keystone-cli 0.8.0 → 1.0.0

package/src/runner/step-executor.test.ts

@@ -13,9 +13,11 @@ import * as dns from 'node:dns/promises';
 import { mkdirSync, rmSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
+import * as readlinePromises from 'node:readline/promises';
 import type { MemoryDb } from '../db/memory-db';
 import type { ExpressionContext } from '../expression/evaluator';
 import type {
+  EngineStep,
   FileStep,
   HumanStep,
   RequestStep,
@@ -23,18 +25,12 @@ import type {
   SleepStep,
   WorkflowStep,
 } from '../parser/schema';
+import { ConfigLoader } from '../utils/config-loader';
 import type { SafeSandbox } from '../utils/sandbox';
 import type { getAdapter } from './llm-adapter';
+import type { executeLlmStep } from './llm-executor';
 import { executeStep } from './step-executor';
 
-// Mock executeLlmStep
-mock.module('./llm-executor', () => ({
-  // @ts-ignore
-  executeLlmStep: mock((_step, _context, _callback) => {
-    return Promise.resolve({ status: 'success', output: 'llm-output' });
-  }),
-}));
-
 interface StepOutput {
   stdout: string;
   stderr: string;
@@ -46,16 +42,11 @@ interface RequestOutput {
   data: unknown;
 }
 
-// Mock node:readline/promises
 const mockRl = {
   question: mock(() => Promise.resolve('')),
   close: mock(() => {}),
 };
 
-mock.module('node:readline/promises', () => ({
-  createInterface: mock(() => mockRl),
-}));
-
 describe('step-executor', () => {
   let context: ExpressionContext;
 
@@ -84,6 +75,10 @@ describe('step-executor', () => {
     };
   });
 
+  afterEach(() => {
+    ConfigLoader.clear();
+  });
+
   describe('shell', () => {
     it('should execute shell command', async () => {
       const step: ShellStep = {
@@ -313,6 +308,97 @@ describe('step-executor', () => {
       expect(result.status).toBe('failed');
       expect(result.error).toBe('Script failed');
     });
+
+    it('should pass logger to sandbox execution', async () => {
+      const logger = { log: mock(() => {}) };
+      // @ts-ignore
+      const step = {
+        id: 's1',
+        type: 'script',
+        run: 'return 1',
+        allowInsecure: true,
+      };
+
+      const mockSandbox = {
+        execute: async (
+          _code: string,
+          _context: Record<string, unknown>,
+          options?: { logger?: unknown }
+        ) => {
+          expect(options?.logger).toBe(logger);
+          return 'ok';
+        },
+      };
+
+      const result = await executeStep(
+        step,
+        context,
+        logger as unknown as Parameters<typeof executeStep>[2],
+        {
+          sandbox: mockSandbox as unknown as Parameters<typeof executeStep>[3]['sandbox'],
+        }
+      );
+
+      expect(result.status).toBe('success');
+    });
+  });
+
+  describe('engine', () => {
+    const artifactRoot = join(tempDir, 'engine-artifacts');
+
+    const setEngineConfig = (
+      allowlist: Record<string, { command: string; version: string; versionArgs?: string[] }>
+    ) => {
+      ConfigLoader.setConfig({
+        default_provider: 'openai',
+        providers: {},
+        model_mappings: {},
+        storage: { retention_days: 30, redact_secrets_at_rest: true },
+        mcp_servers: {},
+        engines: { allowlist, denylist: [] },
+        concurrency: { default: 10, pools: { llm: 2, shell: 5, http: 10, engine: 2 } },
+      });
+    };
+
+    it('should execute engine command and parse summary', async () => {
+      const version = (Bun.version || process.versions?.bun || '') as string;
+      setEngineConfig({ bun: { command: 'bun', version } });
+
+      const step: EngineStep = {
+        id: 'e1',
+        type: 'engine',
+        command: 'bun',
+        args: ['-e', 'console.log(JSON.stringify({ ok: true }))'],
+        env: { PATH: process.env.PATH || '' },
+        cwd: process.cwd(),
+      };
+
+      const result = await executeStep(step, context, undefined, { artifactRoot });
+      expect(result.status).toBe('success');
+      const output = result.output as { summary: { ok: boolean }; artifactPath?: string };
+      expect(output.summary).toEqual({ ok: true });
+      expect(output.artifactPath).toBeTruthy();
+
+      const artifactText = await Bun.file(output.artifactPath as string).text();
+      expect(artifactText).toContain('"ok": true');
+    });
+
+    it('should fail when engine command is not allowlisted', async () => {
+      setEngineConfig({});
+
+      const step: EngineStep = {
+        id: 'e1',
+        type: 'engine',
+        command: 'bun',
+        args: ['-e', 'console.log(JSON.stringify({ ok: true }))'],
+        env: { PATH: process.env.PATH || '' },
+        cwd: process.cwd(),
+      };
+
+      const result = await executeStep(step, context, undefined, { artifactRoot });
+      expect(result.status).toBe('failed');
+      expect(result.error).toContain('allowlist');
+    });
   });
 
   describe('memory', () => {
@@ -322,7 +408,7 @@ describe('step-executor', () => {
     };
 
     const mockGetAdapter = mock((model) => {
-      if (model === 'no-embed') return { adapter: {}, resolvedModel: model };
+      if (model === 'local:no-embed') return { adapter: {}, resolvedModel: model };
       return {
         adapter: {
           embed: mock((text) => Promise.resolve([0.1, 0.2, 0.3])),
@@ -343,7 +429,13 @@ describe('step-executor', () => {
 
     it('should fail if adapter does not support embedding', async () => {
       // @ts-ignore
-      const step = { id: 'm1', type: 'memory', op: 'store', text: 'foo', model: 'no-embed' };
+      const step = {
+        id: 'm1',
+        type: 'memory',
+        op: 'store',
+        text: 'foo',
+        model: 'local:no-embed',
+      };
       // @ts-ignore
       const result = await executeStep(step, context, undefined, {
         memoryDb: mockMemoryDb as unknown as MemoryDb,
@@ -353,6 +445,18 @@ describe('step-executor', () => {
       expect(result.error).toContain('does not support embeddings');
     });
 
+    it('should fail for non-local embedding models', async () => {
+      // @ts-ignore
+      const step = { id: 'm1', type: 'memory', op: 'store', text: 'foo', model: 'openai' };
+      // @ts-ignore
+      const result = await executeStep(step, context, undefined, {
+        memoryDb: mockMemoryDb as unknown as MemoryDb,
+        getAdapter: mockGetAdapter as unknown as typeof getAdapter,
+      });
+      expect(result.status).toBe('failed');
+      expect(result.error).toContain('only support local embeddings');
+    });
+
     it('should store memory', async () => {
       // @ts-ignore
       const step = {
@@ -585,17 +689,67 @@ describe('step-executor', () => {
       expect(result.error).toContain('HTTP 400: Bad Request');
       expect(result.error).toContain('Response Body: {"error": "bad request details"}');
     });
+
+    it('should drop auth headers on cross-origin redirects', async () => {
+      // @ts-ignore
+      global.fetch
+        .mockResolvedValueOnce(
+          new Response('', {
+            status: 302,
+            headers: { Location: 'https://other.example.com/next' },
+          })
+        )
+        .mockResolvedValueOnce(new Response('ok'));
+
+      const step: RequestStep = {
+        id: 'req-redirect',
+        type: 'request',
+        needs: [],
+        url: 'https://api.example.com/start',
+        method: 'GET',
+        headers: { Authorization: 'Bearer token' },
+      };
+
+      const result = await executeStep(step, context);
+      expect(result.status).toBe('success');
+
+      // @ts-ignore
+      const secondCall = global.fetch.mock.calls[1][1];
+      expect(secondCall.headers.Authorization).toBeUndefined();
+    });
+
+    it('should allow insecure request when allowInsecure is true', async () => {
+      // @ts-ignore
+      global.fetch.mockResolvedValue(new Response('ok'));
+
+      const step: RequestStep = {
+        id: 'req-insecure',
+        type: 'request',
+        needs: [],
+        url: 'http://localhost/test',
+        method: 'GET',
+        allowInsecure: true,
+      };
+
+      const result = await executeStep(step, context);
+      expect(result.status).toBe('success');
+    });
   });
 
   describe('human', () => {
     const originalIsTTY = process.stdin.isTTY;
+    let createInterfaceSpy: ReturnType<typeof spyOn>;
 
     beforeEach(() => {
       process.stdin.isTTY = true;
+      createInterfaceSpy = spyOn(readlinePromises, 'createInterface').mockReturnValue(
+        mockRl as unknown as ReturnType<typeof readlinePromises.createInterface>
+      );
     });
 
     afterEach(() => {
       process.stdin.isTTY = originalIsTTY;
+      createInterfaceSpy.mockRestore();
     });
 
     it('should handle human confirmation', async () => {
@@ -737,7 +891,13 @@ describe('step-executor', () => {
         type: 'llm',
         prompt: 'hello',
       };
-      const result = await executeStep(step, context);
+      const executeLlmStepMock = mock(async () => ({
+        status: 'success',
+        output: 'llm-output',
+      })) as unknown as typeof executeLlmStep;
+      const result = await executeStep(step, context, undefined, {
+        executeLlmStep: executeLlmStepMock,
+      });
       expect(result.status).toBe('success');
       expect(result.output).toBe('llm-output');
     });