.test.js +0 -107
  146. package/node_modules/@comis/core/dist/security/external-content.test.d.ts +0 -1
  147. package/node_modules/@comis/core/dist/security/external-content.test.js +0 -210
  148. package/node_modules/@comis/core/dist/security/injection-patterns.test.d.ts +0 -1
  149. package/node_modules/@comis/core/dist/security/injection-patterns.test.js +0 -213
  150. package/node_modules/@comis/core/dist/security/injection-rate-limiter.test.d.ts +0 -1
  151. package/node_modules/@comis/core/dist/security/injection-rate-limiter.test.js +0 -194
  152. package/node_modules/@comis/core/dist/security/input-guard.test.d.ts +0 -1
  153. package/node_modules/@comis/core/dist/security/input-guard.test.js +0 -215
  154. package/node_modules/@comis/core/dist/security/input-security-guard.test.d.ts +0 -1
  155. package/node_modules/@comis/core/dist/security/input-security-guard.test.js +0 -215
  156. package/node_modules/@comis/core/dist/security/input-validator.test.d.ts +0 -1
  157. package/node_modules/@comis/core/dist/security/input-validator.test.js +0 -133
  158. package/node_modules/@comis/core/dist/security/log-sanitizer.test.d.ts +0 -1
  159. package/node_modules/@comis/core/dist/security/log-sanitizer.test.js +0 -260
  160. package/node_modules/@comis/core/dist/security/memory-write-validator.test.d.ts +0 -1
  161. package/node_modules/@comis/core/dist/security/memory-write-validator.test.js +0 -62
  162. package/node_modules/@comis/core/dist/security/output-guard.test.d.ts +0 -1
  163. package/node_modules/@comis/core/dist/security/output-guard.test.js +0 -397
  164. package/node_modules/@comis/core/dist/security/safe-path.test.d.ts +0 -1
  165. package/node_modules/@comis/core/dist/security/safe-path.test.js +0 -95
  166. package/node_modules/@comis/core/dist/security/scoped-secret-manager.test.d.ts +0 -1
  167. package/node_modules/@comis/core/dist/security/scoped-secret-manager.test.js +0 -231
  168. package/node_modules/@comis/core/dist/security/secret-access.test.d.ts +0 -1
  169. package/node_modules/@comis/core/dist/security/secret-access.test.js +0 -41
  170. package/node_modules/@comis/core/dist/security/secret-crypto.test.d.ts +0 -1
  171. package/node_modules/@comis/core/dist/security/secret-crypto.test.js +0 -113
  172. package/node_modules/@comis/core/dist/security/secret-manager.test.d.ts +0 -1
  173. package/node_modules/@comis/core/dist/security/secret-manager.test.js +0 -394
  174. package/node_modules/@comis/core/dist/security/secret-ref-resolver.test.d.ts +0 -1
  175. package/node_modules/@comis/core/dist/security/secret-ref-resolver.test.js +0 -268
  176. package/node_modules/@comis/core/dist/security/secrets-audit.test.d.ts +0 -10
  177. package/node_modules/@comis/core/dist/security/secrets-audit.test.js +0 -295
  178. package/node_modules/@comis/core/dist/security/ssrf-guard.test.d.ts +0 -1
  179. package/node_modules/@comis/core/dist/security/ssrf-guard.test.js +0 -127
  180. package/node_modules/@comis/core/dist/security/token-generator.test.d.ts +0 -1
  181. package/node_modules/@comis/core/dist/security/token-generator.test.js +0 -35
  182. package/node_modules/@comis/core/dist/tool-metadata.test.d.ts +0 -1
  183. package/node_modules/@comis/core/dist/tool-metadata.test.js +0 -112
  184. package/node_modules/@comis/memory/dist/compaction.test.d.ts +0 -1
  185. package/node_modules/@comis/memory/dist/compaction.test.js +0 -298
  186. package/node_modules/@comis/memory/dist/context-schema.test.d.ts +0 -1
  187. package/node_modules/@comis/memory/dist/context-schema.test.js +0 -246
  188. package/node_modules/@comis/memory/dist/context-store.test.d.ts +0 -1
  189. package/node_modules/@comis/memory/dist/context-store.test.js +0 -708
  190. package/node_modules/@comis/memory/dist/credential-mapping-schema.test.d.ts +0 -7
  191. package/node_modules/@comis/memory/dist/credential-mapping-schema.test.js +0 -73
  192. package/node_modules/@comis/memory/dist/credential-mapping-store.test.d.ts +0 -8
  193. package/node_modules/@comis/memory/dist/credential-mapping-store.test.js +0 -340
  194. package/node_modules/@comis/memory/dist/delivery-mirror-adapter.test.d.ts +0 -1
  195. package/node_modules/@comis/memory/dist/delivery-mirror-adapter.test.js +0 -165
  196. package/node_modules/@comis/memory/dist/delivery-queue-adapter.test.d.ts +0 -1
  197. package/node_modules/@comis/memory/dist/delivery-queue-adapter.test.js +0 -263
  198. package/node_modules/@comis/memory/dist/embedding-batch-indexer.test.d.ts +0 -1
  199. package/node_modules/@comis/memory/dist/embedding-batch-indexer.test.js +0 -202
  200. package/node_modules/@comis/memory/dist/embedding-cache-lru.test.d.ts +0 -1
  201. package/node_modules/@comis/memory/dist/embedding-cache-lru.test.js +0 -241
  202. package/node_modules/@comis/memory/dist/embedding-cache-sqlite.test.d.ts +0 -8
  203. package/node_modules/@comis/memory/dist/embedding-cache-sqlite.test.js +0 -678
  204. package/node_modules/@comis/memory/dist/embedding-cache.test.d.ts +0 -1
  205. package/node_modules/@comis/memory/dist/embedding-cache.test.js +0 -213
  206. package/node_modules/@comis/memory/dist/embedding-fingerprint.test.d.ts +0 -1
  207. package/node_modules/@comis/memory/dist/embedding-fingerprint.test.js +0 -87
  208. package/node_modules/@comis/memory/dist/embedding-hash.test.d.ts +0 -1
  209. package/node_modules/@comis/memory/dist/embedding-hash.test.js +0 -31
  210. package/node_modules/@comis/memory/dist/embedding-integration.test.d.ts +0 -8
  211. package/node_modules/@comis/memory/dist/embedding-integration.test.js +0 -232
  212. package/node_modules/@comis/memory/dist/embedding-provider-factory.test.d.ts +0 -1
  213. package/node_modules/@comis/memory/dist/embedding-provider-factory.test.js +0 -176
  214. package/node_modules/@comis/memory/dist/embedding-provider-local.test.d.ts +0 -8
  215. package/node_modules/@comis/memory/dist/embedding-provider-local.test.js +0 -76
  216. package/node_modules/@comis/memory/dist/embedding-provider-openai.test.d.ts +0 -8
  217. package/node_modules/@comis/memory/dist/embedding-provider-openai.test.js +0 -100
  218. package/node_modules/@comis/memory/dist/embedding-queue.test.d.ts +0 -1
  219. package/node_modules/@comis/memory/dist/embedding-queue.test.js +0 -236
  220. package/node_modules/@comis/memory/dist/hybrid-search.test.d.ts +0 -1
  221. package/node_modules/@comis/memory/dist/hybrid-search.test.js +0 -476
  222. package/node_modules/@comis/memory/dist/identity-link-store.test.d.ts +0 -1
  223. package/node_modules/@comis/memory/dist/identity-link-store.test.js +0 -88
  224. package/node_modules/@comis/memory/dist/memory-api.test.d.ts +0 -1
  225. package/node_modules/@comis/memory/dist/memory-api.test.js +0 -495
  226. package/node_modules/@comis/memory/dist/memory-concurrency.test.d.ts +0 -20
  227. package/node_modules/@comis/memory/dist/memory-concurrency.test.js +0 -222
  228. package/node_modules/@comis/memory/dist/named-graph-store.test.d.ts +0 -1
  229. package/node_modules/@comis/memory/dist/named-graph-store.test.js +0 -227
  230. package/node_modules/@comis/memory/dist/observability-store.test.d.ts +0 -1
  231. package/node_modules/@comis/memory/dist/observability-store.test.js +0 -704
  232. package/node_modules/@comis/memory/dist/row-mapper.test.d.ts +0 -1
  233. package/node_modules/@comis/memory/dist/row-mapper.test.js +0 -409
  234. package/node_modules/@comis/memory/dist/schema.test.d.ts +0 -1
  235. package/node_modules/@comis/memory/dist/schema.test.js +0 -240
  236. package/node_modules/@comis/memory/dist/secret-store-schema.test.d.ts +0 -7
  237. package/node_modules/@comis/memory/dist/secret-store-schema.test.js +0 -90
  238. package/node_modules/@comis/memory/dist/session-store.test.d.ts +0 -1
  239. package/node_modules/@comis/memory/dist/session-store.test.js +0 -262
  240. package/node_modules/@comis/memory/dist/setup-secrets.test.d.ts +0 -1
  241. package/node_modules/@comis/memory/dist/setup-secrets.test.js +0 -140
  242. package/node_modules/@comis/memory/dist/sqlite-memory-adapter.test.d.ts +0 -1
  243. package/node_modules/@comis/memory/dist/sqlite-memory-adapter.test.js +0 -888
  244. package/node_modules/@comis/memory/dist/sqlite-secret-store.test.d.ts +0 -8
  245. package/node_modules/@comis/memory/dist/sqlite-secret-store.test.js +0 -245
  246. package/node_modules/@comis/shared/dist/abort.test.d.ts +0 -1
  247. package/node_modules/@comis/shared/dist/abort.test.js +0 -71
  248. package/node_modules/@comis/shared/dist/result.test.d.ts +0 -1
  249. package/node_modules/@comis/shared/dist/result.test.js +0 -178
  250. package/node_modules/@comis/shared/dist/suppress-error.test.d.ts +0 -1
  251. package/node_modules/@comis/shared/dist/suppress-error.test.js +0 -50
  252. package/node_modules/@comis/shared/dist/timeout.test.d.ts +0 -1
  253. package/node_modules/@comis/shared/dist/timeout.test.js +0 -75
  254. package/node_modules/@comis/shared/dist/ttl-cache.test.d.ts +0 -1
  255. package/node_modules/@comis/shared/dist/ttl-cache.test.js +0 -81
@@ -1,394 +0,0 @@
1
- import { describe, it, expect, beforeEach } from "vitest";
2
- import { createSecretManager, envSubset, createScopedSecretManager } from "./secret-manager.js";
3
- import { TypedEventBus } from "../event-bus/index.js";
4
- describe("SecretManager", () => {
5
- const testEnv = {
6
- TEST_KEY: "test-value",
7
- API_TOKEN: "secret-token-123",
8
- EMPTY_KEY: "",
9
- UNDEF_KEY: undefined,
10
- };
11
- function makeManager() {
12
- return createSecretManager(testEnv);
13
- }
14
- describe("get()", () => {
15
- it("returns value when key exists", () => {
16
- const manager = makeManager();
17
- expect(manager.get("TEST_KEY")).toBe("test-value");
18
- });
19
- it("returns undefined when key does not exist", () => {
20
- const manager = makeManager();
21
- expect(manager.get("NONEXISTENT")).toBeUndefined();
22
- });
23
- it("treats undefined values as non-existent", () => {
24
- const manager = makeManager();
25
- expect(manager.get("UNDEF_KEY")).toBeUndefined();
26
- });
27
- });
28
- describe("has()", () => {
29
- it("returns true when key exists", () => {
30
- const manager = makeManager();
31
- expect(manager.has("TEST_KEY")).toBe(true);
32
- });
33
- it("returns false when key does not exist", () => {
34
- const manager = makeManager();
35
- expect(manager.has("NONEXISTENT")).toBe(false);
36
- });
37
- it("returns false for keys with undefined values", () => {
38
- const manager = makeManager();
39
- expect(manager.has("UNDEF_KEY")).toBe(false);
40
- });
41
- });
42
- describe("require()", () => {
43
- it("returns value when key exists", () => {
44
- const manager = makeManager();
45
- expect(manager.require("TEST_KEY")).toBe("test-value");
46
- });
47
- it("throws with key name in message when key does not exist", () => {
48
- const manager = makeManager();
49
- expect(() => manager.require("NONEXISTENT")).toThrow("NONEXISTENT");
50
- });
51
- it("SHR-01: error message does NOT enumerate available key names", () => {
52
- const manager = createSecretManager({ A: "val-a", B: "val-b" });
53
- try {
54
- manager.require("MISSING");
55
- expect.fail("should have thrown");
56
- }
57
- catch (e) {
58
- const msg = e.message;
59
- // Must mention the missing key
60
- expect(msg).toContain("MISSING");
61
- // Must NOT list other keys
62
- expect(msg).not.toContain("Available keys");
63
- expect(msg).not.toContain('"A"');
64
- expect(msg).not.toContain('"B"');
65
- expect(msg).not.toContain("A, B");
66
- expect(msg).not.toContain("B, A");
67
- // Should contain the new help text
68
- expect(msg).toContain("Check that this key is defined");
69
- }
70
- });
71
- it("LOG-06: require() error does not leak other key names or values", () => {
72
- const mgr = createSecretManager({
73
- KEY_A: "secret-val-1",
74
- KEY_B: "secret-val-2",
75
- OPENAI_API_KEY: "sk-realkey",
76
- });
77
- expect(() => mgr.require("MISSING")).toThrowError(/Required secret "MISSING"/);
78
- try {
79
- mgr.require("MISSING");
80
- }
81
- catch (e) {
82
- const msg = e.message;
83
- expect(msg).not.toContain("KEY_A");
84
- expect(msg).not.toContain("KEY_B");
85
- expect(msg).not.toContain("OPENAI_API_KEY");
86
- expect(msg).not.toContain("secret-val-1");
87
- expect(msg).not.toContain("sk-realkey");
88
- }
89
- });
90
- });
91
- describe("no credential enumeration", () => {
92
- it("does not expose .env property", () => {
93
- const manager = makeManager();
94
- expect(manager["env"]).toBeUndefined();
95
- });
96
- it("does not expose .getAll() method", () => {
97
- const manager = makeManager();
98
- expect(manager["getAll"]).toBeUndefined();
99
- });
100
- });
101
- describe("createSecretManager() with env overrides", () => {
102
- it("accepts a controlled record of env vars", () => {
103
- const manager = createSecretManager({ CUSTOM_KEY: "custom-value" });
104
- expect(manager.get("CUSTOM_KEY")).toBe("custom-value");
105
- });
106
- });
107
- describe("defensive copy", () => {
108
- it("modifying original env after creation does not affect manager", () => {
109
- const env = {
110
- MUTABLE_KEY: "original",
111
- };
112
- const manager = createSecretManager(env);
113
- // Mutate the original object
114
- env["MUTABLE_KEY"] = "mutated";
115
- env["NEW_KEY"] = "new-value";
116
- expect(manager.get("MUTABLE_KEY")).toBe("original");
117
- expect(manager.get("NEW_KEY")).toBeUndefined();
118
- });
119
- });
120
- describe("keys()", () => {
121
- it("returns available key names", () => {
122
- const manager = makeManager();
123
- const keys = manager.keys();
124
- expect(keys).toContain("TEST_KEY");
125
- expect(keys).toContain("API_TOKEN");
126
- expect(keys).toContain("EMPTY_KEY");
127
- // UNDEF_KEY should not be in keys since its value is undefined
128
- expect(keys).not.toContain("UNDEF_KEY");
129
- });
130
- it("returns a defensive copy of keys array", () => {
131
- const manager = makeManager();
132
- const keys1 = manager.keys();
133
- const keys2 = manager.keys();
134
- expect(keys1).toEqual(keys2);
135
- expect(keys1).not.toBe(keys2); // Different array instances
136
- });
137
- });
138
- });
139
- describe("envSubset()", () => {
140
- it("SHR-05: returns only requested keys from manager", () => {
141
- const manager = createSecretManager({
142
- A: "1",
143
- B: "2",
144
- C: "3",
145
- D: "4",
146
- E: "5",
147
- });
148
- const subset = envSubset(manager, ["A", "C"]);
149
- expect(subset).toEqual({ A: "1", C: "3" });
150
- expect(Object.keys(subset)).toHaveLength(2);
151
- });
152
- it("SHR-05: returns empty for non-existent keys", () => {
153
- const manager = createSecretManager({ A: "1" });
154
- const subset = envSubset(manager, ["MISSING_1", "MISSING_2"]);
155
- expect(subset).toEqual({});
156
- });
157
- it("SHR-05: returns a plain object, not a Map", () => {
158
- const manager = createSecretManager({ X: "val" });
159
- const subset = envSubset(manager, ["X"]);
160
- expect(subset).toBeTypeOf("object");
161
- expect(subset).not.toBeInstanceOf(Map);
162
- expect(subset.X).toBe("val");
163
- });
164
- });
165
- // ---------------------------------------------------------------------------
166
- // ScopedSecretManager tests (merged from scoped-secret-manager.test.ts)
167
- // ---------------------------------------------------------------------------
168
- describe("ScopedSecretManager", () => {
169
- const baseSecrets = {
170
- OPENAI_API_KEY: "sk-test",
171
- ANTHROPIC_API_KEY: "ak-test",
172
- STRIPE_KEY: "sk_live_test",
173
- UNRELATED: "value",
174
- };
175
- let base;
176
- let bus;
177
- let events;
178
- beforeEach(() => {
179
- base = createSecretManager(baseSecrets);
180
- bus = new TypedEventBus();
181
- events = [];
182
- bus.on("secret:accessed", (e) => events.push(e));
183
- });
184
- it("get() delegates to base when pattern matches", () => {
185
- const scoped = createScopedSecretManager(base, {
186
- agentId: "agent-1",
187
- allowPatterns: ["openai_*"],
188
- eventBus: bus,
189
- });
190
- const value = scoped.get("OPENAI_API_KEY");
191
- expect(value).toBe("sk-test");
192
- expect(events).toHaveLength(1);
193
- expect(events[0].outcome).toBe("success");
194
- });
195
- it("get() returns undefined when pattern denies", () => {
196
- const scoped = createScopedSecretManager(base, {
197
- agentId: "agent-1",
198
- allowPatterns: ["openai_*"],
199
- eventBus: bus,
200
- });
201
- const value = scoped.get("STRIPE_KEY");
202
- expect(value).toBeUndefined();
203
- expect(events).toHaveLength(1);
204
- expect(events[0].outcome).toBe("denied");
205
- });
206
- it("get() emits not_found when base has no value", () => {
207
- const scoped = createScopedSecretManager(base, {
208
- agentId: "agent-1",
209
- allowPatterns: ["openai_*"],
210
- eventBus: bus,
211
- });
212
- const value = scoped.get("OPENAI_OTHER");
213
- expect(value).toBeUndefined();
214
- expect(events).toHaveLength(1);
215
- expect(events[0].outcome).toBe("not_found");
216
- });
217
- it("has() returns false when pattern denies", () => {
218
- const scoped = createScopedSecretManager(base, {
219
- agentId: "agent-1",
220
- allowPatterns: ["openai_*"],
221
- eventBus: bus,
222
- });
223
- const result = scoped.has("STRIPE_KEY");
224
- expect(result).toBe(false);
225
- expect(events).toHaveLength(1);
226
- expect(events[0].outcome).toBe("denied");
227
- });
228
- it("has() delegates when pattern allows", () => {
229
- const scoped = createScopedSecretManager(base, {
230
- agentId: "agent-1",
231
- allowPatterns: ["openai_*"],
232
- eventBus: bus,
233
- });
234
- const result = scoped.has("OPENAI_API_KEY");
235
- expect(result).toBe(true);
236
- expect(events).toHaveLength(1);
237
- expect(events[0].outcome).toBe("success");
238
- });
239
- it("require() throws when pattern denies", () => {
240
- const scoped = createScopedSecretManager(base, {
241
- agentId: "agent-1",
242
- allowPatterns: ["openai_*"],
243
- eventBus: bus,
244
- });
245
- expect(() => scoped.require("STRIPE_KEY")).toThrow("not allowed");
246
- expect(events).toHaveLength(1);
247
- expect(events[0].outcome).toBe("denied");
248
- });
249
- it("require() throws when key not found in base", () => {
250
- const scoped = createScopedSecretManager(base, {
251
- agentId: "agent-1",
252
- allowPatterns: ["openai_*"],
253
- eventBus: bus,
254
- });
255
- expect(() => scoped.require("OPENAI_MISSING")).toThrow("not set");
256
- expect(events).toHaveLength(1);
257
- expect(events[0].outcome).toBe("not_found");
258
- });
259
- it("require() returns value when allowed and exists", () => {
260
- const scoped = createScopedSecretManager(base, {
261
- agentId: "agent-1",
262
- allowPatterns: ["openai_*"],
263
- eventBus: bus,
264
- });
265
- const value = scoped.require("OPENAI_API_KEY");
266
- expect(value).toBe("sk-test");
267
- expect(events).toHaveLength(1);
268
- expect(events[0].outcome).toBe("success");
269
- });
270
- it("keys() filters by allow patterns", () => {
271
- const scoped = createScopedSecretManager(base, {
272
- agentId: "agent-1",
273
- allowPatterns: ["openai_*", "anthropic_*"],
274
- eventBus: bus,
275
- });
276
- const keys = scoped.keys();
277
- expect(keys).toEqual(["OPENAI_API_KEY", "ANTHROPIC_API_KEY"]);
278
- // keys() is a listing operation — no events emitted
279
- expect(events).toHaveLength(0);
280
- });
281
- it("empty allow patterns = unrestricted access", () => {
282
- const scoped = createScopedSecretManager(base, {
283
- agentId: "agent-1",
284
- allowPatterns: [],
285
- eventBus: bus,
286
- });
287
- expect(scoped.get("OPENAI_API_KEY")).toBe("sk-test");
288
- expect(scoped.get("STRIPE_KEY")).toBe("sk_live_test");
289
- expect(scoped.has("UNRELATED")).toBe(true);
290
- expect(scoped.require("ANTHROPIC_API_KEY")).toBe("ak-test");
291
- expect(scoped.keys()).toEqual(expect.arrayContaining([
292
- "OPENAI_API_KEY",
293
- "ANTHROPIC_API_KEY",
294
- "STRIPE_KEY",
295
- "UNRELATED",
296
- ]));
297
- // All access events should be "success"
298
- expect(events.every((e) => e.outcome === "success")).toBe(true);
299
- });
300
- it("works without eventBus (no audit events)", () => {
301
- const scoped = createScopedSecretManager(base, {
302
- agentId: "agent-1",
303
- allowPatterns: ["openai_*"],
304
- // eventBus intentionally omitted
305
- });
306
- // All methods should work without crashing
307
- expect(scoped.get("OPENAI_API_KEY")).toBe("sk-test");
308
- expect(scoped.get("STRIPE_KEY")).toBeUndefined();
309
- expect(scoped.has("OPENAI_API_KEY")).toBe(true);
310
- expect(scoped.has("STRIPE_KEY")).toBe(false);
311
- expect(scoped.require("OPENAI_API_KEY")).toBe("sk-test");
312
- expect(() => scoped.require("STRIPE_KEY")).toThrow("not allowed");
313
- expect(scoped.keys()).toEqual(["OPENAI_API_KEY"]);
314
- // No events emitted to the bus we set up separately
315
- expect(events).toHaveLength(0);
316
- });
317
- it("event payload includes agentId and timestamp", () => {
318
- const scoped = createScopedSecretManager(base, {
319
- agentId: "agent-audit-test",
320
- allowPatterns: ["openai_*"],
321
- eventBus: bus,
322
- });
323
- scoped.get("OPENAI_API_KEY");
324
- expect(events).toHaveLength(1);
325
- const event = events[0];
326
- expect(event.agentId).toBe("agent-audit-test");
327
- expect(event.secretName).toBe("OPENAI_API_KEY");
328
- expect(event.outcome).toBe("success");
329
- expect(typeof event.timestamp).toBe("number");
330
- expect(event.timestamp).toBeGreaterThan(0);
331
- });
332
- });
333
- describe("security:warn for unrestricted access (CORE-02)", () => {
334
- const baseSecrets = {
335
- OPENAI_API_KEY: "sk-test",
336
- ANTHROPIC_API_KEY: "ak-test",
337
- };
338
- it("emits security:warn on first access when allowPatterns is empty", () => {
339
- const base = createSecretManager(baseSecrets);
340
- const bus = new TypedEventBus();
341
- const warnEvents = [];
342
- bus.on("security:warn", (e) => warnEvents.push(e));
343
- const scoped = createScopedSecretManager(base, {
344
- agentId: "agent-unrestricted",
345
- allowPatterns: [],
346
- eventBus: bus,
347
- });
348
- scoped.get("OPENAI_API_KEY");
349
- expect(warnEvents).toHaveLength(1);
350
- expect(warnEvents[0].category).toBe("secret_access");
351
- expect(warnEvents[0].agentId).toBe("agent-unrestricted");
352
- expect(warnEvents[0].message).toContain("secrets.allow");
353
- expect(warnEvents[0].message).toContain("agent-unrestricted");
354
- expect(typeof warnEvents[0].timestamp).toBe("number");
355
- });
356
- it("emits security:warn only once (subsequent accesses do not re-emit)", () => {
357
- const base = createSecretManager(baseSecrets);
358
- const bus = new TypedEventBus();
359
- const warnEvents = [];
360
- bus.on("security:warn", (e) => warnEvents.push(e));
361
- const scoped = createScopedSecretManager(base, {
362
- agentId: "agent-once",
363
- allowPatterns: [],
364
- eventBus: bus,
365
- });
366
- scoped.get("OPENAI_API_KEY");
367
- scoped.has("ANTHROPIC_API_KEY");
368
- scoped.require("OPENAI_API_KEY");
369
- expect(warnEvents).toHaveLength(1);
370
- });
371
- it("does NOT emit security:warn when allowPatterns is non-empty", () => {
372
- const base = createSecretManager(baseSecrets);
373
- const bus = new TypedEventBus();
374
- const warnEvents = [];
375
- bus.on("security:warn", (e) => warnEvents.push(e));
376
- const scoped = createScopedSecretManager(base, {
377
- agentId: "agent-restricted",
378
- allowPatterns: ["OPENAI_*"],
379
- eventBus: bus,
380
- });
381
- scoped.get("OPENAI_API_KEY");
382
- expect(warnEvents).toHaveLength(0);
383
- });
384
- it("does NOT emit security:warn when no eventBus is provided", () => {
385
- const base = createSecretManager(baseSecrets);
386
- const scoped = createScopedSecretManager(base, {
387
- agentId: "agent-no-bus",
388
- allowPatterns: [],
389
- // eventBus intentionally omitted
390
- });
391
- // Should not throw
392
- expect(() => scoped.get("OPENAI_API_KEY")).not.toThrow();
393
- });
394
- });
@@ -1,268 +0,0 @@
1
- import { describe, it, expect, vi } from "vitest";
2
- import { createSecretManager } from "./secret-manager.js";
3
- import { resolveSecretRef, resolveConfigSecretRefs } from "./secret-ref-resolver.js";
4
- // ---------------------------------------------------------------------------
5
- // Helpers
6
- // ---------------------------------------------------------------------------
7
- function makeDeps(env = {}, overrides = {}) {
8
- return {
9
- secretManager: createSecretManager(env),
10
- ...overrides,
11
- };
12
- }
13
- // ---------------------------------------------------------------------------
14
- // resolveSecretRef — env source
15
- // ---------------------------------------------------------------------------
16
- describe("resolveSecretRef — env source", () => {
17
- it("resolves a known env key", () => {
18
- const deps = makeDeps({ TELEGRAM_BOT_TOKEN: "my-secret-token" });
19
- const ref = { source: "env", provider: "telegram", id: "TELEGRAM_BOT_TOKEN" };
20
- const result = resolveSecretRef(ref, deps);
21
- expect(result.ok).toBe(true);
22
- if (result.ok)
23
- expect(result.value).toBe("my-secret-token");
24
- });
25
- it("returns error for unknown env key", () => {
26
- const deps = makeDeps({});
27
- const ref = { source: "env", provider: "telegram", id: "MISSING_KEY" };
28
- const result = resolveSecretRef(ref, deps);
29
- expect(result.ok).toBe(false);
30
- if (!result.ok)
31
- expect(result.error.message).toContain("not found in SecretManager");
32
- });
33
- });
34
- // ---------------------------------------------------------------------------
35
- // resolveSecretRef — file source
36
- // ---------------------------------------------------------------------------
37
- describe("resolveSecretRef — file source", () => {
38
- it("reads a single-value file and trims whitespace", () => {
39
- const deps = makeDeps({}, {
40
- statSync: () => ({ isFile: () => true, isSymbolicLink: () => false, size: 20, mode: 0o600 }),
41
- readFileSync: () => " secret-from-file \n",
42
- });
43
- const ref = { source: "file", provider: "vault", id: "/secrets/api.key" };
44
- const result = resolveSecretRef(ref, deps);
45
- expect(result.ok).toBe(true);
46
- if (result.ok)
47
- expect(result.value).toBe("secret-from-file");
48
- });
49
- it("extracts value via JSON Pointer from JSON file", () => {
50
- const jsonContent = JSON.stringify({
51
- data: { apiKey: "extracted-key", other: "ignored" },
52
- });
53
- const deps = makeDeps({}, {
54
- statSync: () => ({ isFile: () => true, isSymbolicLink: () => false, size: 100, mode: 0o600 }),
55
- readFileSync: () => jsonContent,
56
- });
57
- const ref = {
58
- source: "file",
59
- provider: "vault#/data/apiKey",
60
- id: "/secrets/vault-response.json",
61
- };
62
- const result = resolveSecretRef(ref, deps);
63
- expect(result.ok).toBe(true);
64
- if (result.ok)
65
- expect(result.value).toBe("extracted-key");
66
- });
67
- it("rejects relative paths", () => {
68
- const deps = makeDeps();
69
- const ref = { source: "file", provider: "vault", id: "relative/path.key" };
70
- const result = resolveSecretRef(ref, deps);
71
- expect(result.ok).toBe(false);
72
- if (!result.ok)
73
- expect(result.error.message).toContain("absolute path");
74
- });
75
- it("rejects paths with traversal segments", () => {
76
- const deps = makeDeps();
77
- const ref = { source: "file", provider: "vault", id: "/secrets/../etc/passwd" };
78
- const result = resolveSecretRef(ref, deps);
79
- expect(result.ok).toBe(false);
80
- if (!result.ok)
81
- expect(result.error.message).toContain("traversal");
82
- });
83
- it("rejects files exceeding size limit", () => {
84
- const deps = makeDeps({}, {
85
- statSync: () => ({ isFile: () => true, isSymbolicLink: () => false, size: 2_000_000, mode: 0o600 }),
86
- });
87
- const ref = { source: "file", provider: "vault", id: "/secrets/big.key" };
88
- const result = resolveSecretRef(ref, deps);
89
- expect(result.ok).toBe(false);
90
- if (!result.ok)
91
- expect(result.error.message).toContain("exceeds size limit");
92
- });
93
- it("returns error for nonexistent file", () => {
94
- const deps = makeDeps({}, {
95
- statSync: () => { throw new Error("ENOENT"); },
96
- });
97
- const ref = { source: "file", provider: "vault", id: "/secrets/missing.key" };
98
- const result = resolveSecretRef(ref, deps);
99
- expect(result.ok).toBe(false);
100
- if (!result.ok)
101
- expect(result.error.message).toContain("not found");
102
- });
103
- it("rejects non-file (directory)", () => {
104
- const deps = makeDeps({}, {
105
- statSync: () => ({ isFile: () => false, isSymbolicLink: () => false, size: 0, mode: 0o755 }),
106
- });
107
- const ref = { source: "file", provider: "vault", id: "/secrets" };
108
- const result = resolveSecretRef(ref, deps);
109
- expect(result.ok).toBe(false);
110
- if (!result.ok)
111
- expect(result.error.message).toContain("not a regular file");
112
- });
113
- it("returns error when JSON Pointer target is not a string", () => {
114
- const jsonContent = JSON.stringify({ data: { nested: { value: 42 } } });
115
- const deps = makeDeps({}, {
116
- statSync: () => ({ isFile: () => true, isSymbolicLink: () => false, size: 50, mode: 0o600 }),
117
- readFileSync: () => jsonContent,
118
- });
119
- const ref = {
120
- source: "file",
121
- provider: "vault#/data/nested",
122
- id: "/secrets/vault.json",
123
- };
124
- const result = resolveSecretRef(ref, deps);
125
- expect(result.ok).toBe(false);
126
- if (!result.ok)
127
- expect(result.error.message).toContain("expected string");
128
- });
129
- });
130
- // ---------------------------------------------------------------------------
131
- // resolveSecretRef — exec source
132
- // ---------------------------------------------------------------------------
133
- describe("resolveSecretRef — exec source", () => {
134
- it("resolves value from valid JSON RPC response", () => {
135
- const mockExecFileSync = vi.fn().mockReturnValue(JSON.stringify({
136
- protocolVersion: 1,
137
- values: { "my-secret-id": "resolved-secret" },
138
- }));
139
- const deps = makeDeps({}, { execFileSync: mockExecFileSync });
140
- const ref = { source: "exec", provider: "op", id: "my-secret-id" };
141
- const result = resolveSecretRef(ref, deps);
142
- expect(result.ok).toBe(true);
143
- if (result.ok)
144
- expect(result.value).toBe("resolved-secret");
145
- // Verify protocol: command is ref.provider, args is empty array, input is JSON
146
- expect(mockExecFileSync).toHaveBeenCalledWith("op", [], expect.objectContaining({
147
- input: expect.stringContaining('"ids":["my-secret-id"]'),
148
- encoding: "utf-8",
149
- }));
150
- });
151
- it("returns error when command fails (timeout etc)", () => {
152
- const mockExecFileSync = vi.fn().mockImplementation(() => {
153
- throw new Error("ETIMEDOUT");
154
- });
155
- const deps = makeDeps({}, { execFileSync: mockExecFileSync });
156
- const ref = { source: "exec", provider: "slow-helper", id: "key" };
157
- const result = resolveSecretRef(ref, deps);
158
- expect(result.ok).toBe(false);
159
- if (!result.ok)
160
- expect(result.error.message).toContain("command failed");
161
- });
162
- it("returns error for invalid JSON response", () => {
163
- const mockExecFileSync = vi.fn().mockReturnValue("not-json");
164
- const deps = makeDeps({}, { execFileSync: mockExecFileSync });
165
- const ref = { source: "exec", provider: "broken-helper", id: "key" };
166
- const result = resolveSecretRef(ref, deps);
167
- expect(result.ok).toBe(false);
168
- if (!result.ok)
169
- expect(result.error.message).toContain("invalid JSON");
170
- });
171
- it("returns error for wrong protocol version", () => {
172
- const mockExecFileSync = vi.fn().mockReturnValue(JSON.stringify({ protocolVersion: 2, values: {} }));
173
- const deps = makeDeps({}, { execFileSync: mockExecFileSync });
174
- const ref = { source: "exec", provider: "future-helper", id: "key" };
175
- const result = resolveSecretRef(ref, deps);
176
- expect(result.ok).toBe(false);
177
- if (!result.ok)
178
- expect(result.error.message).toContain("protocol");
179
- });
180
- it("returns error when requested key is missing from response", () => {
181
- const mockExecFileSync = vi.fn().mockReturnValue(JSON.stringify({ protocolVersion: 1, values: { "other-key": "val" } }));
182
- const deps = makeDeps({}, { execFileSync: mockExecFileSync });
183
- const ref = { source: "exec", provider: "op", id: "missing-key" };
184
- const result = resolveSecretRef(ref, deps);
185
- expect(result.ok).toBe(false);
186
- if (!result.ok)
187
- expect(result.error.message).toContain("not found");
188
- });
189
- });
190
- // ---------------------------------------------------------------------------
191
- // resolveConfigSecretRefs — deep walk
192
- // ---------------------------------------------------------------------------
193
- describe("resolveConfigSecretRefs", () => {
194
- it("resolves nested SecretRef objects in config", () => {
195
- const deps = makeDeps({
196
- TELEGRAM_BOT_TOKEN: "tg-resolved",
197
- DISCORD_BOT_TOKEN: "dc-resolved",
198
- });
199
- const config = {
200
- channels: {
201
- telegram: {
202
- enabled: true,
203
- botToken: { source: "env", provider: "telegram", id: "TELEGRAM_BOT_TOKEN" },
204
- },
205
- discord: {
206
- enabled: true,
207
- botToken: { source: "env", provider: "discord", id: "DISCORD_BOT_TOKEN" },
208
- },
209
- },
210
- plainField: "stays-unchanged",
211
- };
212
- const result = resolveConfigSecretRefs(config, deps);
213
- expect(result.ok).toBe(true);
214
- if (result.ok) {
215
- const resolved = result.value;
216
- expect(resolved.channels.telegram.botToken).toBe("tg-resolved");
217
- expect(resolved.channels.discord.botToken).toBe("dc-resolved");
218
- expect(resolved.plainField).toBe("stays-unchanged");
219
- // Original should not be mutated
220
- expect(config.channels.telegram.botToken).toEqual({
221
- source: "env",
222
- provider: "telegram",
223
- id: "TELEGRAM_BOT_TOKEN",
224
- });
225
- }
226
- });
227
- it("returns first error when any ref fails", () => {
228
- const deps = makeDeps({}); // empty — env lookups will fail
229
- const config = {
230
- good: "plain-string",
231
- bad: { source: "env", provider: "x", id: "MISSING" },
232
- };
233
- const result = resolveConfigSecretRefs(config, deps);
234
- expect(result.ok).toBe(false);
235
- if (!result.ok)
236
- expect(result.error.message).toContain("not found in SecretManager");
237
- });
238
- it("returns clone unchanged when no SecretRefs present", () => {
239
- const deps = makeDeps();
240
- const config = {
241
- channels: { telegram: { enabled: false, botToken: "plain" } },
242
- nested: { array: [1, 2, 3] },
243
- };
244
- const result = resolveConfigSecretRefs(config, deps);
245
- expect(result.ok).toBe(true);
246
- if (result.ok) {
247
- expect(result.value).toEqual(config);
248
- // Must be a different object (clone)
249
- expect(result.value).not.toBe(config);
250
- }
251
- });
252
- it("resolves SecretRefs inside arrays", () => {
253
- const deps = makeDeps({ TOKEN_1: "val-1", TOKEN_2: "val-2" });
254
- const config = {
255
- tokens: [
256
- { source: "env", provider: "gw", id: "TOKEN_1" },
257
- "plain-token",
258
- { source: "env", provider: "gw", id: "TOKEN_2" },
259
- ],
260
- };
261
- const result = resolveConfigSecretRefs(config, deps);
262
- expect(result.ok).toBe(true);
263
- if (result.ok) {
264
- const resolved = result.value;
265
- expect(resolved.tokens).toEqual(["val-1", "plain-token", "val-2"]);
266
- }
267
- });
268
- });
@@ -1,10 +0,0 @@
1
- /**
2
- * Unit tests for secrets audit scanner.
3
- *
4
- * Tests scanConfigForSecrets, scanEnvForSecrets, and auditSecrets
5
- * covering config YAML scanning, .env scanning, SecretRef detection,
6
- * and combined audit scenarios.
7
- *
8
- * @module
9
- */
10
- export {};