ndomo 0.1.0 → 0.2.0

package/src/config/__tests__/schema.test.ts

@@ -0,0 +1,223 @@
+/**
+ * Tests for src/config/schema.ts — NdomoConfig + loadHttpConfig + loadNdomoConfig.
+ *
+ * Tests:
+ * 1. loadHttpConfig() defaults when no env, no file
+ * 2. loadHttpConfig() reads env vars when no file
+ * 3. loadHttpConfig() prefers file http block over env vars
+ * 4. loadNdomoConfig() reads/parses ndomo.config.json correctly
+ * 5. loadNdomoConfig() returns empty object if file missing
+ * 6. NdomoConfig.http is optional, parses valid HttpConfig shape
+ * 7. resolveConfigDir() honors XDG_CONFIG_HOME
+ */
+
+import { describe, test, expect, beforeEach, afterEach } from "bun:test";
+import { mkdtempSync, writeFileSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { loadHttpConfig, loadNdomoConfig, resolveConfigDir } from "../schema.ts";
+
+let tmpDir: string;
+const origEnv: Record<string, string | undefined> = {};
+
+function saveEnv(...keys: string[]): void {
+  for (const key of keys) {
+    origEnv[key] = process.env[key];
+  }
+}
+
+function restoreEnv(...keys: string[]): void {
+  for (const key of keys) {
+    if (origEnv[key] === undefined) {
+      delete process.env[key];
+    } else {
+      process.env[key] = origEnv[key];
+    }
+  }
+}
+
+beforeEach(() => {
+  tmpDir = mkdtempSync(join(tmpdir(), "ndomo-schema-"));
+  saveEnv("NDOMO_HTTP_ENABLED", "NDOMO_HTTP_PORT", "NDOMO_HTTP_CORS_ORIGINS", "NDOMO_HTTP_AUTH_REQUIRED", "XDG_CONFIG_HOME");
+});
+
+afterEach(() => {
+  restoreEnv("NDOMO_HTTP_ENABLED", "NDOMO_HTTP_PORT", "NDOMO_HTTP_CORS_ORIGINS", "NDOMO_HTTP_AUTH_REQUIRED", "XDG_CONFIG_HOME");
+  try {
+    rmSync(tmpDir, { recursive: true, force: true });
+  } catch {
+    // ignore
+  }
+});
+
+describe("loadHttpConfig", () => {
+  test("returns defaults when no env vars and no file", () => {
+    delete process.env.NDOMO_HTTP_ENABLED;
+    delete process.env.NDOMO_HTTP_PORT;
+    delete process.env.NDOMO_HTTP_CORS_ORIGINS;
+    delete process.env.NDOMO_HTTP_AUTH_REQUIRED;
+
+    const fakePath = join(tmpDir, "nonexistent.json");
+    const config = loadHttpConfig(fakePath);
+
+    expect(config.enabled).toBe(false);
+    expect(config.port).toBe(4097);
+    expect(config.cors.origins).toEqual(["*"]);
+    expect(config.auth.required).toBe(true);
+  });
+
+  test("reads env vars when no file", () => {
+    process.env.NDOMO_HTTP_ENABLED = "true";
+    process.env.NDOMO_HTTP_PORT = "8080";
+    process.env.NDOMO_HTTP_CORS_ORIGINS = "a.com,b.com";
+    process.env.NDOMO_HTTP_AUTH_REQUIRED = "false";
+
+    const fakePath = join(tmpDir, "nonexistent.json");
+    const config = loadHttpConfig(fakePath);
+
+    expect(config.enabled).toBe(true);
+    expect(config.port).toBe(8080);
+    expect(config.cors.origins).toEqual(["a.com", "b.com"]);
+    expect(config.auth.required).toBe(false);
+  });
+
+  test("prefers file http block over env vars", () => {
+    // Env says port 8080
+    process.env.NDOMO_HTTP_PORT = "8080";
+    process.env.NDOMO_HTTP_ENABLED = "false";
+
+    // File says port 3000, enabled true
+    const filePath = join(tmpDir, "ndomo.json");
+    writeFileSync(
+      filePath,
+      JSON.stringify({
+        http: {
+          enabled: true,
+          port: 3000,
+          cors: { origins: ["example.com"] },
+          auth: { required: false },
+        },
+      }),
+    );
+
+    const config = loadHttpConfig(filePath);
+
+    // File wins
+    expect(config.enabled).toBe(true);
+    expect(config.port).toBe(3000);
+    expect(config.cors.origins).toEqual(["example.com"]);
+    expect(config.auth.required).toBe(false);
+  });
+
+  test("falls back to env vars when file has no http block", () => {
+    process.env.NDOMO_HTTP_ENABLED = "true";
+    process.env.NDOMO_HTTP_PORT = "9090";
+
+    const filePath = join(tmpDir, "ndomo.json");
+    writeFileSync(filePath, JSON.stringify({ plugins: ["ndomo"] }));
+
+    const config = loadHttpConfig(filePath);
+
+    expect(config.enabled).toBe(true);
+    expect(config.port).toBe(9090);
+    expect(config.cors.origins).toEqual(["*"]);
+  });
+
+  test("falls back to env vars when file is missing", () => {
+    process.env.NDOMO_HTTP_ENABLED = "true";
+    process.env.NDOMO_HTTP_PORT = "5555";
+
+    const config = loadHttpConfig(join(tmpDir, "missing.json"));
+
+    expect(config.enabled).toBe(true);
+    expect(config.port).toBe(5555);
+  });
+});
+
+describe("loadNdomoConfig", () => {
+  test("reads and parses ndomo.json correctly", () => {
+    const filePath = join(tmpDir, "ndomo.json");
+    const data = {
+      plugins: ["ndomo", "opencode-mem"],
+      optionalPlugins: ["@tarquinen/opencode-dcp"],
+      presets: {
+        default: {
+          foreman: { model: "minimax/MiniMax-M3", temperature: 0.3 },
+        },
+      },
+    };
+    writeFileSync(filePath, JSON.stringify(data));
+
+    const config = loadNdomoConfig(filePath);
+
+    expect(config.plugins).toEqual(["ndomo", "opencode-mem"]);
+    expect(config.optionalPlugins).toEqual(["@tarquinen/opencode-dcp"]);
+    expect(config.presets?.default?.foreman?.model).toBe("minimax/MiniMax-M3");
+  });
+
+  test("returns empty object if file is missing", () => {
+    const config = loadNdomoConfig(join(tmpDir, "missing.json"));
+    expect(config).toEqual({});
+  });
+
+  test("returns empty object if file is invalid JSON", () => {
+    const filePath = join(tmpDir, "bad.json");
+    writeFileSync(filePath, "not json {{{");
+
+    const config = loadNdomoConfig(filePath);
+    expect(config).toEqual({});
+  });
+
+  test("returns empty object if file is an array", () => {
+    const filePath = join(tmpDir, "array.json");
+    writeFileSync(filePath, JSON.stringify([1, 2, 3]));
+
+    const config = loadNdomoConfig(filePath);
+    expect(config).toEqual({});
+  });
+
+  test("http field is optional", () => {
+    const filePath = join(tmpDir, "nohttp.json");
+    writeFileSync(filePath, JSON.stringify({ plugins: ["ndomo"] }));
+
+    const config = loadNdomoConfig(filePath);
+    expect(config.http).toBeUndefined();
+  });
+
+  test("http field parses valid HttpConfig shape", () => {
+    const filePath = join(tmpDir, "withhttp.json");
+    writeFileSync(
+      filePath,
+      JSON.stringify({
+        http: {
+          enabled: true,
+          port: 4097,
+          cors: { origins: ["*"] },
+          auth: { required: true },
+        },
+      }),
+    );
+
+    const config = loadNdomoConfig(filePath);
+    expect(config.http).toBeDefined();
+    expect(config.http?.enabled).toBe(true);
+    expect(config.http?.port).toBe(4097);
+    expect(config.http?.cors.origins).toEqual(["*"]);
+    expect(config.http?.auth.required).toBe(true);
+  });
+});
+
+describe("resolveConfigDir", () => {
+  test("uses XDG_CONFIG_HOME when set", () => {
+    process.env.XDG_CONFIG_HOME = "/tmp/test-xdg";
+    const dir = resolveConfigDir();
+    expect(dir).toBe("/tmp/test-xdg/opencode");
+  });
+
+  test("defaults to ~/.config/opencode when XDG not set", () => {
+    delete process.env.XDG_CONFIG_HOME;
+    const dir = resolveConfigDir();
+    expect(dir).toContain(".config");
+    expect(dir).toContain("opencode");
+  });
+});

package/src/config/schema.ts

@@ -2,7 +2,7 @@
 /**
  * HTTP server configuration for ndomo.
  * Loaded from environment variables with sensible defaults.
- * 
+ *
  * Environment variables:
  * - NDOMO_HTTP_ENABLED: "true" to enable HTTP server (default: "false")
  * - NDOMO_HTTP_PORT: Port number (default: 4097)
@@ -10,36 +10,149 @@
  * - NDOMO_HTTP_AUTH_REQUIRED: "false" to disable auth requirement (default: "true")
  */
 
+import { existsSync, readFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
 export type HttpConfig = {
-  enabled: boolean;  // default false, env: NDOMO_HTTP_ENABLED
-  port: number;      // default 4097, env: NDOMO_HTTP_PORT
+  enabled: boolean; // default false, env: NDOMO_HTTP_ENABLED
+  port: number; // default 4097, env: NDOMO_HTTP_PORT
   cors: {
-    origins: string[];  // default ['*'] in dev, [] in prod, env: NDOMO_HTTP_CORS_ORIGINS (comma-separated)
+    origins: string[]; // default ['*'] in dev, [] in prod, env: NDOMO_HTTP_CORS_ORIGINS (comma-separated)
   };
   auth: {
-    required: boolean;  // default true
+    required: boolean; // default true
   };
 };
 
+// ─── NdomoConfig Schema ───────────────────────────────────────────────────────
+/**
+ * Full ndomo configuration as read from ndomo.config.json / ndomo.json.
+ * Preserves all fields from the JSON file (plugin routing, presets, etc.)
+ * and adds the optional HTTP block.
+ */
+export type NdomoConfig = {
+  $schema?: string;
+  plugins?: string[];
+  optionalPlugins?: string[];
+  presets?: Record<
+    string,
+    Record<string, { model?: string; temperature?: number; reasoning_effort?: string }>
+  >;
+  http?: HttpConfig;
+  [key: string]: unknown;
+};
+
+/**
+ * Resolve the ndomo config directory path.
+ * Honors XDG_CONFIG_HOME, defaults to ~/.config/opencode.
+ */
+export function resolveConfigDir(): string {
+  const xdg = process.env.XDG_CONFIG_HOME;
+  if (xdg && xdg.length > 0) {
+    return join(xdg, "opencode");
+  }
+  return join(homedir(), ".config", "opencode");
+}
+
+/**
+ * Resolve the path to ndomo.json in the config directory.
+ * @param configDir - Optional override for config directory
+ */
+export function resolveNdomoJsonPath(configDir?: string): string {
+  return join(configDir ?? resolveConfigDir(), "ndomo.json");
+}
+
 /**
- * Load HTTP configuration from environment variables with defaults.
- * 
- * @returns HttpConfig with values from environment or defaults
- * 
+ * Load NdomoConfig from ndomo.json in the config directory.
+ * Returns empty object if file is missing or unparseable.
+ *
+ * @param configPath - Optional explicit path to ndomo.json
+ * @returns NdomoConfig with all fields from the file
+ */
+export function loadNdomoConfig(configPath?: string): NdomoConfig {
+  const filePath = configPath ?? resolveNdomoJsonPath();
+  if (!existsSync(filePath)) {
+    return {};
+  }
+  try {
+    const raw = readFileSync(filePath, "utf-8");
+    const parsed: unknown = JSON.parse(raw);
+    if (typeof parsed === "object" && parsed !== null && !Array.isArray(parsed)) {
+      return parsed as NdomoConfig;
+    }
+    return {};
+  } catch {
+    return {};
+  }
+}
+
+// ─── Boolean env parsing helper ───────────────────────────────────────────────
+function parseBoolEnv(value: string | undefined, defaultValue: boolean): boolean {
+  if (value === undefined || value === "") return defaultValue;
+  if (defaultValue === true) {
+    // Default true: any value except "false" → true
+    return value !== "false";
+  }
+  // Default false: only "true" → true
+  return value === "true";
+}
+
+// ─── loadHttpConfig ───────────────────────────────────────────────────────────
+/**
+ * Load HTTP configuration with precedence: ndomo.json http block > env vars > defaults.
+ *
+ * If ndomo.json has a complete http block, use it.
+ * If ndomo.json is missing OR http block is incomplete, fall back to env vars.
+ * Env vars always override defaults (even when file has a partial block).
+ *
+ * @param configPath - Optional explicit path to ndomo.json
+ * @returns HttpConfig with resolved values
+ *
  * @example
- * // With env: NDOMO_HTTP_ENABLED=true, NDOMO_HTTP_PORT=8080
+ * // ndomo.json: { "http": { "enabled": true, "port": 8080, "cors": { "origins": ["a.com"] }, "auth": { "required": false } } }
  * const config = loadHttpConfig();
- * // config = { enabled: true, port: 8080, cors: { origins: ["*"] }, auth: { required: true } }
+ * // config = { enabled: true, port: 8080, cors: { origins: ["a.com"] }, auth: { required: false } }
+ *
+ * @example
+ * // No ndomo.json, env: NDOMO_HTTP_ENABLED=true
+ * const config = loadHttpConfig();
+ * // config = { enabled: true, port: 4097, cors: { origins: ["*"] }, auth: { required: true } }
  */
-export function loadHttpConfig(): HttpConfig {
+export function loadHttpConfig(configPath?: string): HttpConfig {
+  const fileConfig = loadNdomoConfig(configPath);
+  const http = fileConfig.http;
+
+  // Helper: check if http block has all required fields (complete)
+  const isCompleteHttp = (h: unknown): h is HttpConfig => {
+    if (typeof h !== "object" || h === null) return false;
+    const obj = h as Record<string, unknown>;
+    return (
+      typeof obj.enabled === "boolean" &&
+      typeof obj.port === "number" &&
+      typeof obj.cors === "object" &&
+      obj.cors !== null &&
+      Array.isArray((obj.cors as Record<string, unknown>).origins) &&
+      typeof obj.auth === "object" &&
+      obj.auth !== null &&
+      typeof (obj.auth as Record<string, unknown>).required === "boolean"
+    );
+  };
+
+  // If file has complete http block, use it (file > env)
+  if (http && isCompleteHttp(http)) {
+    return http;
+  }
+
+  // File missing or incomplete → fall back to env vars + defaults
   return {
-    enabled: process.env.NDOMO_HTTP_ENABLED === "true",
+    enabled: parseBoolEnv(process.env.NDOMO_HTTP_ENABLED, false),
     port: Number(process.env.NDOMO_HTTP_PORT) || 4097,
     cors: {
-      origins: process.env.NDOMO_HTTP_CORS_ORIGINS?.split(",").map(s => s.trim()) ?? ["*"],
+      origins: process.env.NDOMO_HTTP_CORS_ORIGINS?.split(",").map((s) => s.trim()) ?? ["*"],
     },
     auth: {
-      required: process.env.NDOMO_HTTP_AUTH_REQUIRED !== "false",
+      required: parseBoolEnv(process.env.NDOMO_HTTP_AUTH_REQUIRED, true),
     },
   };
 }
@@ -47,7 +160,7 @@ export function loadHttpConfig(): HttpConfig {
 /**
  * Security baseline headers for HTTP responses.
  * These headers should be applied to all HTTP responses to prevent common attacks.
- * 
+ *
  * @see https://owasp.org/www-project-secure-headers/
  */
 export const SECURITY_HEADERS = {

package/src/http/__tests__/auth.test.ts

@@ -21,7 +21,7 @@ import { httpBasicAuth } from "../auth.ts";
 function buildTestApp(httpConfig: HttpConfig) {
   return new Elysia({ name: "test-auth" })
     .use(httpBasicAuth(httpConfig))
-    .get("/protected", () => ({ ok: true }))
+    .get("/api/protected", () => ({ ok: true }))
     .get("/health", () => ({ status: "ok" }));
 }
 
@@ -64,7 +64,7 @@ describe("httpBasicAuth — auth required", () => {
     process.env.OPENCODE_SERVER_PASSWORD = "test-secret";
     const app = buildTestApp(DEFAULT_CONFIG);
 
-    const req = new Request("http://localhost/protected", {
+    const req = new Request("http://localhost/api/protected", {
       headers: { Authorization: basicAuthHeader("test-secret") },
     });
     const res = await app.handle(req);
@@ -78,7 +78,7 @@ describe("httpBasicAuth — auth required", () => {
     process.env.OPENCODE_SERVER_PASSWORD = "correct-password";
     const app = buildTestApp(DEFAULT_CONFIG);
 
-    const req = new Request("http://localhost/protected", {
+    const req = new Request("http://localhost/api/protected", {
       headers: { Authorization: basicAuthHeader("wrong-password") },
     });
     const res = await app.handle(req);
@@ -93,7 +93,7 @@ describe("httpBasicAuth — auth required", () => {
     process.env.OPENCODE_SERVER_PASSWORD = "test-secret";
     const app = buildTestApp(DEFAULT_CONFIG);
 
-    const req = new Request("http://localhost/protected");
+    const req = new Request("http://localhost/api/protected");
     const res = await app.handle(req);
 
     expect(res.status).toBe(401);
@@ -106,7 +106,7 @@ describe("httpBasicAuth — auth required", () => {
     process.env.OPENCODE_SERVER_PASSWORD = "test-secret";
     const app = buildTestApp(DEFAULT_CONFIG);
 
-    const req = new Request("http://localhost/protected", {
+    const req = new Request("http://localhost/api/protected", {
       headers: { Authorization: "Bearer some-token" },
     });
     const res = await app.handle(req);
@@ -118,7 +118,7 @@ describe("httpBasicAuth — auth required", () => {
     delete process.env.OPENCODE_SERVER_PASSWORD;
     const app = buildTestApp(DEFAULT_CONFIG);
 
-    const req = new Request("http://localhost/protected", {
+    const req = new Request("http://localhost/api/protected", {
       headers: { Authorization: basicAuthHeader("any") },
     });
     const res = await app.handle(req);
@@ -147,7 +147,7 @@ describe("httpBasicAuth — auth required", () => {
 
     // "user:" → base64 → colonIdx=4, providedPassword=""
     const encoded = Buffer.from("user:").toString("base64");
-    const req = new Request("http://localhost/protected", {
+    const req = new Request("http://localhost/api/protected", {
       headers: { Authorization: `Basic ${encoded}` },
     });
     const res = await app.handle(req);
@@ -161,7 +161,7 @@ describe("httpBasicAuth — auth required", () => {
 
     // "nocolon" (no user:pass format) → colonIdx=-1, providedPassword="nocolon"
     const encoded = Buffer.from("nocolon").toString("base64");
-    const req = new Request("http://localhost/protected", {
+    const req = new Request("http://localhost/api/protected", {
       headers: { Authorization: `Basic ${encoded}` },
     });
     const res = await app.handle(req);
@@ -174,7 +174,7 @@ describe("httpBasicAuth — auth disabled", () => {
   test("no credentials → 200 (auth skipped)", async () => {
     const app = buildTestApp(DISABLED_AUTH_CONFIG);
 
-    const req = new Request("http://localhost/protected");
+    const req = new Request("http://localhost/api/protected");
     const res = await app.handle(req);
 
     expect(res.status).toBe(200);
@@ -186,7 +186,7 @@ describe("httpBasicAuth — auth disabled", () => {
     delete process.env.OPENCODE_SERVER_PASSWORD;
     const app = buildTestApp(DISABLED_AUTH_CONFIG);
 
-    const req = new Request("http://localhost/protected", {
+    const req = new Request("http://localhost/api/protected", {
       headers: { Authorization: basicAuthHeader("wrong") },
     });
     const res = await app.handle(req);