git-daemon 0.1.1 → 0.1.2

package/dist/security.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authGuard = exports.loopbackGuard = exports.hostGuard = exports.originGuard = exports.getOrigin = void 0;
+const errors_1 = require("./errors");
+const ALLOWED_HOSTS = new Set(["127.0.0.1", "localhost"]);
+const getOrigin = (req) => req.headers.origin || "";
+exports.getOrigin = getOrigin;
+const isLoopbackAddress = (address) => {
+    if (!address) {
+        return false;
+    }
+    if (address === "127.0.0.1" || address === "::1") {
+        return true;
+    }
+    return address.startsWith("::ffff:127.0.0.1");
+};
+const originGuard = (allowlist) => {
+    return (req, res, next) => {
+        const origin = (0, exports.getOrigin)(req);
+        if (!origin || !allowlist.includes(origin)) {
+            return next((0, errors_1.originNotAllowed)());
+        }
+        res.setHeader("Access-Control-Allow-Origin", origin);
+        res.setHeader("Vary", "Origin");
+        res.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
+        res.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS");
+        res.setHeader("Access-Control-Max-Age", "600");
+        if (req.method === "OPTIONS") {
+            res.status(204).end();
+            return;
+        }
+        next();
+    };
+};
+exports.originGuard = originGuard;
+const hostGuard = () => {
+    return (req, _res, next) => {
+        const host = req.headers.host?.split(":")[0];
+        if (!host || !ALLOWED_HOSTS.has(host)) {
+            return next((0, errors_1.originNotAllowed)());
+        }
+        next();
+    };
+};
+exports.hostGuard = hostGuard;
+const loopbackGuard = () => {
+    return (req, _res, next) => {
+        if (!isLoopbackAddress(req.socket.remoteAddress)) {
+            return next((0, errors_1.originNotAllowed)());
+        }
+        next();
+    };
+};
+exports.loopbackGuard = loopbackGuard;
+const authGuard = (tokenStore) => {
+    return (req, _res, next) => {
+        const origin = (0, exports.getOrigin)(req);
+        const auth = req.headers.authorization;
+        if (!auth) {
+            return next((0, errors_1.authRequired)());
+        }
+        const match = auth.match(/^Bearer (.+)$/i);
+        if (!match) {
+            return next((0, errors_1.authInvalid)());
+        }
+        const token = match[1];
+        if (!tokenStore.verifyToken(origin, token)) {
+            return next((0, errors_1.authInvalid)());
+        }
+        next();
+    };
+};
+exports.authGuard = authGuard;

package/dist/tokens.js

@@ -0,0 +1,88 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenStore = void 0;
+const fs_1 = require("fs");
+const crypto_1 = __importDefault(require("crypto"));
+const config_1 = require("./config");
+const TOKEN_BYTES = 32;
+const HASH_BYTES = 32;
+class TokenStore {
+    constructor(configDir) {
+        this.entries = [];
+        this.tokensPath = (0, config_1.getTokensPath)(configDir);
+    }
+    async load() {
+        try {
+            const raw = await fs_1.promises.readFile(this.tokensPath, "utf8");
+            const data = JSON.parse(raw);
+            this.entries = Array.isArray(data.entries) ? data.entries : [];
+        }
+        catch (err) {
+            if (err.code !== "ENOENT") {
+                throw err;
+            }
+            this.entries = [];
+            await this.save();
+        }
+        this.pruneExpired();
+    }
+    async save() {
+        const payload = { entries: this.entries };
+        await fs_1.promises.writeFile(this.tokensPath, JSON.stringify(payload, null, 2));
+    }
+    pruneExpired() {
+        const now = Date.now();
+        this.entries = this.entries.filter((entry) => {
+            const expiresAt = Date.parse(entry.expiresAt);
+            return Number.isNaN(expiresAt) || expiresAt > now;
+        });
+    }
+    getActiveToken(origin) {
+        this.pruneExpired();
+        return this.entries.find((entry) => entry.origin === origin);
+    }
+    async issueToken(origin, ttlDays) {
+        const token = crypto_1.default.randomBytes(TOKEN_BYTES).toString("base64url");
+        const salt = crypto_1.default.randomBytes(16).toString("base64url");
+        const tokenHash = crypto_1.default
+            .scryptSync(token, salt, HASH_BYTES)
+            .toString("base64url");
+        const now = new Date();
+        const expiresAt = new Date(now.getTime() + ttlDays * 24 * 60 * 60 * 1000);
+        const entry = {
+            origin,
+            tokenHash,
+            salt,
+            createdAt: now.toISOString(),
+            expiresAt: expiresAt.toISOString(),
+        };
+        this.entries = this.entries.filter((item) => item.origin !== origin);
+        this.entries.push(entry);
+        await this.save();
+        return {
+            token,
+            expiresAt: entry.expiresAt,
+        };
+    }
+    async revokeToken(origin) {
+        this.entries = this.entries.filter((item) => item.origin !== origin);
+        await this.save();
+    }
+    verifyToken(origin, token) {
+        this.pruneExpired();
+        const entry = this.entries.find((item) => item.origin === origin);
+        if (!entry) {
+            return false;
+        }
+        const derived = crypto_1.default.scryptSync(token, entry.salt, HASH_BYTES);
+        const stored = Buffer.from(entry.tokenHash, "base64url");
+        if (stored.length !== derived.length) {
+            return false;
+        }
+        return crypto_1.default.timingSafeEqual(stored, derived);
+    }
+}
+exports.TokenStore = TokenStore;

package/dist/tools.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isToolInstalled = exports.detectCapabilities = void 0;
+const execa_1 = require("execa");
+const detect = async (command, args = ["--version"]) => {
+    try {
+        const result = await (0, execa_1.execa)(command, args);
+        const version = result.stdout.trim();
+        return { installed: true, version };
+    }
+    catch (err) {
+        if (err.code === "ENOENT") {
+            return { installed: false };
+        }
+        return { installed: false };
+    }
+};
+const detectCapabilities = async () => {
+    const [git, node, npm, pnpm, yarn, code] = await Promise.all([
+        detect("git", ["--version"]),
+        detect("node", ["--version"]),
+        detect("npm", ["--version"]),
+        detect("pnpm", ["--version"]),
+        detect("yarn", ["--version"]),
+        detect("code", ["--version"]),
+    ]);
+    return {
+        tools: {
+            git,
+            node,
+            npm,
+            pnpm,
+            yarn,
+            code,
+        },
+    };
+};
+exports.detectCapabilities = detectCapabilities;
+const isToolInstalled = async (command) => {
+    const info = await detect(command, ["--version"]);
+    return info.installed;
+};
+exports.isToolInstalled = isToolInstalled;

package/dist/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/validation.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.depsInstallRequestSchema = exports.osOpenRequestSchema = exports.gitStatusQuerySchema = exports.gitFetchRequestSchema = exports.gitCloneRequestSchema = exports.pairRequestSchema = void 0;
+const zod_1 = require("zod");
+const MAX_PATH_LENGTH = 4096;
+const isValidRepoUrl = (value) => {
+    if (value.startsWith("file://")) {
+        return false;
+    }
+    if (value.startsWith("/") ||
+        value.startsWith("./") ||
+        value.startsWith("../")) {
+        return false;
+    }
+    if (/^git@[^:]+:.+/.test(value)) {
+        return true;
+    }
+    if (/^https:\/\/[^/]+\/.+/.test(value)) {
+        return true;
+    }
+    if (/^ssh:\/\/[^/]+\/.+/.test(value)) {
+        return true;
+    }
+    return false;
+};
+exports.pairRequestSchema = zod_1.z.discriminatedUnion("step", [
+    zod_1.z.object({
+        step: zod_1.z.literal("start"),
+    }),
+    zod_1.z.object({
+        step: zod_1.z.literal("confirm"),
+        code: zod_1.z.string().min(1),
+    }),
+]);
+exports.gitCloneRequestSchema = zod_1.z.object({
+    repoUrl: zod_1.z.string().min(1).refine(isValidRepoUrl),
+    destRelative: zod_1.z.string().min(1).max(MAX_PATH_LENGTH),
+    options: zod_1.z
+        .object({
+        branch: zod_1.z.string().min(1).optional(),
+        depth: zod_1.z.number().int().min(1).optional(),
+    })
+        .optional(),
+});
+exports.gitFetchRequestSchema = zod_1.z.object({
+    repoPath: zod_1.z.string().min(1).max(MAX_PATH_LENGTH),
+    remote: zod_1.z.string().min(1).optional(),
+    prune: zod_1.z.boolean().optional(),
+});
+exports.gitStatusQuerySchema = zod_1.z.object({
+    repoPath: zod_1.z.string().min(1).max(MAX_PATH_LENGTH),
+});
+exports.osOpenRequestSchema = zod_1.z.object({
+    target: zod_1.z.enum(["folder", "terminal", "vscode"]),
+    path: zod_1.z.string().min(1).max(MAX_PATH_LENGTH),
+});
+exports.depsInstallRequestSchema = zod_1.z.object({
+    repoPath: zod_1.z.string().min(1).max(MAX_PATH_LENGTH),
+    manager: zod_1.z.enum(["auto", "npm", "pnpm", "yarn"]).optional(),
+    mode: zod_1.z.enum(["auto", "ci", "install"]).optional(),
+    safer: zod_1.z.boolean().optional(),
+});

package/dist/workspace.js

@@ -0,0 +1,79 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureRelative = exports.resolveInsideWorkspace = exports.ensureWorkspaceRoot = exports.MissingPathError = void 0;
+const path_1 = __importDefault(require("path"));
+const fs_1 = require("fs");
+const errors_1 = require("./errors");
+class MissingPathError extends Error {
+}
+exports.MissingPathError = MissingPathError;
+const MAX_PATH_LENGTH = 4096;
+const ensureWorkspaceRoot = (root) => {
+    if (!root) {
+        throw (0, errors_1.workspaceRequired)();
+    }
+    if (root.length > MAX_PATH_LENGTH) {
+        throw (0, errors_1.pathOutsideWorkspace)();
+    }
+    return root;
+};
+exports.ensureWorkspaceRoot = ensureWorkspaceRoot;
+const realpathSafe = async (target) => {
+    try {
+        return await fs_1.promises.realpath(target);
+    }
+    catch (err) {
+        if (err.code === "ENOENT") {
+            return null;
+        }
+        throw err;
+    }
+};
+const resolveInsideWorkspace = async (workspaceRoot, candidate, allowMissing = false) => {
+    if (candidate.length > MAX_PATH_LENGTH) {
+        throw (0, errors_1.pathOutsideWorkspace)();
+    }
+    const rootReal = await fs_1.promises.realpath(workspaceRoot);
+    const resolved = path_1.default.resolve(rootReal, candidate);
+    if (!isInside(rootReal, resolved)) {
+        throw (0, errors_1.pathOutsideWorkspace)();
+    }
+    const realResolved = await realpathSafe(resolved);
+    if (realResolved) {
+        if (!isInside(rootReal, realResolved)) {
+            throw (0, errors_1.pathOutsideWorkspace)();
+        }
+        return realResolved;
+    }
+    if (!allowMissing) {
+        throw new MissingPathError("Path does not exist.");
+    }
+    const parent = path_1.default.dirname(resolved);
+    const parentReal = await realpathSafe(parent);
+    if (parentReal && !isInside(rootReal, parentReal)) {
+        throw (0, errors_1.pathOutsideWorkspace)();
+    }
+    return resolved;
+};
+exports.resolveInsideWorkspace = resolveInsideWorkspace;
+const isInside = (root, candidate) => {
+    const relative = path_1.default.relative(root, candidate);
+    if (relative === "") {
+        return true;
+    }
+    return !relative.startsWith("..") && !path_1.default.isAbsolute(relative);
+};
+const ensureRelative = (target) => {
+    if (path_1.default.isAbsolute(target)) {
+        throw (0, errors_1.pathOutsideWorkspace)();
+    }
+    const normalized = path_1.default.normalize(target);
+    if (normalized === "." || normalized.startsWith("..")) {
+        throw (0, errors_1.pathOutsideWorkspace)();
+    }
+    return target;
+};
+exports.ensureRelative = ensureRelative;

package/openapi.yaml

@@ -6,7 +6,7 @@ info:
     Localhost API for the Git Daemon. All requests must include an Origin header
     that matches the allowlist. Non-public endpoints require a Bearer token.
 servers:
-  - url: http://127.0.0.1:8787
+  - url: http://127.0.0.1:8790
 security:
   - bearerAuth: []
 paths:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "git-daemon",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "private": false,
   "type": "commonjs",
   "main": "dist/daemon.js",
@@ -19,6 +19,7 @@
     "express-rate-limit": "^7.4.0",
     "pino": "^9.3.2",
     "pino-http": "^9.0.0",
+    "pino-pretty": "^13.0.0",
     "rotating-file-stream": "^3.2.5",
     "tree-kill": "^1.2.2",
     "zod": "^3.23.8"

package/src/config.ts

@@ -26,7 +26,7 @@ export const defaultConfig = (): AppConfig => ({
   configVersion: CONFIG_VERSION,
   server: {
     host: "127.0.0.1",
-    port: 8787,
+    port: 8790,
   },
   originAllowlist: ["https://app.example.com"],
   workspaceRoot: null,

package/src/daemon.ts

@@ -5,6 +5,20 @@ const start = async () => {
   const ctx = await createContext();
   const app = createApp(ctx);
 
+  const startupSummary = {
+    configDir: ctx.configDir,
+    host: ctx.config.server.host,
+    port: ctx.config.server.port,
+    workspaceRoot: ctx.config.workspaceRoot ?? "not configured",
+    originAllowlist: ctx.config.originAllowlist,
+  };
+  ctx.logger.info(startupSummary, "Git Daemon starting");
+  if (process.env.GIT_DAEMON_LOG_STDOUT !== "1") {
+    console.log(
+      `[Git Daemon] config=${startupSummary.configDir} host=${startupSummary.host} port=${startupSummary.port}`,
+    );
+  }
+
   app.listen(ctx.config.server.port, ctx.config.server.host, () => {
     ctx.logger.info(
       {

package/src/jobs.ts

@@ -1,6 +1,6 @@
 import { EventEmitter } from "events";
 import crypto from "crypto";
-import type { ApiErrorBody, JobEvent, JobState, JobStatus } from "./types";
+import type { ApiErrorBody, JobEvent, JobProgressEvent, JobState, JobStatus } from "./types";
 import { timeoutError } from "./errors";
 
 const MAX_EVENTS = 2000;
@@ -8,7 +8,7 @@ const MAX_EVENTS = 2000;
 export type JobContext = {
   logStdout: (line: string) => void;
   logStderr: (line: string) => void;
-  progress: (event: Omit<JobEvent, "type"> & { type?: "progress" }) => void;
+  progress: (event: Omit<JobProgressEvent, "type">) => void;
   setCancel: (cancel: () => Promise<void>) => void;
   isCancelled: () => boolean;
 };
@@ -157,7 +157,7 @@ export class JobManager {
     const ctx: JobContext = {
       logStdout: (line) => job.emit({ type: "log", stream: "stdout", line }),
       logStderr: (line) => job.emit({ type: "log", stream: "stderr", line }),
-      progress: (event) => job.emit({ ...event, type: "progress" }),
+      progress: (event) => job.emit({ type: "progress", ...event }),
       setCancel: (fn) => job.setCancel(fn),
       isCancelled: () => job.cancelRequested,
     };

package/src/logger.ts

@@ -3,7 +3,7 @@ import { promises as fs } from "fs";
 import pino from "pino";
 import pinoHttp from "pino-http";
 import type { Logger } from "pino";
-import rfs from "rotating-file-stream";
+import { createStream } from "rotating-file-stream";
 import type { AppConfig } from "./types";
 
 export const createLogger = async (
@@ -11,16 +11,38 @@ export const createLogger = async (
   logging: AppConfig["logging"],
   enabled = true,
 ): Promise<Logger> => {
+  const level = process.env.GIT_DAEMON_LOG_LEVEL || "info";
+  const logToStdout = process.env.GIT_DAEMON_LOG_STDOUT === "1";
+  const prettyStdout = logToStdout && process.env.GIT_DAEMON_LOG_PRETTY !== "0";
   const logDir = path.join(configDir, logging.directory);
   await fs.mkdir(logDir, { recursive: true });
 
-  const stream = rfs.createStream("daemon.log", {
+  const stream = createStream("daemon.log", {
     size: `${logging.maxBytes}B`,
     maxFiles: logging.maxFiles,
     path: logDir,
   });
 
-  return pino({ enabled }, stream);
+  if (!logToStdout) {
+    return pino({ enabled, level }, stream);
+  }
+
+  const streams: Array<{ stream: NodeJS.WritableStream }> = [{ stream }];
+  if (prettyStdout) {
+    const { default: pretty } = await import("pino-pretty");
+    streams.push({
+      stream: pretty({
+        colorize: true,
+        translateTime: "SYS:standard",
+        ignore: "pid,hostname",
+      }),
+    });
+  } else {
+    streams.push({ stream: process.stdout });
+  }
+
+  return pino({ enabled, level }, (pino as any).multistream(streams));
 };
 
-export const createHttpLogger = (logger: Logger) => pinoHttp({ logger });
+export const createHttpLogger = (logger: Logger) =>
+  pinoHttp({ logger: logger as any });

package/src/process.ts

@@ -39,11 +39,12 @@ export const runCommand = async (
     stderr: "pipe",
   });
 
-  if (subprocess.pid) {
+  const pid = subprocess.pid;
+  if (pid) {
     ctx.setCancel(
       () =>
         new Promise<void>((resolve) => {
-          treeKill(subprocess.pid, "SIGTERM", () => resolve());
+          treeKill(pid, "SIGTERM", () => resolve());
         }),
     );
   }

package/src/types.ts

@@ -65,23 +65,26 @@ export type TokenStoreData = {
 
 export type JobState = "queued" | "running" | "done" | "error" | "cancelled";
 
-export type JobEvent =
-  | {
-      type: "log";
-      stream: "stdout" | "stderr";
-      line: string;
-    }
-  | {
-      type: "progress";
-      kind: "git" | "deps";
-      percent?: number;
-      detail?: string;
-    }
-  | {
-      type: "state";
-      state: JobState;
-      message?: string;
-    };
+export type JobLogEvent = {
+  type: "log";
+  stream: "stdout" | "stderr";
+  line: string;
+};
+
+export type JobProgressEvent = {
+  type: "progress";
+  kind: "git" | "deps";
+  percent?: number;
+  detail?: string;
+};
+
+export type JobStateEvent = {
+  type: "state";
+  state: JobState;
+  message?: string;
+};
+
+export type JobEvent = JobLogEvent | JobProgressEvent | JobStateEvent;
 
 export type JobStatus = {
   id: string;

package/src/typings/pino-pretty.d.ts

@@ -0,0 +1,9 @@
+declare module "pino-pretty" {
+  type PrettyOptions = {
+    colorize?: boolean;
+    translateTime?: string;
+    ignore?: string;
+  };
+  function pretty(options?: PrettyOptions): NodeJS.WritableStream;
+  export default pretty;
+}

package/tests/app.test.js

@@ -0,0 +1,103 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const supertest_1 = __importDefault(require("supertest"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const fs_1 = require("fs");
+const pino_1 = __importDefault(require("pino"));
+const app_1 = require("../src/app");
+const tokens_1 = require("../src/tokens");
+const pairing_1 = require("../src/pairing");
+const jobs_1 = require("../src/jobs");
+const createTempDir = async () => fs_1.promises.mkdtemp(path_1.default.join(os_1.default.tmpdir(), "git-daemon-test-"));
+const createConfig = (workspaceRoot, origin) => ({
+    configVersion: 1,
+    server: { host: "127.0.0.1", port: 0 },
+    originAllowlist: [origin],
+    workspaceRoot,
+    pairing: { tokenTtlDays: 30 },
+    jobs: { maxConcurrent: 1, timeoutSeconds: 60 },
+    deps: { defaultSafer: true },
+    logging: { directory: "logs", maxFiles: 1, maxBytes: 1024 },
+    approvals: { entries: [] },
+});
+const createContext = async (workspaceRoot, origin) => {
+    const configDir = await createTempDir();
+    const config = createConfig(workspaceRoot, origin);
+    const tokenStore = new tokens_1.TokenStore(configDir);
+    await tokenStore.load();
+    const pairingManager = new pairing_1.PairingManager(tokenStore, config.pairing.tokenTtlDays);
+    const jobManager = new jobs_1.JobManager(config.jobs.maxConcurrent, config.jobs.timeoutSeconds);
+    const logger = (0, pino_1.default)({ enabled: false });
+    const capabilities = { tools: {} };
+    const ctx = {
+        config,
+        configDir,
+        tokenStore,
+        pairingManager,
+        jobManager,
+        capabilities,
+        logger,
+        version: "0.1.0",
+        build: undefined,
+    };
+    return { ctx, app: (0, app_1.createApp)(ctx) };
+};
+(0, vitest_1.describe)("Git Daemon API", () => {
+    const origin = "http://localhost:5173";
+    (0, vitest_1.it)("rejects missing Origin header", async () => {
+        const { app } = await createContext(null, origin);
+        const res = await (0, supertest_1.default)(app).get("/v1/meta").set("Host", "127.0.0.1");
+        (0, vitest_1.expect)(res.status).toBe(403);
+        (0, vitest_1.expect)(res.body.errorCode).toBe("origin_not_allowed");
+    });
+    (0, vitest_1.it)("returns meta for allowed origin", async () => {
+        const { app } = await createContext(null, origin);
+        const res = await (0, supertest_1.default)(app)
+            .get("/v1/meta")
+            .set("Origin", origin)
+            .set("Host", "127.0.0.1");
+        (0, vitest_1.expect)(res.status).toBe(200);
+        (0, vitest_1.expect)(res.body.version).toBeTypeOf("string");
+        (0, vitest_1.expect)(res.body.pairing).toBeTruthy();
+    });
+    (0, vitest_1.it)("requires auth for protected routes", async () => {
+        const { app } = await createContext(null, origin);
+        const res = await (0, supertest_1.default)(app)
+            .get("/v1/git/status")
+            .query({ repoPath: "repo" })
+            .set("Origin", origin)
+            .set("Host", "127.0.0.1");
+        (0, vitest_1.expect)(res.status).toBe(401);
+        (0, vitest_1.expect)(res.body.errorCode).toBe("auth_required");
+    });
+    (0, vitest_1.it)("returns workspace_required when not configured", async () => {
+        const { app, ctx } = await createContext(null, origin);
+        const { token } = await ctx.tokenStore.issueToken(origin, 30);
+        const res = await (0, supertest_1.default)(app)
+            .get("/v1/git/status")
+            .query({ repoPath: "repo" })
+            .set("Origin", origin)
+            .set("Host", "127.0.0.1")
+            .set("Authorization", `Bearer ${token}`);
+        (0, vitest_1.expect)(res.status).toBe(409);
+        (0, vitest_1.expect)(res.body.errorCode).toBe("workspace_required");
+    });
+    (0, vitest_1.it)("validates repoUrl on clone", async () => {
+        const workspaceRoot = await createTempDir();
+        const { app, ctx } = await createContext(workspaceRoot, origin);
+        const { token } = await ctx.tokenStore.issueToken(origin, 30);
+        const res = await (0, supertest_1.default)(app)
+            .post("/v1/git/clone")
+            .set("Origin", origin)
+            .set("Host", "127.0.0.1")
+            .set("Authorization", `Bearer ${token}`)
+            .send({ repoUrl: "file:///tmp/repo", destRelative: "repo" });
+        (0, vitest_1.expect)(res.status).toBe(422);
+        (0, vitest_1.expect)(res.body.errorCode).toBe("invalid_repo_url");
+    });
+});

package/tsconfig.json

@@ -10,5 +10,6 @@
     "skipLibCheck": true,
     "resolveJsonModule": true
   },
-  "include": ["src", "tests", "vitest.config.ts"]
+  "include": ["src"],
+  "exclude": ["tests", "vitest.config.ts"]
 }