sensorium-mcp 2.17.28 → 3.0.0

package/supervisor/main_test.go

@@ -0,0 +1,130 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func TestResolveRunSupervisorMode(t *testing.T) {
+	tests := []struct {
+		name             string
+		processIsService bool
+		hostMode         string
+		want             bool
+	}{
+		{
+			name:             "service process always forces service mode",
+			processIsService: true,
+			hostMode:         "task",
+			want:             true,
+		},
+		{
+			name:             "non-service defaults to task mode",
+			processIsService: false,
+			hostMode:         "",
+			want:             false,
+		},
+		{
+			name:             "non-service task remains task mode",
+			processIsService: false,
+			hostMode:         "task",
+			want:             false,
+		},
+		{
+			name:             "non-service service mode is honored",
+			processIsService: false,
+			hostMode:         "service",
+			want:             true,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := resolveRunSupervisorMode(tc.processIsService, tc.hostMode)
+			if got != tc.want {
+				t.Fatalf("resolveRunSupervisorMode(processIsService=%v, hostMode=%q) = %v, want %v", tc.processIsService, tc.hostMode, got, tc.want)
+			}
+		})
+	}
+}
+
+func TestRunSupervisor_DoesNotRecoverPersistedStateWhenWatcherLockNotAcquired(t *testing.T) {
+	tempHome := t.TempDir()
+	t.Setenv("USERPROFILE", tempHome)
+	t.Setenv("HOME", tempHome)
+	t.Setenv("MCP_HTTP_PORT", "7777")
+	t.Setenv("MCP_HTTP_SECRET", "test-secret")
+	t.Setenv("TELEGRAM_TOKEN", "test-token")
+	t.Setenv("TELEGRAM_CHAT_ID", "test-chat")
+
+	dataDir := filepath.Join(tempHome, ".remote-copilot-mcp")
+	log := NewLogger(filepath.Join(dataDir, "test.log"))
+	defer log.Close()
+
+	store := NewUpdateStateStore(filepath.Join(dataDir, "update-state.json"), log)
+	store.Transition(updateScopeMCP, updatePhaseApplying, "2.0.0", "1.0.0", "")
+
+	watcherLock := filepath.Join(dataDir, "watcher.lock")
+	if !AcquireLock(watcherLock, log) {
+		t.Fatal("failed to pre-acquire watcher lock")
+	}
+	defer ReleaseLock(watcherLock)
+
+	err := runSupervisor(false)
+	if err == nil {
+		t.Fatal("expected runSupervisor to fail when watcher lock is already held")
+	}
+	if !strings.Contains(err.Error(), "another supervisor instance") {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	state, loadErr := store.Load()
+	if loadErr != nil {
+		t.Fatalf("failed to load update state: %v", loadErr)
+	}
+	if state.Phase != updatePhaseApplying {
+		t.Fatalf("phase = %q, want %q", state.Phase, updatePhaseApplying)
+	}
+}
+
+func TestRunSupervisor_DoesNotApplyPendingSupervisorUpdateWhenWatcherLockNotAcquired(t *testing.T) {
+	tempHome := t.TempDir()
+	t.Setenv("USERPROFILE", tempHome)
+	t.Setenv("HOME", tempHome)
+	t.Setenv("MCP_HTTP_PORT", "7777")
+	t.Setenv("MCP_HTTP_SECRET", "test-secret")
+	t.Setenv("TELEGRAM_TOKEN", "test-token")
+	t.Setenv("TELEGRAM_CHAT_ID", "test-chat")
+
+	dataDir := filepath.Join(tempHome, ".remote-copilot-mcp")
+	log := NewLogger(filepath.Join(dataDir, "test.log"))
+	defer log.Close()
+
+	pendingVersion := filepath.Join(dataDir, "bin", "sensorium-supervisor.new.exe.version")
+	if err := os.MkdirAll(filepath.Dir(pendingVersion), 0755); err != nil {
+		t.Fatalf("failed to create pending version directory: %v", err)
+	}
+	if err := os.WriteFile(pendingVersion, []byte("2.0.0"), 0644); err != nil {
+		t.Fatalf("failed to create stale pending version file: %v", err)
+	}
+
+	watcherLock := filepath.Join(dataDir, "watcher.lock")
+	if !AcquireLock(watcherLock, log) {
+		t.Fatal("failed to pre-acquire watcher lock")
+	}
+	defer ReleaseLock(watcherLock)
+
+	err := runSupervisor(false)
+	if err == nil {
+		t.Fatal("expected runSupervisor to fail when watcher lock is already held")
+	}
+	if !strings.Contains(err.Error(), "another supervisor instance") {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if _, statErr := os.Stat(pendingVersion); statErr != nil {
+		t.Fatalf("pending supervisor version file was unexpectedly modified: %v", statErr)
+	}
+}

package/supervisor/process.go

@@ -10,6 +10,7 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
+	"syscall"
 	"time"
 )
 
@@ -21,16 +22,44 @@ func SpawnMCPServer(cfg Config, log *Logger) (int, error) {
 		return 0, errors.New("empty MCP_START_COMMAND")
 	}
 
+	if err := os.MkdirAll(filepath.Dir(cfg.Paths.MCPStderrLog), 0755); err != nil {
+		return 0, fmt.Errorf("create MCP stderr log directory: %w", err)
+	}
+	stderrFile, err := os.OpenFile(cfg.Paths.MCPStderrLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return 0, fmt.Errorf("open MCP stderr log: %w", err)
+	}
+
 	cmd := exec.Command(parts[0], parts[1:]...)
 	cmd.Env = os.Environ()
+	for k, v := range cfg.ResolvedProfileEnv {
+		if v == "" {
+			continue
+		}
+		cmd.Env = upsertEnv(cmd.Env, k, v)
+	}
+	if cfg.MCPHttpPort > 0 {
+		cmd.Env = upsertEnv(cmd.Env, "MCP_HTTP_PORT", strconv.Itoa(cfg.MCPHttpPort))
+	}
+	if cfg.MCPHttpSecret != "" {
+		cmd.Env = upsertEnv(cmd.Env, "MCP_HTTP_SECRET", cfg.MCPHttpSecret)
+	}
+	if cfg.TelegramToken != "" {
+		cmd.Env = upsertEnv(cmd.Env, "TELEGRAM_TOKEN", cfg.TelegramToken)
+	}
+	if cfg.TelegramChatID != "" {
+		cmd.Env = upsertEnv(cmd.Env, "TELEGRAM_CHAT_ID", cfg.TelegramChatID)
+	}
 	cmd.Stdin = nil
 	cmd.Stdout = nil
-	cmd.Stderr = nil
+	cmd.Stderr = stderrFile
 	setSysProcAttr(cmd)
 
 	log.Info("Starting MCP server: %s", cfg.MCPStartCommand)
+	log.Info("Capturing MCP server stderr to %s", cfg.Paths.MCPStderrLog)
 
 	if err := cmd.Start(); err != nil {
+		_ = stderrFile.Close()
 		return 0, fmt.Errorf("spawn MCP server: %w", err)
 	}
 
@@ -38,7 +67,10 @@ func SpawnMCPServer(cfg Config, log *Logger) (int, error) {
 	log.Info("MCP server started with PID %d", pid)
 
 	// Don't wait — detached process
-	go func() { _ = cmd.Wait() }()
+	go func() {
+		_ = cmd.Wait()
+		_ = stderrFile.Close()
+	}()
 
 	if err := writePIDFile(cfg.Paths.ServerPID, pid); err != nil {
 		log.Warn("Failed to write server PID file: %v", err)
@@ -47,6 +79,17 @@ func SpawnMCPServer(cfg Config, log *Logger) (int, error) {
 	return pid, nil
 }
 
+func upsertEnv(env []string, key, value string) []string {
+	prefix := key + "="
+	for i, kv := range env {
+		if strings.HasPrefix(kv, prefix) {
+			env[i] = prefix + value
+			return env
+		}
+	}
+	return append(env, prefix+value)
+}
+
 // KillProcess kills a process by PID. On Windows, uses taskkill /F /T for tree kill.
 func KillProcess(pid int, log *Logger) error {
 	if !IsProcessAlive(pid) {
@@ -72,7 +115,7 @@ func KillProcess(pid int, log *Logger) error {
 		log.Debug("KillProcess: FindProcess(%d) failed: %v", pid, err)
 		return err
 	}
-	if err := proc.Signal(os.Interrupt); err != nil {
+	if err := proc.Signal(syscall.SIGTERM); err != nil {
 		// Already dead
 		return nil
 	}
@@ -125,7 +168,7 @@ func IsProcessAlive(pid int) bool {
 	if err != nil {
 		return false
 	}
-	return proc.Signal(nil) == nil // signal 0 = existence check on Unix
+	return proc.Signal(syscall.Signal(0)) == nil // signal 0 = existence check on Unix
 }
 
 // --- PID File Helpers ---

package/supervisor/process_test.go

@@ -92,3 +92,17 @@ func TestListThreadPIDs_MissingDir(t *testing.T) {
 		t.Errorf("expected empty map for missing directory, got %d entries", len(result))
 	}
 }
+
+func TestUpsertEnv_ReplacesExistingAndAppendsMissing(t *testing.T) {
+	env := []string{"A=1", "B=2"}
+
+	env = upsertEnv(env, "B", "updated")
+	if env[1] != "B=updated" {
+		t.Fatalf("expected existing key to be replaced, got %q", env[1])
+	}
+
+	env = upsertEnv(env, "C", "3")
+	if env[len(env)-1] != "C=3" {
+		t.Fatalf("expected missing key to be appended, got %q", env[len(env)-1])
+	}
+}

package/supervisor/secrets.go

@@ -0,0 +1,95 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strconv"
+
+	"github.com/zalando/go-keyring"
+
+	sv "github.com/andriyshevchenko/SecureVault/securevault-go"
+)
+
+const defaultKeyringService = "sensorium-supervisor"
+
+var keyringGet = keyring.Get
+
+// resolveSecretWithKeyring returns environment value first, then keyring fallback.
+// If both sources are unavailable, it returns an empty string.
+func resolveSecretWithKeyring(envKey, keyringService string) string {
+	if v := os.Getenv(envKey); v != "" {
+		return v
+	}
+
+	if keyringService == "" {
+		return ""
+	}
+
+	secret, err := keyringGet(keyringService, envKey)
+	if err != nil {
+		if errors.Is(err, keyring.ErrNotFound) {
+			return ""
+		}
+		fmt.Fprintf(os.Stderr, "WARN: keyring lookup failed for %s (service=%s): %v\n", envKey, keyringService, err)
+		return ""
+	}
+	return secret
+}
+
+// resolveIntWithKeyring parses an integer value from env first, then keyring fallback.
+// If parsing fails or no value exists, it returns fallback.
+func resolveIntWithKeyring(envKey, keyringService string, fallback int) int {
+	v := resolveSecretWithKeyring(envKey, keyringService)
+	if v == "" {
+		return fallback
+	}
+	parsed, err := strconv.Atoi(v)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "WARN: invalid integer for %s: %q\n", envKey, v)
+		return fallback
+	}
+	return parsed
+}
+
+// resolveFromSecureVault looks up envKey in the named SecureVault profile.
+// baseDir may be empty (defaults to %LOCALAPPDATA%\SecureVault).
+// Returns empty string on any error, with a warning for unexpected failures.
+func resolveFromSecureVault(profileName, envKey, baseDir string) string {
+	store := sv.NewStore(baseDir)
+	val, err := store.ResolveKey(profileName, envKey)
+	if err != nil {
+		if errors.Is(err, sv.ErrNotFound) || errors.Is(err, sv.ErrUnsupportedPlatform) {
+			return ""
+		}
+		fmt.Fprintf(os.Stderr, "WARN: securevault lookup failed for %s (profile=%s): %v\n", envKey, profileName, err)
+		return ""
+	}
+	return val
+}
+
+// resolveStringChain resolves a string config key using the chain:
+// environment variable → SecureVault profile → OS keyring → empty string.
+func resolveStringChain(envKey, svProfile, svBaseDir, keyringService string) string {
+	if v := os.Getenv(envKey); v != "" {
+		return v
+	}
+	if v := resolveFromSecureVault(svProfile, envKey, svBaseDir); v != "" {
+		return v
+	}
+	return resolveSecretWithKeyring(envKey, keyringService)
+}
+
+// resolveIntChain resolves an integer config key using the same chain as resolveStringChain.
+func resolveIntChain(envKey, svProfile, svBaseDir, keyringService string, fallback int) int {
+	v := resolveStringChain(envKey, svProfile, svBaseDir, keyringService)
+	if v == "" {
+		return fallback
+	}
+	parsed, err := strconv.Atoi(v)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "WARN: invalid integer for %s: %q\n", envKey, v)
+		return fallback
+	}
+	return parsed
+}

package/supervisor/secrets_securevault_test.go

@@ -0,0 +1,98 @@
+package main
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"testing"
+
+	sv "github.com/andriyshevchenko/SecureVault/securevault-go"
+	"github.com/zalando/go-keyring"
+)
+
+// writeProfileFixture writes a minimal profiles.json to dir and returns the dir.
+func writeProfileFixture(t *testing.T, dir string, profiles []sv.Profile) {
+	t.Helper()
+	data, err := json.Marshal(profiles)
+	if err != nil {
+		t.Fatalf("marshal profiles: %v", err)
+	}
+	if err := os.WriteFile(filepath.Join(dir, "profiles.json"), data, 0600); err != nil {
+		t.Fatalf("write profiles.json: %v", err)
+	}
+}
+
+func TestResolveStringChain_EnvWins(t *testing.T) {
+	t.Setenv("TELEGRAM_TOKEN", "env-value")
+	dir := t.TempDir()
+	writeProfileFixture(t, dir, []sv.Profile{
+		{ID: "p1", Name: "TEST", Mappings: []sv.ProfileMapping{
+			{EnvVar: "TELEGRAM_TOKEN", SecretID: "no-cred"},
+		}},
+	})
+
+	got := resolveStringChain("TELEGRAM_TOKEN", "TEST", dir, "")
+	if got != "env-value" {
+		t.Errorf("resolveStringChain = %q, want env-value", got)
+	}
+}
+
+func TestResolveStringChain_SecureVaultFallback_MissingCred_UsesKeyring(t *testing.T) {
+	t.Setenv("TELEGRAM_TOKEN", "")
+	dir := t.TempDir()
+	writeProfileFixture(t, dir, []sv.Profile{
+		{ID: "p1", Name: "TEST", Mappings: []sv.ProfileMapping{
+			{EnvVar: "TELEGRAM_TOKEN", SecretID: "non-existent-cred"},
+		}},
+	})
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		if service != "sensorium-supervisor" {
+			t.Fatalf("service = %q, want %q", service, "sensorium-supervisor")
+		}
+		if user != "TELEGRAM_TOKEN" {
+			t.Fatalf("user = %q, want %q", user, "TELEGRAM_TOKEN")
+		}
+		return "from-keyring", nil
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	// Credential not in store → falls through to keyring.
+	got := resolveStringChain("TELEGRAM_TOKEN", "TEST", dir, "sensorium-supervisor")
+	if got != "from-keyring" {
+		t.Errorf("resolveStringChain = %q, want from-keyring", got)
+	}
+}
+
+func TestResolveStringChain_NoProfile_FallsToKeyring(t *testing.T) {
+	t.Setenv("TELEGRAM_TOKEN", "")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		return "", keyring.ErrNotFound
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	// No profiles file in dir → securevault returns empty → keyring path taken.
+	got := resolveStringChain("TELEGRAM_TOKEN", "NONEXISTENT_PROFILE", t.TempDir(), "sensorium-supervisor")
+	if got != "" {
+		t.Errorf("resolveStringChain = %q, want empty", got)
+	}
+}
+
+func TestResolveIntChain_EnvWins(t *testing.T) {
+	t.Setenv("MCP_HTTP_PORT", "4567")
+	got := resolveIntChain("MCP_HTTP_PORT", "TEST", t.TempDir(), "", 0)
+	if got != 4567 {
+		t.Errorf("resolveIntChain = %d, want 4567", got)
+	}
+}
+
+func TestResolveIntChain_InvalidFallback(t *testing.T) {
+	t.Setenv("MCP_HTTP_PORT", "not-a-number")
+	got := resolveIntChain("MCP_HTTP_PORT", "TEST", t.TempDir(), "", 9999)
+	if got != 9999 {
+		t.Errorf("resolveIntChain invalid = %d, want fallback 9999", got)
+	}
+}

package/supervisor/secrets_test.go

@@ -0,0 +1,119 @@
+package main
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/zalando/go-keyring"
+)
+
+func TestResolveSecretWithKeyring_EnvWins(t *testing.T) {
+	t.Setenv("MCP_HTTP_SECRET", "env-secret")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		return "keyring-secret", nil
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	got := resolveSecretWithKeyring("MCP_HTTP_SECRET", "sensorium-supervisor")
+	if got != "env-secret" {
+		t.Fatalf("resolveSecretWithKeyring() = %q, want %q", got, "env-secret")
+	}
+}
+
+func TestResolveSecretWithKeyring_FallbackToKeyring(t *testing.T) {
+	t.Setenv("MCP_HTTP_SECRET", "")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		if service != "sensorium-supervisor" {
+			t.Fatalf("service = %q, want %q", service, "sensorium-supervisor")
+		}
+		if user != "MCP_HTTP_SECRET" {
+			t.Fatalf("user = %q, want %q", user, "MCP_HTTP_SECRET")
+		}
+		return "keyring-secret", nil
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	got := resolveSecretWithKeyring("MCP_HTTP_SECRET", "sensorium-supervisor")
+	if got != "keyring-secret" {
+		t.Fatalf("resolveSecretWithKeyring() = %q, want %q", got, "keyring-secret")
+	}
+}
+
+func TestResolveSecretWithKeyring_NotFound(t *testing.T) {
+	t.Setenv("MCP_HTTP_SECRET", "")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		return "", keyring.ErrNotFound
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	got := resolveSecretWithKeyring("MCP_HTTP_SECRET", "sensorium-supervisor")
+	if got != "" {
+		t.Fatalf("resolveSecretWithKeyring() = %q, want empty", got)
+	}
+}
+
+func TestResolveSecretWithKeyring_OtherError(t *testing.T) {
+	t.Setenv("MCP_HTTP_SECRET", "")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		return "", errors.New("keyring backend unavailable")
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	got := resolveSecretWithKeyring("MCP_HTTP_SECRET", "sensorium-supervisor")
+	if got != "" {
+		t.Fatalf("resolveSecretWithKeyring() = %q, want empty", got)
+	}
+}
+
+func TestResolveIntWithKeyring_EnvWins(t *testing.T) {
+	t.Setenv("MCP_HTTP_PORT", "3847")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		return "9999", nil
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	got := resolveIntWithKeyring("MCP_HTTP_PORT", "sensorium-supervisor", 0)
+	if got != 3847 {
+		t.Fatalf("resolveIntWithKeyring() = %d, want %d", got, 3847)
+	}
+}
+
+func TestResolveIntWithKeyring_FallbackToKeyring(t *testing.T) {
+	t.Setenv("MCP_HTTP_PORT", "")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		return "5001", nil
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	got := resolveIntWithKeyring("MCP_HTTP_PORT", "sensorium-supervisor", 0)
+	if got != 5001 {
+		t.Fatalf("resolveIntWithKeyring() = %d, want %d", got, 5001)
+	}
+}
+
+func TestResolveIntWithKeyring_InvalidFallback(t *testing.T) {
+	t.Setenv("MCP_HTTP_PORT", "")
+
+	orig := keyringGet
+	keyringGet = func(service, user string) (string, error) {
+		return "not-a-number", nil
+	}
+	t.Cleanup(func() { keyringGet = orig })
+
+	got := resolveIntWithKeyring("MCP_HTTP_PORT", "sensorium-supervisor", 3847)
+	if got != 3847 {
+		t.Fatalf("resolveIntWithKeyring() = %d, want fallback %d", got, 3847)
+	}
+}