crewly 1.11.5 → 1.12.0

package/packages/crewly-agent/src/runtime/deepseek-sse-transform.ts

@@ -0,0 +1,168 @@
+/**
+ * DeepSeek SSE Transform — extracts `reasoning_content` from DeepSeek-R1 streaming responses.
+ *
+ * **Why this exists:**
+ * DeepSeek-R1 (`deepseek-reasoner`) returns chain-of-thought as `delta.reasoning_content`
+ * inside each SSE chunk. The Vercel AI SDK's @ai-sdk/openai chat-completions parser
+ * (3.0.41) accumulates `reasoning_tokens` into `usage.reasoningTokens` (correct billing
+ * surface) but **does not** map `reasoning_content` text to any content-part or
+ * `reasoningText` field. Result: users pay for reasoning tokens but the reasoning
+ * text is silently dropped.
+ *
+ * **What this module does:**
+ * - Pure stream transformer: takes a DeepSeek SSE response body, tees it,
+ *   passes one branch through unchanged (for AI SDK to consume normally),
+ *   and parses the other branch to extract reasoning_content into an
+ *   accumulator string.
+ * - Zero dependency on AI SDK internals — operates only on the raw SSE byte
+ *   stream that AI SDK is about to consume.
+ *
+ * **Architectural note (Sam memo reconciliation):**
+ * Earlier scope memo referenced wrapping a "PR #425 translator output" layer.
+ * Verified: PR #425 is the frontend Settings UI fix; no Crewly-owned translator
+ * exists. The only seam Crewly owns between DeepSeek and the AI SDK is the
+ * `createOpenAI({ fetch })` upstream hook in model-manager.ts. This module is
+ * the body of that hook.
+ *
+ * **DeepClaude pattern reference (read-only):**
+ * Reasoning-content extraction approach borrowed conceptually from public
+ * DeepClaude pattern (HTTP proxy that splits R1 reasoning from final answer).
+ * **No code, no fork, no dependency** — pattern reference only, per Anthropic
+ * ToS guardrail flagged by Arch.
+ *
+ * @module services/agent/crewly-agent/deepseek-sse-transform
+ */
+
+/**
+ * Shape of a single SSE `data:` payload from DeepSeek's chat-completions endpoint.
+ * Only the fields we read are typed; the rest is left open.
+ */
+interface DeepseekSseChunk {
+	choices?: Array<{
+		delta?: {
+			content?: string;
+			reasoning_content?: string;
+		};
+		finish_reason?: string | null;
+	}>;
+}
+
+/**
+ * Result of teeing and parsing a DeepSeek SSE body.
+ *
+ * - `passthroughBody` is the un-tampered byte stream that should be handed
+ *   to the consumer (AI SDK) as the response body.
+ * - `getReasoning()` returns the accumulated reasoning_content text once
+ *   the underlying stream has fully drained. Calling it before drain
+ *   returns whatever has been parsed so far.
+ */
+export interface ParsedDeepseekSse {
+	passthroughBody: ReadableStream<Uint8Array>;
+	getReasoning(): string;
+	/** True once the parser has seen the SSE `[DONE]` sentinel or stream end. */
+	isDrained(): boolean;
+}
+
+/**
+ * Parse a single SSE event-block (one or more `data:` lines + a blank line).
+ *
+ * Returns the accumulated reasoning_content string from this block, or
+ * empty string if the block had no reasoning content. Returns `null` if
+ * the block is the `[DONE]` sentinel.
+ *
+ * @param block - One SSE event block (between blank-line delimiters)
+ * @returns reasoning_content string, or `null` if `[DONE]`
+ */
+export function parseSseBlock(block: string): string | null {
+	const lines = block.split('\n');
+	let reasoning = '';
+	for (const line of lines) {
+		if (!line.startsWith('data:')) continue;
+		const payload = line.slice(5).trim();
+		if (!payload) continue;
+		if (payload === '[DONE]') return null;
+		try {
+			const chunk = JSON.parse(payload) as DeepseekSseChunk;
+			const r = chunk.choices?.[0]?.delta?.reasoning_content;
+			if (typeof r === 'string') {
+				reasoning += r;
+			}
+		} catch {
+			// Malformed JSON — skip silently; AI SDK consumer will surface
+			// any real error itself when it parses the same chunk.
+		}
+	}
+	return reasoning;
+}
+
+/**
+ * Tee a DeepSeek SSE response body and parse one branch for reasoning_content
+ * while passing the other branch through to the AI SDK consumer unchanged.
+ *
+ * The parser runs as a fire-and-forget background reader on the cloned stream.
+ * It accumulates reasoning text into an internal buffer that the caller can
+ * read via `getReasoning()` after the consumer has drained the passthrough.
+ *
+ * **Stream safety:**
+ * - The tee is symmetric: backpressure on the consumer branch does not
+ *   stall the parser branch (and vice versa) thanks to ReadableStream.tee()
+ *   internal buffering.
+ * - Parser errors are caught and logged but never propagated to the consumer.
+ *
+ * @param body - Raw SSE response body from DeepSeek
+ * @returns Object with passthrough body and reasoning accumulator
+ */
+export function teeAndParse(body: ReadableStream<Uint8Array>): ParsedDeepseekSse {
+	const [consumerBranch, parserBranch] = body.tee();
+	let reasoning = '';
+	let drained = false;
+
+	// Background reader: drain parserBranch, parse SSE, accumulate reasoning.
+	// Errors are swallowed — consumer branch is independent and unaffected.
+	void (async () => {
+		const reader = parserBranch.getReader();
+		const decoder = new TextDecoder();
+		let buffer = '';
+		try {
+			while (true) {
+				const { done, value } = await reader.read();
+				if (done) break;
+				buffer += decoder.decode(value, { stream: true });
+				// SSE event blocks are delimited by blank lines (\n\n).
+				let blankIdx: number;
+				while ((blankIdx = buffer.indexOf('\n\n')) >= 0) {
+					const block = buffer.slice(0, blankIdx);
+					buffer = buffer.slice(blankIdx + 2);
+					const result = parseSseBlock(block);
+					if (result === null) {
+						drained = true;
+					} else if (result) {
+						reasoning += result;
+					}
+				}
+			}
+			// Flush trailing partial block (if SSE source ended mid-block — defensive)
+			if (buffer.trim()) {
+				const result = parseSseBlock(buffer);
+				if (result && result !== null) reasoning += result;
+			}
+		} catch (err) {
+			// Parser failures must not break consumer flow — log and exit.
+			// eslint-disable-next-line no-console
+			console.warn('[DeepSeek SSE Transform] parser branch error (consumer unaffected):', err);
+		} finally {
+			drained = true;
+			try {
+				reader.releaseLock();
+			} catch {
+				/* already released */
+			}
+		}
+	})();
+
+	return {
+		passthroughBody: consumerBranch,
+		getReasoning: () => reasoning,
+		isDrained: () => drained,
+	};
+}

package/packages/crewly-agent/src/runtime/env-isolation.service.ts

@@ -0,0 +1,246 @@
+/**
+ * Environment Isolation Service
+ *
+ * Strips sensitive environment variables (API keys, tokens, secrets) from
+ * child process environments when agents execute bash commands. Maintains
+ * an allowlist of safe variables and provides a mechanism to explicitly
+ * pass specific vars when needed.
+ *
+ * @module services/agent/crewly-agent/env-isolation.service
+ *
+ * @example
+ * ```typescript
+ * const isolation = new EnvIsolationService();
+ * const safeEnv = isolation.createSafeEnv(process.env);
+ * // safeEnv has PATH, HOME, etc. but no ANTHROPIC_API_KEY
+ *
+ * const withOverrides = isolation.createSafeEnv(process.env, ['MY_CUSTOM_VAR']);
+ * // safeEnv + MY_CUSTOM_VAR explicitly included
+ * ```
+ */
+
+/**
+ * Environment variables that are always safe to pass to child processes.
+ * These are essential for basic shell operation and don't contain secrets.
+ */
+export const SAFE_ENV_ALLOWLIST: readonly string[] = [
+  // System essentials
+  'PATH',
+  'HOME',
+  'USER',
+  'LOGNAME',
+  'SHELL',
+  'TERM',
+  'TERM_PROGRAM',
+  'LANG',
+  'LC_ALL',
+  'LC_CTYPE',
+  'TZ',
+  'TMPDIR',
+  'TEMP',
+  'TMP',
+
+  // Node.js / runtime
+  'NODE_ENV',
+  'NODE_PATH',
+  'NODE_OPTIONS',
+  'NPM_CONFIG_PREFIX',
+  'NVM_DIR',
+  'NVM_BIN',
+
+  // Build tools
+  'FORCE_COLOR',
+  'NO_COLOR',
+  'CI',
+  'EDITOR',
+  'VISUAL',
+  'PAGER',
+
+  // Git (non-secret)
+  'GIT_AUTHOR_NAME',
+  'GIT_AUTHOR_EMAIL',
+  'GIT_COMMITTER_NAME',
+  'GIT_COMMITTER_EMAIL',
+
+  // Platform
+  'HOSTNAME',
+  'PWD',
+  'OLDPWD',
+  'SHLVL',
+  'XDG_CONFIG_HOME',
+  'XDG_DATA_HOME',
+  'XDG_CACHE_HOME',
+  'XDG_RUNTIME_DIR',
+
+  // macOS specifics
+  'COMMAND_MODE',
+  '__CF_USER_TEXT_ENCODING',
+
+  // Python
+  'PYTHONPATH',
+  'VIRTUAL_ENV',
+
+  // Rust
+  'CARGO_HOME',
+  'RUSTUP_HOME',
+
+  // Go
+  'GOPATH',
+  'GOROOT',
+
+  // Java
+  'JAVA_HOME',
+
+  // Homebrew
+  'HOMEBREW_PREFIX',
+  'HOMEBREW_CELLAR',
+  'HOMEBREW_REPOSITORY',
+] as const;
+
+/**
+ * Patterns that identify sensitive environment variable names.
+ * Variables matching these patterns are stripped from child processes.
+ */
+export const SENSITIVE_ENV_PATTERNS: readonly RegExp[] = [
+  /api[_-]?key/i,
+  /api[_-]?secret/i,
+  /api[_-]?token/i,
+  /secret[_-]?key/i,
+  /access[_-]?key/i,
+  /access[_-]?token/i,
+  /auth[_-]?token/i,
+  /bearer[_-]?token/i,
+  /private[_-]?key/i,
+  /password/i,
+  /passwd/i,
+  /credential/i,
+  /^AWS_SECRET/i,
+  /^AWS_SESSION/i,
+  /^ANTHROPIC_API/i,
+  /^OPENAI_API/i,
+  /^GOOGLE_API/i,
+  /^GOOGLE_APPLICATION_CREDENTIALS/i,
+  /^STRIPE_SECRET/i,
+  /^SUPABASE_SERVICE_ROLE/i,
+  /^DATABASE_URL$/i,
+  /^REDIS_URL$/i,
+  /^MONGODB_URI$/i,
+  /^GITHUB_TOKEN$/i,
+  /^GH_TOKEN$/i,
+  /^NPM_TOKEN$/i,
+  /^DOCKER_PASSWORD$/i,
+  /^DOCKER_AUTH$/i,
+  /connection[_-]?string/i,
+  /^SENTRY_DSN$/i,
+  /^DATADOG_API_KEY$/i,
+  /^SENDGRID_API_KEY$/i,
+  /^TWILIO_AUTH_TOKEN$/i,
+  /^SLACK_BOT_TOKEN$/i,
+  /^SLACK_TOKEN$/i,
+  /^DISCORD_TOKEN$/i,
+  /^WEBHOOK_SECRET$/i,
+  /^SIGNING_SECRET$/i,
+  /^ENCRYPTION_KEY$/i,
+  /^JWT_SECRET$/i,
+  /^SESSION_SECRET$/i,
+] as const;
+
+/**
+ * Service that creates sanitized environment objects for child processes.
+ */
+export class EnvIsolationService {
+  private readonly allowlist: Set<string>;
+  private readonly sensitivePatterns: readonly RegExp[];
+
+  /**
+   * Creates a new EnvIsolationService.
+   *
+   * @param additionalSafeVars - Extra variable names to always allow
+   * @param additionalSensitivePatterns - Extra patterns to block
+   */
+  constructor(
+    additionalSafeVars?: string[],
+    additionalSensitivePatterns?: RegExp[],
+  ) {
+    this.allowlist = new Set([...SAFE_ENV_ALLOWLIST, ...(additionalSafeVars || [])]);
+    this.sensitivePatterns = additionalSensitivePatterns
+      ? [...SENSITIVE_ENV_PATTERNS, ...additionalSensitivePatterns]
+      : SENSITIVE_ENV_PATTERNS;
+  }
+
+  /**
+   * Creates a safe environment object by filtering out sensitive variables.
+   *
+   * Strategy:
+   * 1. Start with all env vars
+   * 2. Keep vars on the allowlist
+   * 3. Remove vars matching sensitive patterns
+   * 4. Add explicitly requested vars (overrides)
+   *
+   * @param sourceEnv - Source environment (typically process.env)
+   * @param explicitVars - Variable names to explicitly include even if they'd be filtered
+   * @returns Sanitized environment object safe for child processes
+   */
+  createSafeEnv(
+    sourceEnv: Record<string, string | undefined>,
+    explicitVars?: string[],
+  ): Record<string, string> {
+    const safeEnv: Record<string, string> = {};
+    const explicitSet = new Set(explicitVars || []);
+
+    for (const [key, value] of Object.entries(sourceEnv)) {
+      if (value === undefined) continue;
+
+      // Always include explicitly requested vars
+      if (explicitSet.has(key)) {
+        safeEnv[key] = value;
+        continue;
+      }
+
+      // Include if on allowlist
+      if (this.allowlist.has(key)) {
+        safeEnv[key] = value;
+        continue;
+      }
+
+      // Skip if matches a sensitive pattern
+      if (this.isSensitive(key)) {
+        continue;
+      }
+
+      // Default: include non-sensitive vars not on either list
+      safeEnv[key] = value;
+    }
+
+    return safeEnv;
+  }
+
+  /**
+   * Checks if an environment variable name matches any sensitive pattern.
+   *
+   * @param varName - Environment variable name to check
+   * @returns True if the variable is considered sensitive
+   */
+  isSensitive(varName: string): boolean {
+    return this.sensitivePatterns.some((pattern) => pattern.test(varName));
+  }
+
+  /**
+   * Returns the list of sensitive variable names found in the given environment.
+   * Useful for audit logging.
+   *
+   * @param sourceEnv - Environment to scan
+   * @returns Array of sensitive variable names found
+   */
+  findSensitiveVars(sourceEnv: Record<string, string | undefined>): string[] {
+    return Object.keys(sourceEnv).filter((key) => this.isSensitive(key));
+  }
+
+  /**
+   * Returns the current allowlist as an array.
+   * @returns Copy of the safe variable allowlist
+   */
+  getAllowlist(): string[] {
+    return Array.from(this.allowlist);
+  }
+}

package/packages/crewly-agent/src/runtime/in-process-log-buffer.test.ts

@@ -0,0 +1,280 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { InProcessLogBuffer } from './in-process-log-buffer.js';
+
+// Constants inlined here too — the standalone runtime owns its own values.
+const CREWLY_CONSTANTS = {
+  PATHS: {
+    CREWLY_HOME: '.crewly',
+    LOGS_DIR: 'logs',
+  },
+} as const;
+
+const LOG_ROTATION_CONSTANTS = {
+  SESSIONS_LOG_DIR: 'sessions',
+} as const;
+
+describe('InProcessLogBuffer', () => {
+  let buffer: InProcessLogBuffer;
+
+  beforeEach(() => {
+    InProcessLogBuffer.resetInstance();
+    buffer = InProcessLogBuffer.getInstance();
+  });
+
+  describe('singleton', () => {
+    it('should return the same instance', () => {
+      const a = InProcessLogBuffer.getInstance();
+      const b = InProcessLogBuffer.getInstance();
+      expect(a).toBe(b);
+    });
+
+    it('should return new instance after reset', () => {
+      const a = InProcessLogBuffer.getInstance();
+      InProcessLogBuffer.resetInstance();
+      const b = InProcessLogBuffer.getInstance();
+      expect(a).not.toBe(b);
+    });
+  });
+
+  describe('append', () => {
+    it('should create session on first append', () => {
+      expect(buffer.hasSession('test')).toBe(false);
+      buffer.append('test', 'info', 'hello');
+      expect(buffer.hasSession('test')).toBe(true);
+    });
+
+    it('should enforce ring buffer limit', () => {
+      for (let i = 0; i < 600; i++) {
+        buffer.append('test', 'info', `line ${i}`);
+      }
+      const output = buffer.capture('test', 600);
+      const lines = output.split('\n');
+      expect(lines.length).toBe(500);
+      expect(lines[lines.length - 1]).toContain('line 599');
+    });
+  });
+
+  describe('capture', () => {
+    it('should return placeholder for empty session', () => {
+      buffer.registerSession('empty');
+      const output = buffer.capture('empty');
+      expect(output).toContain('No output yet');
+    });
+
+    it('should return placeholder for unknown session', () => {
+      const output = buffer.capture('nonexistent');
+      expect(output).toContain('No output yet');
+    });
+
+    it('should format entries with timestamps', () => {
+      buffer.append('test', 'info', 'hello world');
+      const output = buffer.capture('test');
+      expect(output).toMatch(/\[\d{2}:\d{2}:\d{2}\.\d{3}\] hello world/);
+    });
+
+    it('should prefix error and warn levels', () => {
+      buffer.append('test', 'error', 'something broke');
+      buffer.append('test', 'warn', 'be careful');
+      buffer.append('test', 'debug', 'details');
+      const output = buffer.capture('test');
+      expect(output).toContain('ERROR: something broke');
+      expect(output).toContain('WARN: be careful');
+      expect(output).toContain('DEBUG: details');
+    });
+
+    it('should respect lines parameter', () => {
+      buffer.append('test', 'info', 'line 1');
+      buffer.append('test', 'info', 'line 2');
+      buffer.append('test', 'info', 'line 3');
+      const output = buffer.capture('test', 2);
+      const lines = output.split('\n');
+      expect(lines.length).toBe(2);
+      expect(lines[1]).toContain('line 3');
+    });
+  });
+
+  describe('session management', () => {
+    it('should register empty session', () => {
+      buffer.registerSession('new');
+      expect(buffer.hasSession('new')).toBe(true);
+      expect(buffer.capture('new')).toContain('No output yet');
+    });
+
+    it('should remove session', () => {
+      buffer.append('test', 'info', 'data');
+      buffer.removeSession('test');
+      expect(buffer.hasSession('test')).toBe(false);
+    });
+
+    it('should list session names', () => {
+      buffer.registerSession('a');
+      buffer.registerSession('b');
+      buffer.append('c', 'info', 'test');
+      expect(buffer.getSessionNames().sort()).toEqual(['a', 'b', 'c']);
+    });
+
+    it('should clear all sessions', () => {
+      buffer.registerSession('a');
+      buffer.registerSession('b');
+      buffer.clear();
+      expect(buffer.getSessionNames()).toEqual([]);
+    });
+  });
+
+  describe('EventEmitter data events', () => {
+    it('should emit data event on append', () => new Promise<void>((resolve, reject) => {
+      buffer.on('data', (sessionName: string, formattedLine: string) => {
+        try {
+          expect(sessionName).toBe('test-session');
+          expect(formattedLine).toContain('hello world');
+          expect(formattedLine).toMatch(/\[\d{2}:\d{2}:\d{2}\.\d{3}\] hello world/);
+          resolve();
+        } catch (err) { reject(err); }
+      });
+      buffer.append('test-session', 'info', 'hello world');
+    }));
+
+    it('should emit data event with level prefix for errors', () => new Promise<void>((resolve, reject) => {
+      buffer.on('data', (sessionName: string, formattedLine: string) => {
+        try {
+          expect(sessionName).toBe('test-session');
+          expect(formattedLine).toContain('ERROR: something broke');
+          resolve();
+        } catch (err) { reject(err); }
+      });
+      buffer.append('test-session', 'error', 'something broke');
+    }));
+
+    it('should emit data events for each append', () => {
+      const events: string[] = [];
+      buffer.on('data', (_session: string, line: string) => {
+        events.push(line);
+      });
+
+      buffer.append('s1', 'info', 'first');
+      buffer.append('s2', 'warn', 'second');
+
+      expect(events.length).toBe(2);
+      expect(events[0]).toContain('first');
+      expect(events[1]).toContain('WARN: second');
+    });
+
+    it('should include session name in data event', () => {
+      const sessions: string[] = [];
+      buffer.on('data', (session: string) => {
+        sessions.push(session);
+      });
+
+      buffer.append('agent-a', 'info', 'msg1');
+      buffer.append('agent-b', 'info', 'msg2');
+
+      expect(sessions).toEqual(['agent-a', 'agent-b']);
+    });
+
+    it('should clean up listeners on reset', () => {
+      const handler = vi.fn();
+      buffer.on('data', handler);
+
+      InProcessLogBuffer.resetInstance();
+      const newBuffer = InProcessLogBuffer.getInstance();
+      newBuffer.append('test', 'info', 'after reset');
+
+      // Old handler should NOT be called since instance was reset
+      expect(handler).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('file persistence', () => {
+    const sessionLogsDir = path.join(
+      os.homedir(),
+      CREWLY_CONSTANTS.PATHS.CREWLY_HOME,
+      CREWLY_CONSTANTS.PATHS.LOGS_DIR,
+      LOG_ROTATION_CONSTANTS.SESSIONS_LOG_DIR,
+    );
+
+    const testSessionName = `__test-inprocess-${Date.now()}`;
+
+    afterEach(() => {
+      // Clean up test log file
+      const logPath = path.join(sessionLogsDir, `${testSessionName}.log`);
+      try { fs.unlinkSync(logPath); } catch { /* may not exist */ }
+    });
+
+    it('should create a log file on registerSession', (done) => {
+      buffer.registerSession(testSessionName);
+      const logPath = path.join(sessionLogsDir, `${testSessionName}.log`);
+      // WriteStream opens the file lazily — give it a tick to flush the header
+      setTimeout(() => {
+        expect(fs.existsSync(logPath)).toBe(true);
+        done();
+      }, 100);
+    });
+
+    it('should write log entries to disk on append', (done) => {
+      buffer.registerSession(testSessionName);
+      buffer.append(testSessionName, 'info', 'disk test message');
+      buffer.append(testSessionName, 'error', 'disk error message');
+
+      // WriteStream is async — give it a tick to flush
+      setTimeout(() => {
+        const logPath = path.join(sessionLogsDir, `${testSessionName}.log`);
+        const content = fs.readFileSync(logPath, 'utf8');
+        expect(content).toContain('SESSION STARTED');
+        expect(content).toContain('disk test message');
+        expect(content).toContain('ERROR: disk error message');
+        done();
+      }, 100);
+    });
+
+    it('should write SESSION ENDED marker on removeSession', (done) => {
+      buffer.registerSession(testSessionName);
+      buffer.append(testSessionName, 'info', 'before shutdown');
+      buffer.removeSession(testSessionName);
+
+      setTimeout(() => {
+        const logPath = path.join(sessionLogsDir, `${testSessionName}.log`);
+        const content = fs.readFileSync(logPath, 'utf8');
+        expect(content).toContain('SESSION ENDED');
+        done();
+      }, 100);
+    });
+
+    it('should write RESTARTED marker when session is re-registered', (done) => {
+      buffer.registerSession(testSessionName);
+      buffer.append(testSessionName, 'info', 'first run');
+      buffer.removeSession(testSessionName);
+
+      // Re-register same session (simulates restart)
+      setTimeout(() => {
+        buffer.registerSession(testSessionName);
+        buffer.append(testSessionName, 'info', 'second run');
+
+        setTimeout(() => {
+          const logPath = path.join(sessionLogsDir, `${testSessionName}.log`);
+          const content = fs.readFileSync(logPath, 'utf8');
+          expect(content).toContain('SESSION STARTED');
+          expect(content).toContain('first run');
+          expect(content).toContain('SESSION RESTARTED');
+          expect(content).toContain('second run');
+          done();
+        }, 100);
+      }, 100);
+    });
+
+    it('should include full ISO timestamp in file entries', (done) => {
+      buffer.registerSession(testSessionName);
+      buffer.append(testSessionName, 'info', 'timestamp check');
+
+      setTimeout(() => {
+        const logPath = path.join(sessionLogsDir, `${testSessionName}.log`);
+        const content = fs.readFileSync(logPath, 'utf8');
+        // File entries should have full ISO timestamp like "2026-03-18T16:01:00.000Z"
+        expect(content).toMatch(/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z.*timestamp check/);
+        done();
+      }, 100);
+    });
+  });
+});