switchroom 0.11.1 → 0.12.0

package/telegram-plugin/tests/quota-check.test.ts

@@ -7,12 +7,6 @@ import {
   formatQuotaBlock,
   formatQuotaLine,
   parseQuotaHeaders,
-  readAccountAccessToken,
-  fetchAccountQuota,
-  getCachedAccountQuota,
-  prefetchAccountQuotaIfStale,
-  clearAccountQuotaCache,
-  ACCOUNT_QUOTA_CACHE_TTL_MS,
 } from '../quota-check.js'
 
 function makeTempClaudeDir(token: string | null): string {
@@ -189,409 +183,6 @@ describe('fetchQuota', () => {
   })
 })
 
-// ─── Account-level helpers ────────────────────────────────────────────
-
-/** Build a fake $HOME with `~/.switchroom/accounts/<label>/credentials.json`. */
-function makeAccountHome(
-  accounts: Record<string, { accessToken?: string }>,
-): string {
-  const home = mkdtempSync(join(tmpdir(), 'quota-acct-test-'))
-  for (const [label, creds] of Object.entries(accounts)) {
-    const dir = join(home, '.switchroom', 'accounts', label)
-    mkdirSync(dir, { recursive: true })
-    if (creds.accessToken !== undefined) {
-      writeFileSync(
-        join(dir, 'credentials.json'),
-        JSON.stringify({ claudeAiOauth: { accessToken: creds.accessToken } }),
-      )
-    }
-  }
-  return home
-}
-
-describe('readAccountAccessToken', () => {
-  it('returns the access token from credentials.json', () => {
-    const home = makeAccountHome({
-      'pixsoul@gmail.com': { accessToken: 'sk-ant-oat01-fake' },
-    })
-    try {
-      expect(readAccountAccessToken('pixsoul@gmail.com', home)).toBe(
-        'sk-ant-oat01-fake',
-      )
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('returns null when the account dir is missing', () => {
-    const home = makeAccountHome({})
-    try {
-      expect(readAccountAccessToken('absent', home)).toBeNull()
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('returns null when accessToken is empty', () => {
-    const home = makeAccountHome({
-      'empty@example.com': { accessToken: '' },
-    })
-    try {
-      expect(readAccountAccessToken('empty@example.com', home)).toBeNull()
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('returns null when credentials.json is malformed', () => {
-    const home = mkdtempSync(join(tmpdir(), 'quota-acct-bad-'))
-    const dir = join(home, '.switchroom', 'accounts', 'broken')
-    mkdirSync(dir, { recursive: true })
-    writeFileSync(join(dir, 'credentials.json'), '{not json')
-    try {
-      expect(readAccountAccessToken('broken', home)).toBeNull()
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-})
-
-describe('fetchAccountQuota — cache + token resolution', () => {
-  beforeEach(() => {
-    clearAccountQuotaCache()
-  })
-
-  it('fetches once, returns cached on subsequent calls within TTL', async () => {
-    const home = makeAccountHome({
-      'work@example.com': { accessToken: 'tok' },
-    })
-    let callCount = 0
-    const fakeFetch = async () => {
-      callCount++
-      return new Response('{}', {
-        status: 200,
-        headers: {
-          'anthropic-ratelimit-unified-5h-utilization': '0.42',
-          'anthropic-ratelimit-unified-7d-utilization': '0.17',
-        },
-      })
-    }
-    try {
-      const r1 = await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: fakeFetch as typeof fetch,
-      })
-      const r2 = await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: fakeFetch as typeof fetch,
-      })
-      expect(r1.ok).toBe(true)
-      expect(r2.ok).toBe(true)
-      expect(callCount).toBe(1) // cache hit on the second call
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('force=true bypasses the cache', async () => {
-    const home = makeAccountHome({
-      'work@example.com': { accessToken: 'tok' },
-    })
-    let callCount = 0
-    const fakeFetch = async () => {
-      callCount++
-      return new Response('{}', {
-        status: 200,
-        headers: {
-          'anthropic-ratelimit-unified-5h-utilization': '0.5',
-          'anthropic-ratelimit-unified-7d-utilization': '0.5',
-        },
-      })
-    }
-    try {
-      await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: fakeFetch as typeof fetch,
-      })
-      await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: fakeFetch as typeof fetch,
-        force: true,
-      })
-      expect(callCount).toBe(2)
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('caches missing-credentials failures so the API is not pinged', async () => {
-    const home = makeAccountHome({})
-    let callCount = 0
-    const fakeFetch = async () => {
-      callCount++
-      return new Response('{}')
-    }
-    const r1 = await fetchAccountQuota('absent', {
-      home,
-      fetchImpl: fakeFetch as typeof fetch,
-    })
-    const r2 = await fetchAccountQuota('absent', {
-      home,
-      fetchImpl: fakeFetch as typeof fetch,
-    })
-    expect(r1.ok).toBe(false)
-    expect(r2.ok).toBe(false)
-    expect(callCount).toBe(0) // never reached fetch — token resolution failed first
-  })
-
-  it('cache miss after TTL triggers a fresh fetch', async () => {
-    const home = makeAccountHome({
-      'work@example.com': { accessToken: 'tok' },
-    })
-    let callCount = 0
-    const fakeFetch = async () => {
-      callCount++
-      return new Response('{}', {
-        status: 200,
-        headers: {
-          'anthropic-ratelimit-unified-5h-utilization': '0.3',
-          'anthropic-ratelimit-unified-7d-utilization': '0.3',
-        },
-      })
-    }
-    let nowVal = 1_000_000
-    const now = () => nowVal
-    try {
-      await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: fakeFetch as typeof fetch,
-        now,
-      })
-      // Step time past the TTL.
-      nowVal += ACCOUNT_QUOTA_CACHE_TTL_MS + 1
-      await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: fakeFetch as typeof fetch,
-        now,
-      })
-      expect(callCount).toBe(2)
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  // Removed in RFC H: per-account quota.json disk persistence is gone.
-  // switchroom-auth-broker holds canonical quota state and exposes it
-  // via list-state; the gateway's in-process cache is enough between
-  // restarts (and the broker survives gateway restarts, so the state
-  // is preserved at the broker side anyway).
-})
-
-describe('getCachedAccountQuota + prefetchAccountQuotaIfStale', () => {
-  beforeEach(() => {
-    clearAccountQuotaCache()
-  })
-
-  it('returns null on a cold cache, populates after a fetch', async () => {
-    const home = makeAccountHome({
-      'work@example.com': { accessToken: 'tok' },
-    })
-    try {
-      expect(getCachedAccountQuota('work@example.com')).toBeNull()
-      await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: (async () =>
-          new Response('{}', {
-            status: 200,
-            headers: {
-              'anthropic-ratelimit-unified-5h-utilization': '0.42',
-              'anthropic-ratelimit-unified-7d-utilization': '0.17',
-            },
-          })) as typeof fetch,
-      })
-      const cached = getCachedAccountQuota('work@example.com')
-      expect(cached?.ok).toBe(true)
-      if (cached?.ok) {
-        expect(Math.round(cached.data.fiveHourUtilizationPct)).toBe(42)
-      }
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it("returns stale entries verbatim — staleness is the prefetch path's concern, not the read path's (v0.6.11)", async () => {
-    // The dashboard renders sync. Pre-v0.6.11 this function treated
-    // stale cache as a miss → the boot-warmed cache vanished after
-    // 30s and the operator saw empty quota rows on the first /auth
-    // tap of any session past that window. Now stale-but-present
-    // entries are returned; the background prefetch keeps the cache
-    // fresh across renders.
-    const home = makeAccountHome({
-      'work@example.com': { accessToken: 'tok' },
-    })
-    try {
-      const nowVal = 1_000_000
-      await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: (async () =>
-          new Response('{}', {
-            status: 200,
-            headers: {
-              'anthropic-ratelimit-unified-5h-utilization': '0.42',
-              'anthropic-ratelimit-unified-7d-utilization': '0.17',
-            },
-          })) as typeof fetch,
-        now: () => nowVal,
-      })
-      // Within TTL — cached.
-      const fresh = getCachedAccountQuota('work@example.com', nowVal)
-      expect(fresh).not.toBeNull()
-      // Past TTL — STILL returned, identical to the within-TTL read.
-      const after = nowVal + ACCOUNT_QUOTA_CACHE_TTL_MS + 1
-      const stale = getCachedAccountQuota('work@example.com', after)
-      expect(stale).not.toBeNull()
-      expect(stale).toEqual(fresh)
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('returns null when the label has never been probed', async () => {
-    // The only "no data" path: the cache map has no entry. After
-    // the first probe the entry persists for the lifetime of the
-    // gateway process, regardless of staleness.
-    expect(getCachedAccountQuota('never-probed@example.com')).toBeNull()
-  })
-
-  it('prefetchAccountQuotaIfStale is a noop when cache is fresh', async () => {
-    const home = makeAccountHome({
-      'work@example.com': { accessToken: 'tok' },
-    })
-    let callCount = 0
-    const fakeFetch = (async () => {
-      callCount++
-      return new Response('{}', {
-        status: 200,
-        headers: {
-          'anthropic-ratelimit-unified-5h-utilization': '0.42',
-          'anthropic-ratelimit-unified-7d-utilization': '0.17',
-        },
-      })
-    }) as typeof fetch
-    try {
-      await fetchAccountQuota('work@example.com', { home, fetchImpl: fakeFetch })
-      expect(callCount).toBe(1)
-      // Fresh cache — prefetch should not fire.
-      prefetchAccountQuotaIfStale('work@example.com', { home, fetchImpl: fakeFetch })
-      // Yield once to let any spurious microtasks settle.
-      await Promise.resolve()
-      expect(callCount).toBe(1)
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-})
-
-describe('regression: boot-warm + delayed sync-read (v0.6.11)', () => {
-  // The bug: gateway boot-warm fills the cache; cache TTL elapses;
-  // dashboard's sync read returns null; operator sees empty quota
-  // rows on first /auth tap of the session past TTL. Fix: sync read
-  // returns last-known data regardless of staleness; prefetch path
-  // owns the freshness contract. Pin both legs so a future TTL
-  // tweak can't silently re-introduce the bug.
-  it('returns last-known data even after multiple TTL windows have elapsed', async () => {
-    clearAccountQuotaCache()
-    const home = makeAccountHome({
-      'pixsoul@gmail.com': { accessToken: 'tok' },
-    })
-    try {
-      const t0 = 1_000_000
-      // Boot-warm: probe completes at t0.
-      await fetchAccountQuota('pixsoul@gmail.com', {
-        home,
-        fetchImpl: (async () =>
-          new Response('{}', {
-            status: 200,
-            headers: {
-              'anthropic-ratelimit-unified-5h-utilization': '0.04',
-              'anthropic-ratelimit-unified-7d-utilization': '0.78',
-            },
-          })) as typeof fetch,
-        now: () => t0,
-      })
-      // 8.5 minutes later (the screenshot-reproduction window): the
-      // dashboard fetches state. Sync read returns the boot-warmed
-      // values rather than null.
-      const tDashboard = t0 + 8.5 * 60_000
-      const cached = getCachedAccountQuota('pixsoul@gmail.com', tDashboard)
-      expect(cached).not.toBeNull()
-      if (cached?.ok) {
-        expect(cached.data.fiveHourUtilizationPct).toBe(4)
-        expect(cached.data.sevenDayUtilizationPct).toBe(78)
-      } else {
-        throw new Error('expected ok=true cached entry')
-      }
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('prefetchAccountQuotaIfStale re-probes once the TTL has elapsed', async () => {
-    clearAccountQuotaCache()
-    const home = makeAccountHome({
-      'work@example.com': { accessToken: 'tok' },
-    })
-    try {
-      const t0 = 1_000_000
-      let fetchCount = 0
-      const counterFetch: typeof fetch = async () => {
-        fetchCount++
-        return new Response('{}', {
-          status: 200,
-          headers: {
-            'anthropic-ratelimit-unified-5h-utilization': '0.10',
-            'anthropic-ratelimit-unified-7d-utilization': '0.20',
-          },
-        })
-      }
-      // First probe seeds the cache.
-      await fetchAccountQuota('work@example.com', {
-        home,
-        fetchImpl: counterFetch,
-        now: () => t0,
-      })
-      expect(fetchCount).toBe(1)
-      // Within TTL: prefetch is a no-op.
-      prefetchAccountQuotaIfStale('work@example.com', {
-        home,
-        fetchImpl: counterFetch,
-        now: () => t0 + 60_000,
-      })
-      // Give microtask queue a chance — should still be 1.
-      await new Promise((r) => setTimeout(r, 5))
-      expect(fetchCount).toBe(1)
-      // Past TTL: prefetch fires a fresh probe.
-      prefetchAccountQuotaIfStale('work@example.com', {
-        home,
-        fetchImpl: counterFetch,
-        now: () => t0 + ACCOUNT_QUOTA_CACHE_TTL_MS + 1,
-      })
-      // Wait for the fire-and-forget probe to complete.
-      await new Promise((r) => setTimeout(r, 20))
-      expect(fetchCount).toBe(2)
-    } finally {
-      rmSync(home, { recursive: true, force: true })
-    }
-  })
-
-  it('cache TTL is at least 1 minute — short TTLs cause empty-row regressions', () => {
-    // Pre-v0.6.11 was 30s, which made the boot-warm useless. If a
-    // future PR drops it below 60s, this test catches it before the
-    // empty-row regression hits production.
-    expect(ACCOUNT_QUOTA_CACHE_TTL_MS).toBeGreaterThanOrEqual(60_000)
-  })
-})
-
 describe('fetchQuota — accessToken parameter', () => {
   it('accepts a direct accessToken instead of a config dir', async () => {
     const fakeFetch = async (_url: unknown, init?: RequestInit) => {

package/telegram-plugin/tests/retry-api-call.test.ts

@@ -14,6 +14,7 @@ import {
   createRetryApiCall,
   createSwallowingRetryApiCall,
   retryWithThreadFallback,
+  isHtmlParseRejectError,
   type RetryObserver,
 } from '../retry-api-call.js'
 import { errors, makeGrammyError } from './fake-bot-api.js'
@@ -436,3 +437,78 @@ describe('retryWithThreadFallback (#1075)', () => {
     expect(result).toBe(true)
   })
 })
+
+describe('isHtmlParseRejectError', () => {
+  it('matches the real Telegram parse-failure 400 descriptions', () => {
+    const descriptions = [
+      "can't parse entities: Unsupported start tag \"h2\" at byte offset 12",
+      'Bad Request: unsupported start tag "span"',
+      "can't find end of the entity starting at byte offset 40",
+      'Bad Request: unclosed start tag at byte offset 5',
+      'Bad Request: unexpected end tag at byte offset 9',
+      "Bad Request: can't parse entities: expected end tag",
+    ]
+    for (const d of descriptions) {
+      expect(
+        isHtmlParseRejectError(
+          makeGrammyError({ error_code: 400, description: d, method: 'sendMessage' }),
+        ),
+      ).toBe(true)
+    }
+  })
+
+  it('does NOT match other 400s (those have their own handling)', () => {
+    for (const d of [
+      'Bad Request: message is not modified',
+      'Bad Request: message to edit not found',
+      'Bad Request: message thread not found',
+      'Bad Request: chat not found',
+    ]) {
+      expect(
+        isHtmlParseRejectError(
+          makeGrammyError({ error_code: 400, description: d, method: 'sendMessage' }),
+        ),
+      ).toBe(false)
+    }
+  })
+
+  it('does not match non-400 GrammyErrors', () => {
+    expect(
+      isHtmlParseRejectError(
+        makeGrammyError({
+          error_code: 429,
+          description: "can't parse entities",
+          method: 'sendMessage',
+        }),
+      ),
+    ).toBe(false)
+    expect(
+      isHtmlParseRejectError(
+        makeGrammyError({
+          error_code: 403,
+          description: 'Forbidden: bot was blocked',
+          method: 'sendMessage',
+        }),
+      ),
+    ).toBe(false)
+  })
+
+  it('does not match plain Errors or non-error values', () => {
+    expect(isHtmlParseRejectError(new Error("can't parse entities"))).toBe(false)
+    expect(isHtmlParseRejectError('string')).toBe(false)
+    expect(isHtmlParseRejectError(null)).toBe(false)
+    expect(isHtmlParseRejectError(undefined)).toBe(false)
+  })
+
+  it('matches the curly-apostrophe variant Telegram sometimes emits', () => {
+    expect(
+      isHtmlParseRejectError(
+        makeGrammyError({
+          error_code: 400,
+          description: 'Bad Request: can’t parse entities: bad tag',
+          method: 'sendMessage',
+        }),
+      ),
+    ).toBe(true)
+  })
+})

package/telegram-plugin/tests/telegram-format.test.ts

@@ -6,7 +6,7 @@ import { describe, test, expect } from 'vitest'
 
 // Import from the side-effect-free format module so tests don't trigger
 // server.ts's startup (env load, token check, grammy init).
-import { markdownToHtml, splitHtmlChunks, isLikelyTelegramHtml, repairEscapedWhitespace, sanitizeForTelegram } from '../format.js'
+import { markdownToHtml, splitHtmlChunks, isLikelyTelegramHtml, repairEscapedWhitespace, sanitizeForTelegram, telegramHtmlToPlainText } from '../format.js'
 
 // ---------------------------------------------------------------------------
 // markdownToHtml
@@ -1091,3 +1091,86 @@ describe('markdownToHtml — markdown table rendering', () => {
     expect(result).toContain('• <b>OR</b>')
   })
 })
+
+describe('telegramHtmlToPlainText (HTML parse-reject fallback)', () => {
+  test('strips supported formatting tags, keeps the text', () => {
+    const out = telegramHtmlToPlainText('<b>Bold</b> and <i>italic</i> and <code>x=1</code>')
+    expect(out).toBe('Bold and italic and x=1')
+  })
+
+  test('anchors become "label (href)"', () => {
+    const out = telegramHtmlToPlainText('see <a href="https://example.com/x">the docs</a> now')
+    expect(out).toBe('see the docs (https://example.com/x) now')
+  })
+
+  test('anchor with label equal to href collapses to the bare url', () => {
+    const out = telegramHtmlToPlainText('<a href="https://example.com">https://example.com</a>')
+    expect(out).toBe('https://example.com')
+  })
+
+  test('anchor with empty label yields just the href', () => {
+    expect(telegramHtmlToPlainText('<a href="https://e.com"></a>')).toBe('https://e.com')
+  })
+
+  test('single-quoted and unquoted href forms are handled', () => {
+    expect(telegramHtmlToPlainText("<a href='https://a.co'>A</a>")).toBe('A (https://a.co)')
+    expect(telegramHtmlToPlainText('<a href=https://b.co>B</a>')).toBe('B (https://b.co)')
+  })
+
+  test('decodes the standard HTML entities (no double-decode of the result)', () => {
+    const out = telegramHtmlToPlainText('a &amp; b &lt;tag&gt; &quot;q&quot; &#39;s&#39; 5 &nbsp;€')
+    expect(out).toBe('a & b <tag> "q" \'s\' 5  €')
+  })
+
+  test('numeric + hex char references decode', () => {
+    expect(telegramHtmlToPlainText('&#8594; &#x2192;')).toBe('→ →')
+  })
+
+  test('out-of-range / malformed char refs are left literal', () => {
+    expect(telegramHtmlToPlainText('&#0; &#1114112; &#xZZ;')).toBe('&#0; &#1114112; &#xZZ;')
+  })
+
+  test('block/break boundaries become newlines', () => {
+    const out = telegramHtmlToPlainText('one<br>two<br/>three</p>four</blockquote>five')
+    expect(out).toBe('one\ntwo\nthree\nfour\nfive')
+  })
+
+  test('unsupported / malformed tags (the actual reject cause) are stripped, not escaped', () => {
+    // A markdown→HTML slip that emitted an unsupported tag is exactly
+    // what triggers Telegram's 400; the fallback must yield clean text.
+    const out = telegramHtmlToPlainText('<h2>Title</h2><span class=x>body </span><unknowntag>tail')
+    expect(out).toBe('Title\nbody tail')
+  })
+
+  test('result is literal (parse_mode unset) — no re-escaping of < > &', () => {
+    // We resend with parse_mode UNSET, so the output must be the raw
+    // characters, not HTML entities.
+    const out = telegramHtmlToPlainText('a &lt; b &amp;&amp; c &gt; d')
+    expect(out).toBe('a < b && c > d')
+    expect(out).not.toContain('&lt;')
+    expect(out).not.toContain('&amp;')
+  })
+
+  test('collapses 3+ blank lines and trims trailing line whitespace', () => {
+    const out = telegramHtmlToPlainText('a   \n\n\n\n\nb')
+    expect(out).toBe('a\n\nb')
+  })
+
+  test('nested formatting inside an anchor label is flattened', () => {
+    const out = telegramHtmlToPlainText('<a href="https://x.io"><b>Big</b> link</a>')
+    expect(out).toBe('Big link (https://x.io)')
+  })
+
+  test('empty / whitespace input is safe', () => {
+    expect(telegramHtmlToPlainText('')).toBe('')
+    expect(telegramHtmlToPlainText('   \n  ')).toBe('')
+  })
+
+  test('pure-markup chunk collapses to empty (gateway substitutes a placeholder)', () => {
+    // Documents the trigger for the empty-string guard in
+    // gateway.ts:sendChunkPlainText — a chunk with no text content
+    // strips to '', so the send path must substitute rather than
+    // post an empty message (Telegram 400 "message text is empty").
+    expect(telegramHtmlToPlainText('<b></b><i></i><br><span></span>')).toBe('')
+  })
+})