quadwork 1.19.2 → 2.0.0

package/server/__tests__/bridge-auto-stop-guard.test.js

@@ -1,134 +0,0 @@
-/**
- * #542 — Verify bridge auto-stop fires only on the transition from
- * incomplete → complete, not on every polling tick.
- *
- * Since autoStopPollingTick is tightly coupled to HTTP calls, we test
- * the guard logic by reading server/index.js and verifying the code
- * structure, then simulating the guard in isolation.
- */
-
-const fs = require("fs");
-const path = require("path");
-
-const SERVER_PATH = path.join(__dirname, "..", "index.js");
-const src = fs.readFileSync(SERVER_PATH, "utf-8");
-
-// ---------------------------------------------------------------------------
-// 1. Code-structure assertions — verify the guard exists in source
-// ---------------------------------------------------------------------------
-
-describe("#542 bridge auto-stop transition guard (code analysis)", () => {
-  test("autoStopBridges in polling path is guarded by prev.complete check", () => {
-    // Find the autoStopPollingTick function body
-    const fnStart = src.indexOf("async function autoStopPollingTick()");
-    expect(fnStart).toBeGreaterThan(-1);
-
-    // Extract the function body (up to the next top-level function or setInterval)
-    const fnBody = src.slice(fnStart, src.indexOf("setInterval(autoStopPollingTick"));
-
-    // The autoStopBridges call must be guarded by a prev.complete check
-    const stopIdx = fnBody.indexOf("autoStopBridges(project.id");
-    expect(stopIdx).toBeGreaterThan(-1);
-
-    // Look at the surrounding context — the guard should appear before the call
-    const guardRegion = fnBody.slice(Math.max(0, stopIdx - 200), stopIdx);
-    expect(guardRegion).toMatch(/!prev\.complete/);
-  });
-
-  test("autoStartBridges in polling path is still transition-guarded", () => {
-    const fnStart = src.indexOf("async function autoStopPollingTick()");
-    const fnBody = src.slice(fnStart, src.indexOf("setInterval(autoStopPollingTick"));
-    const startIdx = fnBody.indexOf("autoStartBridges(");
-    expect(startIdx).toBeGreaterThan(-1);
-
-    const guardRegion = fnBody.slice(Math.max(0, startIdx - 200), startIdx);
-    expect(guardRegion).toMatch(/isNewBatch/);
-  });
-
-  test("_bridgeBatchPrev.set is called before the guard checks", () => {
-    const fnStart = src.indexOf("async function autoStopPollingTick()");
-    const fnBody = src.slice(fnStart, src.indexOf("setInterval(autoStopPollingTick"));
-
-    const setIdx = fnBody.indexOf("_bridgeBatchPrev.set(");
-    const stopIdx = fnBody.indexOf("autoStopBridges(project.id");
-    expect(setIdx).toBeGreaterThan(-1);
-    expect(setIdx).toBeLessThan(stopIdx);
-  });
-
-  test("autoStopBridges in sendTriggerMessage is guarded by prev.complete check", () => {
-    const fnStart = src.indexOf("async function sendTriggerMessage(");
-    expect(fnStart).toBeGreaterThan(-1);
-
-    // Extract until the next top-level function
-    const fnBody = src.slice(fnStart, fnStart + 2000);
-
-    const stopIdx = fnBody.indexOf("autoStopBridges(");
-    expect(stopIdx).toBeGreaterThan(-1);
-
-    // The guard should appear before the call
-    const guardRegion = fnBody.slice(Math.max(0, stopIdx - 300), stopIdx);
-    expect(guardRegion).toMatch(/!prev\.complete/);
-  });
-
-  test("sendTriggerMessage updates _bridgeBatchPrev before the guard", () => {
-    const fnStart = src.indexOf("async function sendTriggerMessage(");
-    const fnBody = src.slice(fnStart, fnStart + 2000);
-
-    const setIdx = fnBody.indexOf("_bridgeBatchPrev.set(");
-    const stopIdx = fnBody.indexOf("autoStopBridges(");
-    expect(setIdx).toBeGreaterThan(-1);
-    expect(setIdx).toBeLessThan(stopIdx);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 2. Guard-logic simulation — mirrors the if-condition in autoStopPollingTick
-// ---------------------------------------------------------------------------
-
-describe("#542 bridge auto-stop transition guard (logic simulation)", () => {
-  function shouldAutoStop(bp, prev) {
-    // Mirrors the production guard:
-    //   if (hasBridgeAuto && (!prev || !prev.complete)) { autoStopBridges(...) }
-    if (!(bp && bp.complete)) return false;
-    return !prev || !prev.complete;
-  }
-
-  test("fires on first tick when batch is already complete (no prev)", () => {
-    expect(shouldAutoStop({ complete: true }, undefined)).toBe(true);
-  });
-
-  test("fires on transition from incomplete to complete", () => {
-    expect(shouldAutoStop({ complete: true }, { complete: false, hasItems: true })).toBe(true);
-  });
-
-  test("does NOT fire on repeated complete ticks", () => {
-    expect(shouldAutoStop({ complete: true }, { complete: true, hasItems: true })).toBe(false);
-  });
-
-  test("does NOT fire when batch is not complete", () => {
-    expect(shouldAutoStop({ complete: false }, undefined)).toBe(false);
-    expect(shouldAutoStop({ complete: false }, { complete: false })).toBe(false);
-  });
-
-  test("manually restarted bridges survive repeated complete ticks", () => {
-    // Simulates: batch completes → tick 1 stops bridges → operator restarts →
-    // tick 2 should NOT stop again because prev.complete is already true
-    const tick1 = shouldAutoStop({ complete: true }, undefined);
-    expect(tick1).toBe(true); // first transition fires
-
-    // After tick 1, prev = { complete: true }
-    const tick2 = shouldAutoStop({ complete: true }, { complete: true });
-    expect(tick2).toBe(false); // no repeated stop
-  });
-
-  test("auto-stop fires again for a new batch cycle", () => {
-    // batch 1 completes → new batch starts → new batch completes
-    const batch1Complete = shouldAutoStop({ complete: true }, { complete: false });
-    expect(batch1Complete).toBe(true);
-
-    // new batch is in progress (prev was complete from batch 1)
-    // then new batch completes
-    const batch2Complete = shouldAutoStop({ complete: true }, { complete: false });
-    expect(batch2Complete).toBe(true);
-  });
-});

package/server/__tests__/rate-limit-handling.test.js

@@ -1,168 +0,0 @@
-/**
- * #554 — Verify rate-limit-aware caching and backoff in server/routes.js.
- *
- * Tests verify:
- * 1. Rate limit state variables exist and are initialised
- * 2. adaptiveTTL returns extended TTLs when rate is low/critical
- * 3. cachedGhEndpoint serves stale data with _rateLimited flag
- * 4. GitHub endpoints use the cached helper
- * 5. /api/github/rate-limit endpoint is registered
- * 6. Batch progress handler has rate-limit guard
- */
-
-const fs = require("fs");
-const path = require("path");
-
-const ROUTES_PATH = path.join(__dirname, "..", "routes.js");
-const src = fs.readFileSync(ROUTES_PATH, "utf-8");
-
-// ---------------------------------------------------------------------------
-// 1. Rate limit state and constants
-// ---------------------------------------------------------------------------
-
-describe("#554 rate limit infrastructure (code analysis)", () => {
-  test("_rateLimit state object is defined with expected fields", () => {
-    expect(src).toContain("const _rateLimit = {");
-    expect(src).toContain("remaining:");
-    expect(src).toContain("resetAt:");
-  });
-
-  test("RATE_LIMIT_LOW_THRESHOLD and RATE_LIMIT_CRITICAL are defined", () => {
-    expect(src).toMatch(/RATE_LIMIT_LOW_THRESHOLD\s*=\s*\d+/);
-    expect(src).toMatch(/RATE_LIMIT_CRITICAL\s*=\s*\d+/);
-  });
-
-  test("refreshRateLimit calls gh api rate_limit", () => {
-    expect(src).toContain("gh");
-    expect(src).toContain("api");
-    expect(src).toContain("rate_limit");
-  });
-
-  test("startRateLimitPolling is called at module load", () => {
-    expect(src).toContain("startRateLimitPolling()");
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 2. Adaptive TTL
-// ---------------------------------------------------------------------------
-
-describe("#554 adaptive TTL logic", () => {
-  test("adaptiveTTL function is defined", () => {
-    expect(src).toContain("function adaptiveTTL(baseTTL)");
-  });
-
-  test("adaptiveTTL returns Infinity when critically rate-limited", () => {
-    expect(src).toMatch(/isRateLimited\(\).*Infinity/s);
-  });
-
-  test("adaptiveTTL extends TTL when rate is low", () => {
-    expect(src).toMatch(/isRateLow\(\).*120[_,]?000/s);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 3. Cached endpoint helper
-// ---------------------------------------------------------------------------
-
-describe("#554 cachedGhEndpoint helper", () => {
-  test("cachedGhEndpoint function is defined", () => {
-    expect(src).toContain("function cachedGhEndpoint(");
-  });
-
-  test("serves stale data with _rateLimited flag when critical", () => {
-    const fnStart = src.indexOf("function cachedGhEndpoint(");
-    const fnBody = src.slice(fnStart, fnStart + 800);
-    expect(fnBody).toContain("_rateLimited");
-    expect(fnBody).toContain("_stale");
-  });
-
-  test("uses adaptiveTTL for cache checks", () => {
-    const fnStart = src.indexOf("function cachedGhEndpoint(");
-    const fnBody = src.slice(fnStart, fnStart + 600);
-    expect(fnBody).toContain("adaptiveTTL");
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 4. GitHub endpoints use cached helper
-// ---------------------------------------------------------------------------
-
-describe("#554 GitHub endpoints use cachedGhEndpoint", () => {
-  test("/api/github/issues uses cachedGhEndpoint", () => {
-    const section = src.slice(
-      src.indexOf('"/api/github/issues"'),
-      src.indexOf('"/api/github/issues"') + 300,
-    );
-    expect(section).toContain("cachedGhEndpoint");
-  });
-
-  test("/api/github/prs uses cachedGhEndpoint", () => {
-    const section = src.slice(
-      src.indexOf('"/api/github/prs"'),
-      src.indexOf('"/api/github/prs"') + 300,
-    );
-    expect(section).toContain("cachedGhEndpoint");
-  });
-
-  test("/api/github/closed-issues uses cachedGhEndpoint", () => {
-    const section = src.slice(
-      src.indexOf('"/api/github/closed-issues"'),
-      src.indexOf('"/api/github/closed-issues"') + 500,
-    );
-    expect(section).toContain("cachedGhEndpoint");
-  });
-
-  test("/api/github/merged-prs uses cachedGhEndpoint", () => {
-    const section = src.slice(
-      src.indexOf('"/api/github/merged-prs"'),
-      src.indexOf('"/api/github/merged-prs"') + 500,
-    );
-    expect(section).toContain("cachedGhEndpoint");
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 5. Rate limit API endpoint
-// ---------------------------------------------------------------------------
-
-describe("#554 /api/github/rate-limit endpoint", () => {
-  test("endpoint is registered", () => {
-    expect(src).toContain('"/api/github/rate-limit"');
-  });
-
-  test("returns remaining, limit, resetInMinutes, low, critical fields", () => {
-    const idx = src.indexOf('"/api/github/rate-limit"');
-    const section = src.slice(idx, idx + 500);
-    expect(section).toContain("remaining");
-    expect(section).toContain("limit");
-    expect(section).toContain("resetInMinutes");
-    expect(section).toContain("low");
-    expect(section).toContain("critical");
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 6. Batch progress rate limit guard
-// ---------------------------------------------------------------------------
-
-describe("#554 batch progress rate limit awareness", () => {
-  test("batch progress handler checks isRateLimited before gh calls", () => {
-    const batchStart = src.indexOf('"/api/batch-progress"');
-    const batchSection = src.slice(batchStart, batchStart + 600);
-    expect(batchSection).toContain("isRateLimited()");
-    expect(batchSection).toContain("_rateLimited");
-  });
-
-  test("batch progress uses adaptiveTTL for cache", () => {
-    const batchStart = src.indexOf('"/api/batch-progress"');
-    const batchSection = src.slice(batchStart, batchStart + 400);
-    expect(batchSection).toContain("adaptiveTTL");
-  });
-
-  test("projects endpoint uses adaptiveTTL for cache", () => {
-    const projStart = src.indexOf('"/api/projects"');
-    const projSection = src.slice(projStart, projStart + 400);
-    expect(projSection).toContain("adaptiveTTL");
-  });
-});

package/server/__tests__/scrub-secrets.test.js

@@ -1,235 +0,0 @@
-/**
- * #545: QA verification for #538 PTY scrollback secret scrubbing.
- *
- * Tests the production scrubSecrets / scrubScrollback from server/scrub-secrets.js:
- *  - Redact secrets correctly (SECRET_NAME, API key prefixes, Bearer)
- *  - Pass through normal terminal output unchanged
- *  - Preserve ANSI escape codes on non-secret lines
- *  - Handle edge cases (empty input, very long lines, rapid multi-line output)
- *
- * Integration-level checklist items (resize, reconnect/replay flow,
- * multi-agent isolation, two-tab behavior) are verified by code-path
- * analysis in the PR description — they depend on WS + PTY runtime
- * that cannot be unit-tested without a full server harness.
- */
-
-const { scrubSecrets, scrubScrollback, _REDACTED } = require("../scrub-secrets");
-
-// ---- Tests ----
-
-const assert = require("assert");
-let passed = 0;
-let failed = 0;
-
-function test(name, fn) {
-  try {
-    fn();
-    passed++;
-    console.log(`  PASS  ${name}`);
-  } catch (e) {
-    failed++;
-    console.error(`  FAIL  ${name}`);
-    console.error(`        ${e.message}`);
-  }
-}
-
-console.log("\n#545 QA — scrubSecrets / scrubScrollback (production module)\n");
-
-// --- 1. Secret redaction (true positives) ---
-
-test("redacts ANTHROPIC_API_KEY=value", () => {
-  const input = "ANTHROPIC_API_KEY=sk-ant-api03-xxxxxxxxxxxx";
-  const out = scrubSecrets(input);
-  assert(!out.includes("sk-ant-api03"), `got: ${out}`);
-  assert(out.includes(_REDACTED));
-});
-
-test("redacts DB_PASSWORD: hunter2", () => {
-  const out = scrubSecrets("DB_PASSWORD: hunter2");
-  assert(!out.includes("hunter2"), `got: ${out}`);
-});
-
-test("redacts GITHUB_TOKEN=ghp_...", () => {
-  const token = "ghp_" + "A".repeat(36);
-  const out = scrubSecrets(`export GITHUB_TOKEN=${token}`);
-  assert(!out.includes(token), `got: ${out}`);
-});
-
-test("redacts Bearer token header", () => {
-  const out = scrubSecrets("Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.payload.sig");
-  assert(!out.includes("eyJhbG"), `got: ${out}`);
-  assert(out.includes(_REDACTED));
-});
-
-test("redacts standalone Bearer (no Authorization: prefix)", () => {
-  const out = scrubSecrets("curl -H 'Bearer eyJhbGciOiJIUzI1NiJ9.xxxxxxxxxxxx'");
-  assert(!out.includes("eyJhbG"), `got: ${out}`);
-  assert(out.includes(`Bearer ${_REDACTED}`));
-});
-
-test("redacts sk- OpenAI key inline", () => {
-  const key = "sk-" + "a".repeat(48);
-  const out = scrubSecrets(`Using key ${key} for request`);
-  assert(!out.includes(key), `got: ${out}`);
-});
-
-test("redacts Slack xoxb token", () => {
-  const token = "xoxb-" + "1234567890-" + "A".repeat(20);
-  const out = scrubSecrets(`SLACK_TOKEN=${token}`);
-  assert(!out.includes(token), `got: ${out}`);
-});
-
-// --- 2. Normal output passes through unchanged ---
-
-test("preserves plain text", () => {
-  const input = "Hello, world! This is normal output.";
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-test("preserves npm install output", () => {
-  const input = "added 1423 packages in 45s\n182 packages are looking for funding";
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-test("preserves git clone output", () => {
-  const input = "Cloning into 'repo'...\nremote: Enumerating objects: 1234, done.\nReceiving objects: 100% (1234/1234)";
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-test("preserves test runner output", () => {
-  const input = "Tests: 42 passed, 42 total\nTime: 3.456 s";
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-test("preserves JSON output without secrets", () => {
-  const input = '{"status":"ok","count":42,"items":["a","b","c"]}';
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-// --- 3. ANSI escape code handling ---
-
-test("preserves ANSI colors on non-secret lines", () => {
-  const input = "\x1b[32m✓\x1b[0m test passed";
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-test("redacts secret even inside ANSI-styled line", () => {
-  const input = "\x1b[33mAPI_KEY=\x1b[31msecretvalue123\x1b[0m";
-  const out = scrubSecrets(input);
-  assert(!out.includes("secretvalue123"), `got: ${out}`);
-  assert(out.includes(_REDACTED));
-});
-
-test("ANSI bold output without secrets passes through", () => {
-  const input = "\x1b[1mBuilding project...\x1b[0m\nCompiled successfully.";
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-// --- 4. Edge cases ---
-
-test("handles empty string", () => {
-  assert.strictEqual(scrubSecrets(""), "");
-});
-
-test("handles null/undefined", () => {
-  assert.strictEqual(scrubSecrets(null), null);
-  assert.strictEqual(scrubSecrets(undefined), undefined);
-});
-
-test("handles very long line (>1000 chars) without secrets", () => {
-  const longLine = "x".repeat(2000);
-  assert.strictEqual(scrubSecrets(longLine), longLine);
-});
-
-test("handles very long line with embedded secret", () => {
-  const prefix = "a".repeat(500);
-  const suffix = "b".repeat(500);
-  const key = "sk-" + "c".repeat(48);
-  const input = `${prefix} ${key} ${suffix}`;
-  const out = scrubSecrets(input);
-  assert(!out.includes(key), `key should be redacted`);
-});
-
-test("handles rapid multi-line output (100 lines)", () => {
-  const lines = Array.from({ length: 100 }, (_, i) => `line ${i}: output data here`);
-  const input = lines.join("\n");
-  assert.strictEqual(scrubSecrets(input), input);
-});
-
-test("handles multi-line with mixed secrets and normal output", () => {
-  const input = [
-    "Starting deploy...",
-    "AWS_SECRET_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE",
-    "Uploading artifacts...",
-    "Bearer eyJhbGciOiJIUzI1NiJ9.xxxxxxxxxxxx",
-    "Deploy complete!",
-  ].join("\n");
-  const out = scrubSecrets(input);
-  assert(out.includes("Starting deploy..."));
-  assert(out.includes("Uploading artifacts..."));
-  assert(out.includes("Deploy complete!"));
-  assert(!out.includes("AKIAIOSFODNN7EXAMPLE"));
-  assert(!out.includes("eyJhbGci"));
-});
-
-// --- 5. scrubScrollback (string output for WebSocket text frames) ---
-
-test("scrubScrollback returns string, not Buffer", () => {
-  const buf = Buffer.from("SOME_SECRET_KEY=abc123\nnormal line");
-  const out = scrubScrollback(buf);
-  assert.strictEqual(typeof out, "string", "should return a string for text WebSocket frames");
-  assert(!out.includes("abc123"));
-});
-
-test("scrubScrollback handles empty buffer", () => {
-  const buf = Buffer.alloc(0);
-  const out = scrubScrollback(buf);
-  assert.strictEqual(typeof out, "string");
-  assert.strictEqual(out, "");
-});
-
-test("scrubScrollback handles null", () => {
-  assert.strictEqual(scrubScrollback(null), "");
-});
-
-test("scrubScrollback preserves non-secret content", () => {
-  const content = "Hello world\nBuild succeeded\n42 tests passed";
-  const buf = Buffer.from(content);
-  const out = scrubScrollback(buf);
-  assert.strictEqual(typeof out, "string");
-  assert.strictEqual(out, content);
-});
-
-// --- 6. Integration path verification ---
-// These tests verify that server/index.js imports from the same module
-// we're testing, ensuring no copy-paste drift.
-
-test("server/index.js imports scrubSecrets from scrub-secrets.js", () => {
-  const serverSource = require("fs").readFileSync(
-    require("path").join(__dirname, "..", "index.js"), "utf-8"
-  );
-  assert(
-    serverSource.includes('require("./scrub-secrets")') ||
-    serverSource.includes("require('./scrub-secrets')"),
-    "server/index.js must import from ./scrub-secrets"
-  );
-});
-
-test("server/index.js uses scrubSecrets in PTY data handler", () => {
-  const serverSource = require("fs").readFileSync(
-    require("path").join(__dirname, "..", "index.js"), "utf-8"
-  );
-  assert(serverSource.includes("scrubSecrets(data)"), "live PTY path must call scrubSecrets");
-});
-
-test("server/index.js uses scrubScrollback in replay handler", () => {
-  const serverSource = require("fs").readFileSync(
-    require("path").join(__dirname, "..", "index.js"), "utf-8"
-  );
-  assert(serverSource.includes("scrubScrollback(session.scrollback)"), "replay path must call scrubScrollback");
-});
-
-// --- Summary ---
-
-console.log(`\nResults: ${passed} passed, ${failed} failed, ${passed + failed} total\n`);
-process.exit(failed > 0 ? 1 : 0);