slackhive 0.1.37 → 0.1.39

package/apps/web/src/lib/__tests__/compile.test.ts

@@ -0,0 +1,161 @@
+/**
+ * @fileoverview Unit tests for compile.ts — compileSkillsOnly and skillToSnapshotSkill.
+ *
+ * All tests use inline mock data; no database connection required.
+ *
+ * @module web/lib/__tests__/compile.test
+ */
+
+import { describe, it, expect } from 'vitest';
+import { compileSkillsOnly, skillToSnapshotSkill } from '@/lib/compile';
+import type { Skill } from '@slackhive/shared';
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/**
+ * Creates a minimal {@link Skill} object for testing purposes.
+ *
+ * @param {Partial<Skill>} overrides - Fields to override from defaults.
+ * @returns {Skill}
+ */
+function makeSkill(overrides: Partial<Skill>): Skill {
+  return {
+    id: 'skill-id',
+    agentId: 'agent-id',
+    category: '00-core',
+    filename: 'main.md',
+    content: '# Main',
+    sortOrder: 0,
+    createdAt: new Date('2024-01-01'),
+    updatedAt: new Date('2024-01-01'),
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// compileSkillsOnly
+// ---------------------------------------------------------------------------
+
+describe('compileSkillsOnly', () => {
+  it('returns empty string for empty skills array with no fallback', () => {
+    expect(compileSkillsOnly([])).toBe('');
+  });
+
+  it('returns identity block for empty skills array with fallback', () => {
+    const result = compileSkillsOnly([], {
+      name: 'TestBot',
+      description: 'A test bot',
+      persona: 'Friendly helper',
+    });
+    expect(result).toContain('# TestBot');
+    expect(result).toContain('A test bot');
+    expect(result).toContain('Friendly helper');
+  });
+
+  it('returns identity block using default persona when persona is undefined', () => {
+    const result = compileSkillsOnly([], { name: 'TestBot', description: 'Desc' });
+    expect(result).toContain('A helpful assistant.');
+  });
+
+  it('returns trimmed content for a single skill', () => {
+    const skill = makeSkill({ content: '  # Identity\n\nHello world  ' });
+    const result = compileSkillsOnly([skill]);
+    expect(result).toBe('# Identity\n\nHello world');
+  });
+
+  it('joins multiple skills with double newline sorted by sortOrder', () => {
+    const skills = [
+      makeSkill({ sortOrder: 2, content: 'Third' }),
+      makeSkill({ sortOrder: 0, content: 'First' }),
+      makeSkill({ sortOrder: 1, content: 'Second' }),
+    ];
+    const result = compileSkillsOnly(skills);
+    expect(result).toBe('First\n\nSecond\n\nThird');
+  });
+
+  it('strips <!-- skill:... --> header comments from output', () => {
+    const skill = makeSkill({
+      content: '<!-- skill:identity -->\n# Identity\n\nContent here',
+    });
+    const result = compileSkillsOnly([skill]);
+    expect(result).not.toContain('<!-- skill:identity -->');
+    expect(result).toContain('# Identity');
+  });
+
+  it('correctly sorts skills passed out of order', () => {
+    const skills = [
+      makeSkill({ sortOrder: 10, content: 'Last' }),
+      makeSkill({ sortOrder: 1, content: 'First' }),
+      makeSkill({ sortOrder: 5, content: 'Middle' }),
+    ];
+    const result = compileSkillsOnly(skills);
+    const parts = result.split('\n\n');
+    expect(parts[0]).toBe('First');
+    expect(parts[1]).toBe('Middle');
+    expect(parts[2]).toBe('Last');
+  });
+
+  it('returns empty string for a skill with only whitespace content', () => {
+    const skill = makeSkill({ content: '   \n\t\n  ' });
+    const result = compileSkillsOnly([skill]);
+    expect(result).toBe('');
+  });
+
+  it('produces deterministic output for skills with duplicate sortOrder', () => {
+    const skills = [
+      makeSkill({ sortOrder: 1, content: 'A', filename: 'a.md' }),
+      makeSkill({ sortOrder: 1, content: 'B', filename: 'b.md' }),
+    ];
+    const result1 = compileSkillsOnly(skills);
+    const result2 = compileSkillsOnly([...skills].reverse());
+    // Both calls should contain both skills — order may vary but output must not crash
+    expect(result1).toContain('A');
+    expect(result1).toContain('B');
+    expect(result2).toContain('A');
+    expect(result2).toContain('B');
+  });
+
+  it('returns identity block with empty heading when fallback name is empty string', () => {
+    const result = compileSkillsOnly([], { name: '' });
+    expect(result).toContain('#');
+  });
+
+  it('does not mutate the original skills array order', () => {
+    const skills = [
+      makeSkill({ sortOrder: 2, content: 'B' }),
+      makeSkill({ sortOrder: 1, content: 'A' }),
+    ];
+    const originalOrder = skills.map(s => s.content);
+    compileSkillsOnly(skills);
+    expect(skills.map(s => s.content)).toEqual(originalOrder);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// skillToSnapshotSkill
+// ---------------------------------------------------------------------------
+
+describe('skillToSnapshotSkill', () => {
+  it('maps category, filename, content, and sortOrder -> sort_order correctly', () => {
+    const skill = makeSkill({
+      category: '01-knowledge',
+      filename: 'schema.md',
+      content: '## Schema\n\nDetails',
+      sortOrder: 42,
+    });
+    const snapshot = skillToSnapshotSkill(skill);
+    expect(snapshot.category).toBe('01-knowledge');
+    expect(snapshot.filename).toBe('schema.md');
+    expect(snapshot.content).toBe('## Schema\n\nDetails');
+    expect(snapshot.sort_order).toBe(42);
+  });
+
+  it('does not include id or agentId in the result', () => {
+    const skill = makeSkill({ id: 'some-uuid', agentId: 'agent-uuid' });
+    const snapshot = skillToSnapshotSkill(skill);
+    expect(snapshot).not.toHaveProperty('id');
+    expect(snapshot).not.toHaveProperty('agentId');
+  });
+});

package/apps/web/src/lib/__tests__/db-agent-hierarchy.test.ts

@@ -0,0 +1,136 @@
+/**
+ * @fileoverview Unit tests for agent hierarchy / enabled fields in db.ts.
+ *
+ * Covers:
+ *  - updateAgentEnabled sets the enabled column correctly
+ *  - updateAgent supports isBoss and reportsTo fields
+ *  - rowToAgent maps the enabled column (defaults true when missing)
+ *
+ * No real database required — pg.Pool is mocked via vi.mock.
+ *
+ * @module web/lib/__tests__/db-agent-hierarchy.test
+ */
+
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+
+// ─── Mock pg ──────────────────────────────────────────────────────────────────
+
+const mockQuery = vi.fn();
+
+vi.mock('pg', () => ({
+  Pool: vi.fn().mockImplementation(function() { return { query: mockQuery }; }),
+}));
+
+process.env.DATABASE_URL = 'postgresql://mock/db';
+process.env.ENV_SECRET_KEY = 'test-secret-key-32-chars-padding!';
+
+import { updateAgentEnabled, updateAgent, getAgentById } from '@/lib/db';
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+const AGENT_ID = 'agent-uuid-001';
+
+const BASE_ROW = {
+  id: AGENT_ID,
+  slug: 'test-agent',
+  name: 'Test Agent',
+  persona: null,
+  description: null,
+  slack_bot_token: 'xoxb-test',
+  slack_app_token: 'xapp-test',
+  slack_signing_secret: 'secret',
+  slack_bot_user_id: null,
+  model: 'claude-sonnet-4-6',
+  status: 'stopped',
+  enabled: true,
+  is_boss: false,
+  reports_to: [],
+  claude_md: '',
+  created_by: 'system',
+  created_at: new Date(),
+  updated_at: new Date(),
+};
+
+beforeEach(() => {
+  mockQuery.mockReset();
+  mockQuery.mockResolvedValue({ rows: [] });
+});
+
+// ─── updateAgentEnabled ────────────────────────────────────────────────────────
+
+describe('updateAgentEnabled', () => {
+  it('sets enabled = true', async () => {
+    await updateAgentEnabled(AGENT_ID, true);
+    expect(mockQuery).toHaveBeenCalledOnce();
+    const [sql, params] = mockQuery.mock.calls[0];
+    expect(sql).toContain('enabled = $1');
+    expect(params).toEqual([true, AGENT_ID]);
+  });
+
+  it('sets enabled = false', async () => {
+    await updateAgentEnabled(AGENT_ID, false);
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[0]).toBe(false);
+  });
+});
+
+// ─── updateAgent — isBoss + reportsTo ─────────────────────────────────────────
+
+describe('updateAgent — hierarchy fields', () => {
+  beforeEach(() => {
+    mockQuery.mockResolvedValue({ rows: [BASE_ROW] });
+  });
+
+  it('includes is_boss when isBoss is provided', async () => {
+    await updateAgent(AGENT_ID, { isBoss: true });
+    const [sql, params] = mockQuery.mock.calls[0];
+    expect(sql).toContain('is_boss =');
+    expect(params).toContain(true);
+  });
+
+  it('includes reports_to when reportsTo is provided', async () => {
+    const bosses = ['boss-uuid-1', 'boss-uuid-2'];
+    await updateAgent(AGENT_ID, { reportsTo: bosses });
+    const [sql, params] = mockQuery.mock.calls[0];
+    expect(sql).toContain('reports_to =');
+    expect(params).toContain(bosses);
+  });
+
+  it('sets both isBoss and reportsTo together', async () => {
+    await updateAgent(AGENT_ID, { isBoss: false, reportsTo: ['boss-uuid-1'] });
+    const [sql, params] = mockQuery.mock.calls[0];
+    expect(sql).toContain('is_boss =');
+    expect(sql).toContain('reports_to =');
+    expect(params).toContain(false);
+    expect(params).toContainEqual(['boss-uuid-1']);
+  });
+
+  it('does not include is_boss when isBoss is omitted', async () => {
+    await updateAgent(AGENT_ID, { name: 'New Name' });
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).not.toContain('is_boss');
+  });
+});
+
+// ─── rowToAgent — enabled field mapping ───────────────────────────────────────
+
+describe('getAgentById — enabled field', () => {
+  it('maps enabled = true from DB row', async () => {
+    mockQuery.mockResolvedValue({ rows: [{ ...BASE_ROW, enabled: true }] });
+    const agent = await getAgentById(AGENT_ID);
+    expect(agent?.enabled).toBe(true);
+  });
+
+  it('maps enabled = false from DB row', async () => {
+    mockQuery.mockResolvedValue({ rows: [{ ...BASE_ROW, enabled: false }] });
+    const agent = await getAgentById(AGENT_ID);
+    expect(agent?.enabled).toBe(false);
+  });
+
+  it('defaults enabled to true when column is null/undefined', async () => {
+    const { enabled: _omit, ...rowWithoutEnabled } = BASE_ROW;
+    mockQuery.mockResolvedValue({ rows: [rowWithoutEnabled] });
+    const agent = await getAgentById(AGENT_ID);
+    expect(agent?.enabled).toBe(true);
+  });
+});

package/apps/web/src/lib/__tests__/db-env-vars.test.ts

@@ -0,0 +1,216 @@
+/**
+ * @fileoverview Unit tests for env var functions in db.ts.
+ *
+ * Verifies that setEnvVar, getEnvVarValues, getAllEnvVars, updateEnvVarDescription,
+ * and deleteEnvVar issue the correct SQL — in particular that setEnvVar uses
+ * AES-256 encryption (cipher-algo=aes256) rather than the pgcrypto default.
+ *
+ * No real database required — pg.Pool is mocked via vi.mock.
+ *
+ * @module web/lib/__tests__/db-env-vars.test
+ */
+
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+
+// ─── Mock pg ─────────────────────────────────────────────────────────────────
+
+const mockQuery = vi.fn();
+
+vi.mock('pg', () => {
+  return {
+    Pool: vi.fn().mockImplementation(function() { return { query: mockQuery }; }),
+  };
+});
+
+// Set required env vars before importing db so the singleton pool initialises.
+process.env.DATABASE_URL = 'postgresql://mock/db';
+process.env.ENV_SECRET_KEY = 'test-secret-key-32-chars-padding!';
+
+import {
+  setEnvVar,
+  getEnvVarValues,
+  getAllEnvVars,
+  updateEnvVarDescription,
+  deleteEnvVar,
+} from '@/lib/db';
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+beforeEach(() => {
+  mockQuery.mockReset();
+  mockQuery.mockResolvedValue({ rows: [] });
+});
+
+// ─── setEnvVar ────────────────────────────────────────────────────────────────
+
+describe('setEnvVar', () => {
+  it('calls query with the correct number of parameters', async () => {
+    await setEnvVar('MY_KEY', 'my-value');
+    expect(mockQuery).toHaveBeenCalledOnce();
+    const [, params] = mockQuery.mock.calls[0];
+    // $1=key, $2=value, $3=encKey, $4=description
+    expect(params).toHaveLength(4);
+  });
+
+  it('passes the key as $1', async () => {
+    await setEnvVar('DB_URL', 'postgres://localhost');
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[0]).toBe('DB_URL');
+  });
+
+  it('passes the plaintext value as $2 (encryption done in SQL)', async () => {
+    await setEnvVar('DB_URL', 'postgres://localhost');
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[1]).toBe('postgres://localhost');
+  });
+
+  it('passes ENV_SECRET_KEY as $3', async () => {
+    await setEnvVar('MY_KEY', 'val');
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[2]).toBe('test-secret-key-32-chars-padding!');
+  });
+
+  it('passes null as $4 when description is omitted', async () => {
+    await setEnvVar('MY_KEY', 'val');
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[3]).toBeNull();
+  });
+
+  it('passes description as $4 when provided', async () => {
+    await setEnvVar('MY_KEY', 'val', 'My description');
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[3]).toBe('My description');
+  });
+
+  it('uses pgp_sym_encrypt with cipher-algo=aes256 for INSERT', async () => {
+    await setEnvVar('MY_KEY', 'val');
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toContain("pgp_sym_encrypt($2, $3, 'cipher-algo=aes256')");
+  });
+
+  it('uses pgp_sym_encrypt with cipher-algo=aes256 for ON CONFLICT UPDATE', async () => {
+    await setEnvVar('MY_KEY', 'val');
+    const [sql] = mockQuery.mock.calls[0];
+    // Both the INSERT value and the UPSERT update value must use AES-256
+    const matches = (sql as string).match(/cipher-algo=aes256/g);
+    expect(matches).toHaveLength(2);
+  });
+
+  it('uses an INSERT … ON CONFLICT upsert pattern', async () => {
+    await setEnvVar('MY_KEY', 'val');
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toMatch(/INSERT INTO env_vars/i);
+    expect(sql).toMatch(/ON CONFLICT/i);
+    expect(sql).toMatch(/DO UPDATE SET/i);
+  });
+});
+
+// ─── getEnvVarValues ──────────────────────────────────────────────────────────
+
+describe('getEnvVarValues', () => {
+  it('decrypts values with pgp_sym_decrypt', async () => {
+    mockQuery.mockResolvedValue({ rows: [] });
+    await getEnvVarValues();
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toContain('pgp_sym_decrypt');
+  });
+
+  it('passes ENV_SECRET_KEY as parameter', async () => {
+    mockQuery.mockResolvedValue({ rows: [] });
+    await getEnvVarValues();
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[0]).toBe('test-secret-key-32-chars-padding!');
+  });
+
+  it('returns a key→value record from query rows', async () => {
+    mockQuery.mockResolvedValue({
+      rows: [
+        { key: 'FOO', value: 'bar' },
+        { key: 'BAZ', value: 'qux' },
+      ],
+    });
+    const result = await getEnvVarValues();
+    expect(result).toEqual({ FOO: 'bar', BAZ: 'qux' });
+  });
+
+  it('returns an empty object when no rows', async () => {
+    mockQuery.mockResolvedValue({ rows: [] });
+    const result = await getEnvVarValues();
+    expect(result).toEqual({});
+  });
+});
+
+// ─── getAllEnvVars ────────────────────────────────────────────────────────────
+
+describe('getAllEnvVars', () => {
+  it('queries key, description, and updated_at', async () => {
+    await getAllEnvVars();
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toContain('key');
+    expect(sql).toContain('description');
+    expect(sql).toContain('updated_at');
+  });
+
+  it('never selects the encrypted value column', async () => {
+    await getAllEnvVars();
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).not.toContain('pgp_sym_decrypt');
+  });
+
+  it('maps rows to objects with key, description, and updatedAt', async () => {
+    const now = new Date();
+    mockQuery.mockResolvedValue({
+      rows: [{ key: 'MY_KEY', description: 'desc', updated_at: now }],
+    });
+    const result = await getAllEnvVars();
+    expect(result).toEqual([{ key: 'MY_KEY', description: 'desc', updatedAt: now }]);
+  });
+
+  it('sets description to undefined when null in DB', async () => {
+    const now = new Date();
+    mockQuery.mockResolvedValue({
+      rows: [{ key: 'MY_KEY', description: null, updated_at: now }],
+    });
+    const [row] = await getAllEnvVars();
+    expect(row.description).toBeUndefined();
+  });
+});
+
+// ─── updateEnvVarDescription ──────────────────────────────────────────────────
+
+describe('updateEnvVarDescription', () => {
+  it('issues an UPDATE on env_vars', async () => {
+    await updateEnvVarDescription('MY_KEY', 'new desc');
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toMatch(/UPDATE env_vars/i);
+  });
+
+  it('passes key and description as parameters', async () => {
+    await updateEnvVarDescription('MY_KEY', 'new desc');
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params).toContain('MY_KEY');
+    expect(params).toContain('new desc');
+  });
+
+  it('does not touch the encrypted value column', async () => {
+    await updateEnvVarDescription('MY_KEY', 'new desc');
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).not.toContain('pgp_sym_encrypt');
+  });
+});
+
+// ─── deleteEnvVar ─────────────────────────────────────────────────────────────
+
+describe('deleteEnvVar', () => {
+  it('issues a DELETE on env_vars', async () => {
+    await deleteEnvVar('MY_KEY');
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toMatch(/DELETE FROM env_vars/i);
+  });
+
+  it('passes the key as the only parameter', async () => {
+    await deleteEnvVar('MY_KEY');
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params).toEqual(['MY_KEY']);
+  });
+});

package/apps/web/src/lib/__tests__/db-restrictions.test.ts

@@ -0,0 +1,117 @@
+/**
+ * @fileoverview Unit tests for agent restriction functions in db.ts.
+ *
+ * Verifies that getAgentRestrictions and upsertRestrictions issue correct SQL.
+ * No real database required — pg.Pool is mocked via vi.mock.
+ *
+ * @module web/lib/__tests__/db-restrictions.test
+ */
+
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+
+// ─── Mock pg ─────────────────────────────────────────────────────────────────
+
+const mockQuery = vi.fn();
+
+vi.mock('pg', () => ({
+  Pool: vi.fn().mockImplementation(function() { return { query: mockQuery }; }),
+}));
+
+process.env.DATABASE_URL = 'postgresql://mock/db';
+process.env.ENV_SECRET_KEY = 'test-secret-key-32-chars-padding!';
+
+import { getAgentRestrictions, upsertRestrictions } from '@/lib/db';
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+const AGENT_ID = 'agent-uuid-001';
+
+const RESTRICTION_ROW = {
+  id: 'r-001',
+  agent_id: AGENT_ID,
+  allowed_channels: ['C_ABC', 'C_DEF'],
+  updated_at: new Date('2026-01-01'),
+};
+
+beforeEach(() => {
+  mockQuery.mockReset();
+  mockQuery.mockResolvedValue({ rows: [] });
+});
+
+// ─── getAgentRestrictions ────────────────────────────────────────────────────
+
+describe('getAgentRestrictions', () => {
+  it('queries agent_restrictions by agent_id', async () => {
+    await getAgentRestrictions(AGENT_ID);
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toContain('agent_restrictions');
+    expect(sql).toContain('agent_id');
+  });
+
+  it('passes agentId as query parameter', async () => {
+    await getAgentRestrictions(AGENT_ID);
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params).toContain(AGENT_ID);
+  });
+
+  it('returns null when no row found', async () => {
+    mockQuery.mockResolvedValue({ rows: [] });
+    const result = await getAgentRestrictions(AGENT_ID);
+    expect(result).toBeNull();
+  });
+
+  it('maps row to Restriction with correct fields', async () => {
+    mockQuery.mockResolvedValue({ rows: [RESTRICTION_ROW] });
+    const result = await getAgentRestrictions(AGENT_ID);
+    expect(result).not.toBeNull();
+    expect(result!.id).toBe('r-001');
+    expect(result!.agentId).toBe(AGENT_ID);
+    expect(result!.allowedChannels).toEqual(['C_ABC', 'C_DEF']);
+    expect(result!.updatedAt).toEqual(RESTRICTION_ROW.updated_at);
+  });
+
+  it('defaults allowedChannels to [] when column is null', async () => {
+    mockQuery.mockResolvedValue({
+      rows: [{ ...RESTRICTION_ROW, allowed_channels: null }],
+    });
+    const result = await getAgentRestrictions(AGENT_ID);
+    expect(result!.allowedChannels).toEqual([]);
+  });
+});
+
+// ─── upsertRestrictions ──────────────────────────────────────────────────────
+
+describe('upsertRestrictions', () => {
+  it('uses INSERT … ON CONFLICT DO UPDATE', async () => {
+    await upsertRestrictions(AGENT_ID, ['C_ABC']);
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toMatch(/INSERT INTO agent_restrictions/i);
+    expect(sql).toMatch(/ON CONFLICT/i);
+    expect(sql).toMatch(/DO UPDATE/i);
+  });
+
+  it('passes agentId as first parameter', async () => {
+    await upsertRestrictions(AGENT_ID, ['C_ABC']);
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[0]).toBe(AGENT_ID);
+  });
+
+  it('passes allowedChannels array as second parameter', async () => {
+    const channels = ['C_1', 'C_2', 'C_3'];
+    await upsertRestrictions(AGENT_ID, channels);
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[1]).toEqual(channels);
+  });
+
+  it('accepts an empty allowedChannels array (unrestricted)', async () => {
+    await upsertRestrictions(AGENT_ID, []);
+    const [, params] = mockQuery.mock.calls[0];
+    expect(params[1]).toEqual([]);
+  });
+
+  it('updates allowed_channels in the SET clause', async () => {
+    await upsertRestrictions(AGENT_ID, ['C_NEW']);
+    const [sql] = mockQuery.mock.calls[0];
+    expect(sql).toContain('allowed_channels');
+  });
+});