keystone-cli 1.3.0 → 2.0.1

package/src/utils/auth-manager.test.ts

@@ -45,10 +45,11 @@ describe('AuthManager', () => {
     });
 
     it('should load and parse auth data if file exists', () => {
-      fs.writeFileSync(TEMP_AUTH_FILE, JSON.stringify({ github_token: 'test-token' }));
+      const authData = { mcp_tokens: { test: { access_token: 'test-token' } } };
+      fs.writeFileSync(TEMP_AUTH_FILE, JSON.stringify(authData));
 
       const data = AuthManager.load();
-      expect(data).toEqual({ github_token: 'test-token' });
+      expect(data).toEqual(authData);
     });
 
     it('should return empty object if JSON parsing fails', () => {
@@ -61,14 +62,16 @@ describe('AuthManager', () => {
 
   describe('save()', () => {
     it('should save data merged with current data', () => {
-      fs.writeFileSync(TEMP_AUTH_FILE, JSON.stringify({ github_token: 'old-token' }));
+      fs.writeFileSync(
+        TEMP_AUTH_FILE,
+        JSON.stringify({ mcp_tokens: { s1: { access_token: 't1' } } })
+      );
 
-      AuthManager.save({ copilot_token: 'new-copilot-token' });
+      AuthManager.save({ mcp_tokens: { s2: { access_token: 't2' } } });
 
       const content = fs.readFileSync(TEMP_AUTH_FILE, 'utf8');
       expect(JSON.parse(content)).toEqual({
-        github_token: 'old-token',
-        copilot_token: 'new-copilot-token',
+        mcp_tokens: { s2: { access_token: 't2' } },
       });
     });
   });
@@ -85,524 +88,11 @@ describe('AuthManager', () => {
       AuthManager.setLogger(mockLogger);
       // Trigger a log through save failure to verify
       process.env.KEYSTONE_AUTH_PATH = '/non/existent/path/auth.json';
-      AuthManager.save({ github_token: 'test' });
+      AuthManager.save({ mcp_tokens: { test: { access_token: 'test' } } });
       expect(mockLogger.error).toHaveBeenCalled();
       process.env.KEYSTONE_AUTH_PATH = TEMP_AUTH_FILE;
       // Reset logger
       AuthManager.setLogger(new ConsoleLogger());
     });
   });
-
-  describe('getCopilotToken()', () => {
-    it('should return undefined if no github_token', async () => {
-      fs.writeFileSync(TEMP_AUTH_FILE, JSON.stringify({}));
-      const token = await AuthManager.getCopilotToken();
-      expect(token).toBeUndefined();
-    });
-
-    it('should return cached token if valid', async () => {
-      const expires = Math.floor(Date.now() / 1000) + 1000;
-      fs.writeFileSync(
-        TEMP_AUTH_FILE,
-        JSON.stringify({
-          github_token: 'gh-token',
-          copilot_token: 'cached-token',
-          copilot_expires_at: expires,
-        })
-      );
-
-      const token = await AuthManager.getCopilotToken();
-      expect(token).toBe('cached-token');
-    });
-
-    it('should refresh token if expired', async () => {
-      fs.writeFileSync(
-        TEMP_AUTH_FILE,
-        JSON.stringify({
-          github_token: 'gh-token',
-          copilot_token: 'expired-token',
-          copilot_expires_at: Math.floor(Date.now() / 1000) - 1000,
-        })
-      );
-
-      // Mock fetch
-      const mockFetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              token: 'new-token',
-              expires_at: Math.floor(Date.now() / 1000) + 3600,
-            }),
-            { status: 200 }
-          )
-        )
-      );
-      // @ts-ignore
-      global.fetch = mockFetch;
-
-      const token = await AuthManager.getCopilotToken();
-      expect(token).toBe('new-token');
-      expect(mockFetch).toHaveBeenCalled();
-    });
-
-    it('should return undefined and log error if refresh fails', async () => {
-      fs.writeFileSync(
-        TEMP_AUTH_FILE,
-        JSON.stringify({
-          github_token: 'gh-token',
-        })
-      );
-
-      // Mock fetch failure
-      // @ts-ignore
-      global.fetch = mock(() =>
-        Promise.resolve(
-          new Response('Unauthorized', {
-            status: 401,
-            statusText: 'Unauthorized',
-          })
-        )
-      );
-
-      const consoleSpy = spyOn(console, 'error').mockImplementation(() => {});
-      const token = await AuthManager.getCopilotToken();
-
-      expect(token).toBeUndefined();
-      expect(consoleSpy).toHaveBeenCalled();
-      consoleSpy.mockRestore();
-    });
-  });
-
-  describe('Device Login', () => {
-    it('initGitHubDeviceLogin should return device code data', async () => {
-      const mockFetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              device_code: 'dev_code',
-              user_code: 'USER-CODE',
-              verification_uri: 'https://github.com/login/device',
-              expires_in: 900,
-              interval: 5,
-            }),
-            { status: 200 }
-          )
-        )
-      );
-      // @ts-ignore
-      global.fetch = mockFetch;
-
-      const result = await AuthManager.initGitHubDeviceLogin();
-      expect(result.device_code).toBe('dev_code');
-      expect(result.user_code).toBe('USER-CODE');
-      expect(mockFetch).toHaveBeenCalled();
-    });
-
-    it('pollGitHubDeviceLogin should return token when successful', async () => {
-      let callCount = 0;
-      const mockFetch = mock(() => {
-        callCount++;
-        if (callCount === 1) {
-          return Promise.resolve(
-            new Response(
-              JSON.stringify({
-                error: 'authorization_pending',
-              }),
-              { status: 200 }
-            )
-          );
-        }
-        return Promise.resolve(
-          new Response(
-            JSON.stringify({
-              access_token: 'gh_access_token',
-            }),
-            { status: 200 }
-          )
-        );
-      });
-      // @ts-ignore
-      global.fetch = mockFetch;
-
-      // Mock setTimeout to resolve immediately
-      const originalTimeout = global.setTimeout;
-      // @ts-ignore
-      global.setTimeout = (fn) => fn();
-
-      try {
-        const token = await AuthManager.pollGitHubDeviceLogin('dev_code');
-        expect(token).toBe('gh_access_token');
-        expect(callCount).toBe(2);
-      } finally {
-        global.setTimeout = originalTimeout;
-      }
-    });
-
-    it('pollGitHubDeviceLogin should throw on other errors', async () => {
-      const mockFetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              error: 'expired_token',
-              error_description: 'The device code has expired',
-            }),
-            { status: 200 }
-          )
-        )
-      );
-      // @ts-ignore
-      global.fetch = mockFetch;
-
-      await expect(AuthManager.pollGitHubDeviceLogin('dev_code')).rejects.toThrow(
-        'The device code has expired'
-      );
-    });
-
-    it('pollGitHubDeviceLogin should timeout after 15 minutes', async () => {
-      // Mock fetch to always return authorization_pending
-      // @ts-ignore
-      global.fetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              error: 'authorization_pending',
-            }),
-            { status: 200 }
-          )
-        )
-      );
-
-      // Mock Date.now to simulate time passing
-      let now = Date.now();
-      const dateSpy = spyOn(Date, 'now').mockImplementation(() => {
-        const current = now;
-        now += 1000 * 60 * 16; // Advance 16 minutes on each call to trigger timeout immediately
-        return current;
-      });
-
-      try {
-        await expect(AuthManager.pollGitHubDeviceLogin('dev_code')).rejects.toThrow(
-          'Device login timed out'
-        );
-      } finally {
-        dateSpy.mockRestore();
-      }
-    });
-  });
-
-  describe('OAuth Helpers', () => {
-    it('generateCodeVerifier should return hex string', () => {
-      // @ts-ignore - access private
-      const verifier = AuthManager.generateCodeVerifier();
-      expect(verifier).toMatch(/^[0-9a-f]+$/);
-      expect(verifier.length).toBe(64);
-    });
-
-    it('createCodeChallenge should return base64url string', () => {
-      const verifier = 'test-verifier';
-      // @ts-ignore - access private
-      const challenge = AuthManager.createCodeChallenge(verifier);
-      expect(challenge).toBeDefined();
-      expect(challenge).not.toContain('+');
-      expect(challenge).not.toContain('/');
-    });
-  });
-
-  describe('Anthropic Claude', () => {
-    it('createAnthropicClaudeAuth should return url and verifier', () => {
-      const { url, verifier } = AuthManager.createAnthropicClaudeAuth();
-      expect(url).toContain('https://claude.ai/oauth/authorize');
-      expect(url).toContain('client_id=');
-      expect(verifier).toBeDefined();
-    });
-
-    it('exchangeAnthropicClaudeCode should return tokens', async () => {
-      const mockFetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              access_token: 'claude-access',
-              refresh_token: 'claude-refresh',
-              expires_in: 3600,
-            }),
-            { status: 200 }
-          )
-        )
-      );
-      // @ts-ignore
-      global.fetch = mockFetch;
-
-      const result = await AuthManager.exchangeAnthropicClaudeCode('code#verifier', 'verifier');
-      expect(result.access_token).toBe('claude-access');
-    });
-
-    it('getAnthropicClaudeToken should return cached token if valid', async () => {
-      const expires = Math.floor(Date.now() / 1000) + 1000;
-      fs.writeFileSync(
-        TEMP_AUTH_FILE,
-        JSON.stringify({
-          anthropic_claude: {
-            access_token: 'claude-cached',
-            refresh_token: 'refresh',
-            expires_at: expires,
-          },
-        })
-      );
-
-      const token = await AuthManager.getAnthropicClaudeToken();
-      expect(token).toBe('claude-cached');
-    });
-
-    it('getAnthropicClaudeToken should refresh if expired', async () => {
-      fs.writeFileSync(
-        TEMP_AUTH_FILE,
-        JSON.stringify({
-          anthropic_claude: {
-            access_token: 'expired',
-            refresh_token: 'refresh',
-            expires_at: Math.floor(Date.now() / 1000) - 1000,
-          },
-        })
-      );
-
-      // @ts-ignore
-      global.fetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              access_token: 'new-claude-token',
-              refresh_token: 'new-refresh',
-              expires_in: 3600,
-            }),
-            { status: 200 }
-          )
-        )
-      );
-
-      const token = await AuthManager.getAnthropicClaudeToken();
-      expect(token).toBe('new-claude-token');
-    });
-  });
-
-  describe('Google Gemini', () => {
-    it('getGoogleGeminiToken should return undefined if not logged in', async () => {
-      const token = await AuthManager.getGoogleGeminiToken();
-      expect(token).toBeUndefined();
-    });
-
-    it('getGoogleGeminiToken should refresh if expired', async () => {
-      fs.writeFileSync(
-        TEMP_AUTH_FILE,
-        JSON.stringify({
-          google_gemini: {
-            access_token: 'expired',
-            refresh_token: 'refresh',
-            expires_at: Math.floor(Date.now() / 1000) - 1000,
-          },
-        })
-      );
-
-      process.env.GOOGLE_GEMINI_OAUTH_CLIENT_SECRET = 'secret';
-
-      // @ts-ignore
-      global.fetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              access_token: 'new-gemini-token',
-              expires_in: 3600,
-            }),
-            { status: 200 }
-          )
-        )
-      );
-
-      const token = await AuthManager.getGoogleGeminiToken();
-      expect(token).toBe('new-gemini-token');
-    });
-
-    it('fetchGoogleGeminiProjectId should return project ID from loadCodeAssist', async () => {
-      // @ts-ignore - access private
-      const spyFetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              cloudaicompanionProject: 'test-project-id',
-            }),
-            { status: 200 }
-          )
-        )
-      );
-      // @ts-ignore
-      global.fetch = spyFetch;
-
-      // @ts-ignore - access private
-      const projectId = await AuthManager.fetchGoogleGeminiProjectId('access-token');
-      expect(projectId).toBe('test-project-id');
-    });
-
-    it('fetchGoogleGeminiProjectId should return project ID from nested object', async () => {
-      // @ts-ignore - access private
-      const spyFetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              cloudaicompanionProject: { id: 'nested-id' },
-            }),
-            { status: 200 }
-          )
-        )
-      );
-      // @ts-ignore
-      global.fetch = spyFetch;
-
-      // @ts-ignore - access private
-      const projectId = await AuthManager.fetchGoogleGeminiProjectId('access-token');
-      expect(projectId).toBe('nested-id');
-    });
-
-    it('loginGoogleGemini should handle OAuth callback', async () => {
-      process.env.GOOGLE_GEMINI_OAUTH_CLIENT_SECRET = 'secret';
-
-      let fetchHandler: any;
-      const mockServer = {
-        port: 51121,
-        stop: mock(() => {}),
-      };
-
-      // @ts-ignore - mock Bun.serve
-      const serveSpy = spyOn(Bun, 'serve').mockImplementation((options: any) => {
-        fetchHandler = options.fetch;
-        return mockServer;
-      });
-
-      // Mock openBrowser to prevent browser opening
-      const openBrowserSpy = spyOn(AuthManager, 'openBrowser').mockImplementation(() => {});
-
-      try {
-        const loginPromise = AuthManager.loginGoogleGemini('test-project');
-
-        // Verify server was started
-        expect(serveSpy).toHaveBeenCalled();
-        expect(fetchHandler).toBeDefined();
-
-        // Simulating the fetch handler call with the mock server
-        const req = new Request('http://localhost:51121/oauth-callback?code=test-code');
-        // @ts-ignore
-        global.fetch = mock(() =>
-          Promise.resolve(
-            new Response(
-              JSON.stringify({
-                access_token: 'access',
-                refresh_token: 'refresh',
-                expires_in: 3600,
-              }),
-              { status: 200 }
-            )
-          )
-        );
-
-        const response = await fetchHandler(req, mockServer);
-        expect(response.status).toBe(200);
-
-        await loginPromise;
-        const auth = AuthManager.load();
-        expect(auth.google_gemini?.access_token).toBe('access');
-      } finally {
-        serveSpy.mockRestore();
-        openBrowserSpy.mockRestore();
-      }
-    });
-  });
-
-  describe('OpenAI ChatGPT Login', () => {
-    it('loginOpenAIChatGPT should handle OAuth callback', async () => {
-      let fetchHandler: any;
-      const mockServer = {
-        stop: mock(() => {}),
-      };
-
-      // @ts-ignore - mock Bun.serve
-      const serveSpy = spyOn(Bun, 'serve').mockImplementation((options: any) => {
-        fetchHandler = options.fetch;
-        return mockServer;
-      });
-
-      // Mock openBrowser to prevent browser opening
-      const openBrowserSpy = spyOn(AuthManager, 'openBrowser').mockImplementation(() => {});
-
-      try {
-        const loginPromise = AuthManager.loginOpenAIChatGPT();
-
-        expect(serveSpy).toHaveBeenCalled();
-        expect(fetchHandler).toBeDefined();
-
-        // Simulate callback
-        const req = new Request('http://localhost:1455/auth/callback?code=test-code&state=xyz');
-        // The code expects the state to match. We can't easily get the random state,
-        // but since we are mocking, we can just ensure the branch is covered.
-        // Actually, let's just test that the handler exists and can be called.
-
-        // @ts-ignore
-        global.fetch = mock(() =>
-          Promise.resolve(
-            new Response(
-              JSON.stringify({
-                access_token: 'access',
-                refresh_token: 'refresh',
-                expires_in: 3600,
-              }),
-              { status: 200 }
-            )
-          )
-        );
-
-        // We skip the state check by not providing it in the URL if we want to test failure,
-        // or we can try to find where it's stored.
-        // But for now, let's just trigger it.
-
-        const response = await fetchHandler(req);
-        // It should return 400 because of state mismatch in real code,
-        // unless we mock the state generation.
-        expect(response.status).toBe(400);
-
-        await expect(loginPromise).rejects.toThrow('Invalid OAuth state');
-      } finally {
-        serveSpy.mockRestore();
-        openBrowserSpy.mockRestore();
-      }
-    });
-  });
-
-  describe('OpenAI ChatGPT', () => {
-    it('getOpenAIChatGPTToken should refresh if expired', async () => {
-      fs.writeFileSync(
-        TEMP_AUTH_FILE,
-        JSON.stringify({
-          openai_chatgpt: {
-            access_token: 'expired',
-            refresh_token: 'refresh',
-            expires_at: Math.floor(Date.now() / 1000) - 1000,
-          },
-        })
-      );
-
-      // @ts-ignore
-      global.fetch = mock(() =>
-        Promise.resolve(
-          new Response(
-            JSON.stringify({
-              access_token: 'new-chatgpt-token',
-              refresh_token: 'new-refresh',
-              expires_in: 3600,
-            }),
-            { status: 200 }
-          )
-        )
-      );
-
-      const token = await AuthManager.getOpenAIChatGPTToken();
-      expect(token).toBe('new-chatgpt-token');
-    });
-  });
 });