multimodel-dev-os 3.1.0 → 3.5.0

package/tests/unit/path-safety.test.js

@@ -0,0 +1,62 @@
+import { describe, it, expect } from 'vitest';
+import { isSafePath, shouldIgnorePath } from '../../src/core/security.js';
+
+describe('Path Safety and Ignore Engine', () => {
+  describe('isSafePath', () => {
+    const policy = {
+      allowed_write_roots: ['.ai/', 'adapters/'],
+      blocked_paths: ['.env', '.npmrc', '.git/', 'node_modules/', 'package.json', 'package-lock.json']
+    };
+
+    it('should allow paths under allowed write roots', () => {
+      expect(isSafePath('.ai/plugins/my-plugin.yaml', policy)).toBe(true);
+      expect(isSafePath('adapters/vscode/settings.json', policy)).toBe(true);
+    });
+
+    it('should reject paths outside allowed write roots', () => {
+      expect(isSafePath('src/cli/main.js', policy)).toBe(false);
+      expect(isSafePath('index.js', policy)).toBe(false);
+    });
+
+    it('should reject paths with directory traversal', () => {
+      expect(isSafePath('.ai/plugins/../../index.js', policy)).toBe(false);
+      expect(isSafePath('adapters/../package.json', policy)).toBe(false);
+    });
+
+    it('should reject absolute paths', () => {
+      expect(isSafePath('/etc/passwd', policy)).toBe(false);
+      expect(isSafePath('C:/Windows/System32', policy)).toBe(false);
+    });
+
+    it('should reject blacklisted paths', () => {
+      expect(isSafePath('.ai/plugins/.env', policy)).toBe(false);
+      expect(isSafePath('adapters/.npmrc', policy)).toBe(false);
+      expect(isSafePath('adapters/node_modules/foo', policy)).toBe(false);
+    });
+  });
+
+  describe('shouldIgnorePath', () => {
+    it('should ignore dependency and git folders', () => {
+      expect(shouldIgnorePath('node_modules/lodash/index.js')).toBe(true);
+      expect(shouldIgnorePath('.git/config')).toBe(true);
+      expect(shouldIgnorePath('dist/bundle.js')).toBe(true);
+    });
+
+    it('should ignore generated runtime memory files', () => {
+      expect(shouldIgnorePath('.ai/intelligence/memory.hash.json')).toBe(true);
+      expect(shouldIgnorePath('.ai/intelligence/feedback-log.jsonl')).toBe(true);
+    });
+
+    it('should ignore credential and secret files', () => {
+      expect(shouldIgnorePath('.env')).toBe(true);
+      expect(shouldIgnorePath('src/.env.production')).toBe(true);
+      expect(shouldIgnorePath('key.pem')).toBe(true);
+      expect(shouldIgnorePath('id_rsa')).toBe(true);
+    });
+
+    it('should not ignore standard application source files', () => {
+      expect(shouldIgnorePath('src/core/yaml.js')).toBe(false);
+      expect(shouldIgnorePath('README.md')).toBe(false);
+    });
+  });
+});

package/tests/unit/plugin-manifest.test.js

@@ -0,0 +1,94 @@
+import { describe, it, expect } from 'vitest';
+import { validatePluginManifest } from '../../src/plugin/manifest.js';
+
+describe('Plugin Manifest Validator', () => {
+  it('should accept a completely valid plugin manifest', () => {
+    const manifest = {
+      name: 'My Test Plugin',
+      slug: 'my-test-plugin',
+      version: '1.0.0',
+      description: 'A valid test plugin description',
+      author: 'Tester',
+      allowed_file_patterns: ['.ai/plugins/config.yaml', 'adapters/vscode/settings.json']
+    };
+
+    const result = validatePluginManifest(manifest);
+    expect(result.success).toBe(true);
+    expect(result.errors).toHaveLength(0);
+  });
+
+  it('should reject missing metadata keys', () => {
+    const manifest = {
+      name: 'My Test Plugin',
+      version: '1.0.0',
+      description: 'A description',
+      author: 'Tester'
+      // slug is missing
+    };
+
+    const result = validatePluginManifest(manifest);
+    expect(result.success).toBe(false);
+    expect(result.errors).toContain('Missing required key: slug');
+  });
+
+  it('should reject invalid slug formats', () => {
+    const manifest = {
+      name: 'My Test Plugin',
+      slug: 'invalid slug here',
+      version: '1.0.0',
+      description: 'A description',
+      author: 'Tester'
+    };
+
+    const result = validatePluginManifest(manifest);
+    expect(result.success).toBe(false);
+    expect(result.errors).toContain("Key 'slug' must be alphanumeric with dashes or underscores only");
+  });
+
+  it('should reject patterns writing outside allowed write roots', () => {
+    const manifest = {
+      name: 'My Test Plugin',
+      slug: 'my-test-plugin',
+      version: '1.0.0',
+      description: 'A description',
+      author: 'Tester',
+      allowed_file_patterns: ['src/cli/main.js'] // not in .ai/ or adapters/
+    };
+
+    const result = validatePluginManifest(manifest);
+    expect(result.success).toBe(false);
+    expect(result.errors[0]).toContain('violates safety boundaries');
+  });
+
+  it('should reject patterns containing traversal or leading slash', () => {
+    const manifest = {
+      name: 'My Test Plugin',
+      slug: 'my-test-plugin',
+      version: '1.0.0',
+      description: 'A description',
+      author: 'Tester',
+      allowed_file_patterns: ['.ai/plugins/../../index.js', '/.ai/plugins/test.yaml']
+    };
+
+    const result = validatePluginManifest(manifest);
+    expect(result.success).toBe(false);
+    expect(result.errors).toHaveLength(2);
+    expect(result.errors[0]).toContain('violates safety boundaries');
+    expect(result.errors[1]).toContain('violates safety boundaries');
+  });
+
+  it('should reject patterns containing blacklisted files', () => {
+    const manifest = {
+      name: 'My Test Plugin',
+      slug: 'my-test-plugin',
+      version: '1.0.0',
+      description: 'A description',
+      author: 'Tester',
+      allowed_file_patterns: ['.ai/plugins/.env', 'adapters/package.json']
+    };
+
+    const result = validatePluginManifest(manifest);
+    expect(result.success).toBe(false);
+    expect(result.errors).toHaveLength(2);
+  });
+});

package/tests/unit/prepublish-guard.test.js

@@ -0,0 +1,35 @@
+import { describe, it, expect } from 'vitest';
+import { execSync } from 'child_process';
+import { join } from 'path';
+
+describe('Prepublish Guard', () => {
+  const guardPath = join(process.cwd(), 'scripts', 'prepublish-guard.js');
+
+  it('should block publish when MMDO_ALLOW_PUBLISH is not set', () => {
+    try {
+      execSync(`node "${guardPath}"`, {
+        stdio: 'pipe',
+        env: {
+          ...process.env,
+          MMDO_ALLOW_PUBLISH: 'false' // explicitly set to false to override any ambient env
+        }
+      });
+      throw new Error('Prepublish guard did not block the publish.');
+    } catch (err) {
+      expect(err.status).toBe(1);
+      expect(err.stderr.toString()).toContain('Publishing requires explicit release approval');
+    }
+  });
+
+  it('should allow publish when MMDO_ALLOW_PUBLISH=true for stable version >= 2', () => {
+    const output = execSync(`node "${guardPath}"`, {
+      env: {
+        ...process.env,
+        MMDO_ALLOW_PUBLISH: 'true',
+        MMDO_ALLOW_PRERELEASE_PUBLISH: undefined
+      },
+      encoding: 'utf8'
+    });
+    expect(output).toContain('Prepublish guard passed');
+  });
+});

package/tests/unit/registry-e2e-signature-fixtures.test.js

@@ -0,0 +1,288 @@
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import { readFileSync, mkdirSync, writeFileSync, copyFileSync, rmSync, existsSync } from 'fs';
+import { join } from 'path';
+import { execSync } from 'child_process';
+import { verifySignatureBlock } from '../../src/registry/signing.js';
+import { parseYaml } from '../../src/core/yaml.js';
+import { createTrustVerdict } from '../../src/registry/verdict.js';
+
+const fixturesDir = join(process.cwd(), 'tests', 'fixtures', 'signed-registries');
+
+// Helper to load trust store from YAML fixture
+function loadFixtureTrustedKeys() {
+  const content = readFileSync(join(fixturesDir, 'trusted-keys.yaml'), 'utf8');
+  const parsed = parseYaml(content);
+  return parsed.trusted_publishers || [];
+}
+
+// Helper to load registry manifest from fixture
+function loadFixtureManifest(folderName) {
+  const content = readFileSync(join(fixturesDir, folderName, 'registry-manifest.yaml'), 'utf8');
+  return parseYaml(content);
+}
+
+// Helper to load expected verdict
+function loadExpectedVerdict(folderName) {
+  const content = readFileSync(join(fixturesDir, folderName, 'expected-verdict.json'), 'utf8');
+  return JSON.parse(content);
+}
+
+describe('Registry E2E Signatures — Fixtures Validation', () => {
+  const trustedKeys = loadFixtureTrustedKeys();
+
+  it('valid-signed-registry passes verification', () => {
+    const manifest = loadFixtureManifest('valid-signed-registry');
+    const policy = {
+      allow_unsigned_remote: false,
+      require_signature: true,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(true);
+    expect(res.status).toBe('verified');
+
+    // Create structured verdict
+    const verdict = createTrustVerdict({
+      source: source.name,
+      source_type: source.type,
+      manifest_hash_status: 'verified',
+      catalog_hash_status: 'verified',
+      lockfile_status: 'present',
+      provenance_status: 'matched',
+      signature_status: 'verified',
+      trusted_publisher_status: 'trusted',
+      errors: res.errors || [],
+      warnings: [],
+      final_status: 'trusted'
+    });
+
+    const expected = loadExpectedVerdict('valid-signed-registry');
+    expect(verdict.final_status).toBe(expected.final_status);
+    expect(verdict.signature_status).toBe(expected.signature_status);
+    expect(verdict.trusted_publisher_status).toBe(expected.trusted_publisher_status);
+  });
+
+  it('tampered-manifest fails verification', () => {
+    const manifest = loadFixtureManifest('tampered-manifest');
+    const policy = {
+      allow_unsigned_remote: false,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.errors[0]).toContain('Invalid Ed25519 signature');
+
+    const expected = loadExpectedVerdict('tampered-manifest');
+    expect(res.errors[0]).toContain(expected.errors[0]);
+  });
+
+  it('changed catalog hash fails verification', () => {
+    const manifest = loadFixtureManifest('valid-signed-registry');
+    // Modify catalog_hash after signing
+    manifest.catalog_hash = 'sha256:1111111111111111111111111111111111111111111111111111111111111111';
+    
+    const policy = {
+      allow_unsigned_remote: false,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.errors[0]).toContain('Invalid Ed25519 signature');
+  });
+
+  it('wrong trusted key fails verification', () => {
+    const manifest = loadFixtureManifest('wrong-key');
+    const policy = {
+      allow_unsigned_remote: false,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.errors[0]).toContain('not found in trust store');
+
+    const expected = loadExpectedVerdict('wrong-key');
+    expect(res.errors[0]).toContain(expected.errors[0]);
+  });
+
+  it('revoked key fails verification', () => {
+    const manifest = loadFixtureManifest('revoked-key');
+    const policy = {
+      allow_unsigned_remote: false,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.errors[0]).toContain('is revoked (must be active)');
+
+    const expected = loadExpectedVerdict('revoked-key');
+    expect(res.errors[0]).toContain(expected.errors[0]);
+  });
+
+  it('disabled key fails verification', () => {
+    const manifest = loadFixtureManifest('valid-signed-registry');
+    // Mutate the valid manifest key_id to test-key-disabled
+    manifest.signature.key_id = 'test-key-disabled';
+    
+    const policy = {
+      allow_unsigned_remote: false,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.errors[0]).toContain('is disabled (must be active)');
+  });
+
+  it('scope mismatch fails verification', () => {
+    const manifest = loadFixtureManifest('valid-signed-registry');
+    
+    // Create a trust store where valid-key has scope mismatch (e.g. only 'plugin' scope)
+    const customTrustedKeys = trustedKeys.map(k => {
+      if (k.key_id === 'test-key-valid') {
+        return { ...k, scopes: ['plugin'] };
+      }
+      return k;
+    });
+
+    const policy = {
+      allow_unsigned_remote: false,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys: customTrustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.errors[0]).toContain('does not have required scope');
+  });
+
+  it('unsigned remote registry fails verification when allow_unsigned_remote is false', () => {
+    const manifest = loadFixtureManifest('unsigned-remote-required');
+    const policy = {
+      allow_unsigned_remote: false,
+      require_signature: false,
+      allowed_signature_algorithms: ['ed25519']
+    };
+    const source = { name: 'official', type: 'remote' };
+
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.error).toContain('Unsigned remote registries are not allowed');
+
+    const expected = loadExpectedVerdict('unsigned-remote-required');
+    expect(res.error).toContain(expected.errors[0]);
+  });
+
+  it('unsupported algorithm fails verification', () => {
+    const manifest = loadFixtureManifest('unsupported-algorithm');
+    const policy = {
+      allow_unsigned_remote: false,
+      allowed_signature_algorithms: ['ed25519', 'hmac-sha256']
+    };
+    const source = { name: 'official', type: 'remote' };
+    const res = verifySignatureBlock({ manifest, trustedKeys, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.status).toBe('failed');
+    expect(res.errors[0]).toContain('Signature algorithm \'rsa-sha256\' is not allowed by policy');
+
+    const expected = loadExpectedVerdict('unsupported-algorithm');
+    expect(res.errors[0]).toContain(expected.errors[0]);
+  });
+});
+
+describe('Registry CLI Integration E2E Tests', () => {
+  const tempCliDir = join(process.cwd(), 'tests', 'fixtures', 'temp-cli-trust');
+  const cliPath = join(process.cwd(), 'bin', 'multimodel-dev-os.js');
+
+  beforeAll(() => {
+    if (existsSync(tempCliDir)) {
+      rmSync(tempCliDir, { recursive: true, force: true });
+    }
+    mkdirSync(join(tempCliDir, '.ai', 'registries'), { recursive: true });
+    copyFileSync(
+      join(fixturesDir, 'trusted-keys.yaml'),
+      join(tempCliDir, '.ai', 'registries', 'trusted-keys.yaml')
+    );
+    copyFileSync(
+      join(process.cwd(), 'examples', 'general-app', '.ai', 'config.yaml'),
+      join(tempCliDir, '.ai', 'config.yaml')
+    );
+  });
+
+  afterAll(() => {
+    if (existsSync(tempCliDir)) {
+      rmSync(tempCliDir, { recursive: true, force: true });
+    }
+  });
+
+  const stripAnsi = (str) => str.replace(/[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]/g, '');
+
+  it('registry trust list outputs keys from trust store', () => {
+    const rawOutput = execSync(`node ${cliPath} registry trust list --target ${tempCliDir}`, { encoding: 'utf8' });
+    const output = stripAnsi(rawOutput);
+    expect(output).toContain('test-key-valid');
+    expect(output).toContain('test-key-revoked');
+    expect(output).toContain('test-key-disabled');
+    expect(output).toContain('Total Keys:       3');
+  });
+
+  it('registry trust show test-key-valid outputs correct key details', () => {
+    const rawOutput = execSync(`node ${cliPath} registry trust show test-key-valid --target ${tempCliDir}`, { encoding: 'utf8' });
+    const output = stripAnsi(rawOutput);
+    expect(output).toContain('Key ID:         test-key-valid');
+    expect(output).toContain('Publisher:      Mock Valid Publisher');
+    expect(output).toContain('Algorithm:      ed25519');
+    expect(output).toContain('Public Key:');
+    expect(output).toContain('MCowBQYDK2VwAyE');
+  });
+
+  it('registry trust verify validates format of keys in trust store', () => {
+    const rawOutput = execSync(`node ${cliPath} registry trust verify --target ${tempCliDir}`, { encoding: 'utf8' });
+    const output = stripAnsi(rawOutput);
+    expect(output).toContain("Key 'test-key-valid' public key format is valid.");
+    expect(output).toContain("Key 'test-key-revoked' public key format is valid.");
+    expect(output).toContain("Key 'test-key-disabled' public key format is valid.");
+    expect(output).toContain('Trust store verification passed.');
+  });
+
+  it('registry verify bundled passes', () => {
+    const rawOutput = execSync(`node ${cliPath} registry verify bundled --target ${tempCliDir}`, { encoding: 'utf8' });
+    const output = stripAnsi(rawOutput);
+    expect(output).toContain('Final Trust:        ✓ Verified (Implicit local trust)');
+  });
+
+  it('registry status displays security/signature policy', () => {
+    const rawOutput = execSync(`node ${cliPath} registry status --target ${tempCliDir}`, { encoding: 'utf8' });
+    const output = stripAnsi(rawOutput);
+    expect(output).toContain('Policy State:');
+    expect(output).toContain('require_signature:');
+    expect(output).toContain('allow_unsigned_remote:');
+  });
+
+  it('registry sync fails safely without approval', () => {
+    try {
+      execSync(`node ${cliPath} registry sync official --target ${tempCliDir}`, { encoding: 'utf8', stdio: 'pipe' });
+      throw new Error('Should have failed');
+    } catch (err) {
+      expect(err.message).toContain('Command failed');
+    }
+  });
+});
+

package/tests/unit/registry-policy.test.js

@@ -0,0 +1,52 @@
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import { loadRegistryPolicy } from '../../src/core/policy.js';
+import { existsSync, mkdirSync, writeFileSync, rmSync } from 'fs';
+import { join } from 'path';
+
+describe('Registry Policy Engine', () => {
+  const tempDir = join(process.cwd(), 'temp-policy-test');
+  const policySubdir = join(tempDir, '.ai', 'policies');
+  const policyFile = join(policySubdir, 'registry-policy.yaml');
+
+  beforeAll(() => {
+    mkdirSync(policySubdir, { recursive: true });
+  });
+
+  afterAll(() => {
+    if (existsSync(tempDir)) {
+      rmSync(tempDir, { recursive: true, force: true });
+    }
+  });
+
+  it('should load default policy fields if no file is found', () => {
+    const policy = loadRegistryPolicy('non-existent-directory-random-path');
+    expect(policy.allow_remote_registries).toBe(false);
+    expect(policy.allow_http_localhost).toBe(false);
+    expect(policy.require_checksum).toBe(true);
+    expect(policy.allowed_write_roots).toEqual(['.ai/', 'adapters/']);
+    expect(policy.allow_unsigned_local).toBe(true);
+    expect(policy.allow_unsigned_bundled).toBe(true);
+    expect(policy.allow_unsigned_remote).toBe(false);
+    expect(policy.require_trusted_publisher).toBe(false);
+    expect(policy.provenance_required).toBe(true);
+    expect(policy.allowed_signature_algorithms).toEqual(['ed25519', 'hmac-sha256']);
+  });
+
+  it('should override default fields with written policy configurations', () => {
+    const yamlConfig = `
+allow_remote_registries: true
+allow_http_localhost: true
+require_checksum: false
+max_plugin_files: 50
+    `;
+    writeFileSync(policyFile, yamlConfig, 'utf8');
+
+    const policy = loadRegistryPolicy(tempDir);
+    expect(policy.allow_remote_registries).toBe(true);
+    expect(policy.allow_http_localhost).toBe(true);
+    expect(policy.require_checksum).toBe(false);
+    expect(policy.max_plugin_files).toBe(50);
+    // Unspecified fields should keep defaults
+    expect(policy.max_registry_cache_size_kb).toBe(512);
+  });
+});