terramend 0.2.0

package/src/utils/openCodeModels.ts

@@ -0,0 +1,82 @@
+// OpenCode-as-source-of-truth for BYOK detection.
+//
+// `opencode models` returns the `provider/model` specifiers that OpenCode
+// can actually route given the current env (workflow env block + GH Actions
+// secrets) and `auth.json` (Codex / future managed credentials). This is
+// authoritative — strictly more accurate than the static
+// `provider.envVars + provider.managedCredentials` catalog in `models.ts`
+// for the "do we have BYOK auth?" gate. The catalog can (and will) miss
+// new auth shapes; OpenCode itself can't.
+//
+// Two captures per run:
+//   1. `captureBaselineModels` — called BEFORE Codex `auth.json` is
+//      materialized. The set OpenCode can serve from the runner's pre-existing
+//      environment alone (workflow `env:` block + GH Actions secrets).
+//   2. `captureAuthorizedModels` — called AFTER Codex `auth.json`
+//      materialization. The authoritative set for BYOK decisions (fallback +
+//      validateAgentApiKey).
+//
+// The set difference (`authorized - baseline`) is the contribution of the
+// Codex OAuth credential to this run — logged once for operator visibility.
+//
+// Memoized at module scope so the two consumers
+// (`selectFallbackModelIfNeeded` + `autoSelectModel`) share one shell-out.
+
+import { execFileSync } from "node:child_process";
+import { log } from "#app/utils/cli";
+
+let baseline: Set<string> | undefined;
+let authorized: Set<string> | undefined;
+
+function readModels(cliPath: string): Set<string> {
+  try {
+    const output = execFileSync(cliPath, ["models"], {
+      encoding: "utf-8",
+      timeout: 30_000,
+      env: process.env,
+    });
+    return new Set(
+      output
+        .split("\n")
+        .map((line) => line.trim())
+        .filter(Boolean),
+    );
+  } catch (error) {
+    log.debug(
+      `» \`opencode models\` failed: ${error instanceof Error ? error.message : String(error)}`,
+    );
+    return new Set();
+  }
+}
+
+/** Snapshot the set of models OpenCode can serve from the current env, BEFORE
+ * Terramend-stored credentials are merged in. Call once early in `main.ts`. */
+export function captureBaselineModels(cliPath: string): void {
+  baseline = readModels(cliPath);
+  log.debug(`» opencode baseline: ${baseline.size} models`);
+}
+
+/** Snapshot the set of models OpenCode can serve AFTER dbSecrets +
+ * Codex auth.json are in place. Logs the diff against the baseline as
+ * `» BYOK auth enabled N model(s): …`. */
+export function captureAuthorizedModels(cliPath: string): void {
+  authorized = readModels(cliPath);
+  const base = baseline;
+  if (base) {
+    const diff = [...authorized].filter((m) => !base.has(m));
+    if (diff.length > 0) {
+      log.info(`» BYOK auth enabled ${diff.length} model(s): ${diff.join(", ")}`);
+    }
+  }
+  log.debug(`» opencode authorized: ${authorized.size} models`);
+}
+
+/** Authorized set captured after Terramend-stored auth is applied. Throws if
+ * called before `captureAuthorizedModels` — the call sites (fallback gate,
+ * api-key validation, auto-select) all run strictly after capture. */
+export function getAuthorizedModels(): Set<string> {
+  if (!authorized) {
+    throw new Error("getAuthorizedModels called before captureAuthorizedModels");
+  }
+  return authorized;
+}

package/src/utils/overrides.test.ts

@@ -0,0 +1,89 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { applyOverrides, DENIED_OVERRIDE_NAMES, parseOverrides } from "#app/utils/overrides";
+
+vi.mock("@actions/core", () => ({
+  setSecret: vi.fn(),
+}));
+
+import * as core from "@actions/core";
+
+const setSecretMock = vi.mocked(core.setSecret);
+
+beforeEach(() => {
+  vi.clearAllMocks();
+});
+
+describe("parseOverrides", () => {
+  it("returns an empty object for empty or whitespace input", () => {
+    expect(parseOverrides("")).toEqual({});
+    expect(parseOverrides("   \n\t ")).toEqual({});
+  });
+
+  it("parses a valid JSON object of string values", () => {
+    expect(parseOverrides('{"A":"1","B":""}')).toEqual({ A: "1", B: "" });
+  });
+
+  it("throws on invalid JSON", () => {
+    expect(() => parseOverrides("{nope")).toThrow(/invalid UNSAFE_OVERRIDES: not valid JSON/);
+  });
+
+  it("throws on non-object JSON", () => {
+    expect(() => parseOverrides('"string"')).toThrow(/must be a JSON object/);
+    expect(() => parseOverrides("null")).toThrow(/must be a JSON object/);
+    expect(() => parseOverrides('["a"]')).toThrow(/must be a JSON object/);
+  });
+
+  it("throws when a value is not a string", () => {
+    expect(() => parseOverrides('{"A":42}')).toThrow(/key "A" must have a string value/);
+  });
+});
+
+describe("applyOverrides", () => {
+  it("applies overrides, masks values, and strips the raw input var", () => {
+    const env: NodeJS.ProcessEnv = { UNSAFE_OVERRIDES: '{"MY_KEY":"secret-value"}' };
+
+    const result = applyOverrides({ raw: '{"MY_KEY":"secret-value"}', env });
+
+    expect(result).toEqual({ applied: ["MY_KEY"], denied: [] });
+    expect(env.MY_KEY).toBe("secret-value");
+    expect(env.UNSAFE_OVERRIDES).toBeUndefined();
+    expect(setSecretMock).toHaveBeenCalledWith("secret-value");
+  });
+
+  it("refuses denied names while applying the rest", () => {
+    const env: NodeJS.ProcessEnv = {};
+
+    const result = applyOverrides({
+      raw: '{"GITHUB_TOKEN":"stolen","ANTHROPIC_API_KEY":"sk-test"}',
+      env,
+    });
+
+    expect(result.denied).toEqual(["GITHUB_TOKEN"]);
+    expect(result.applied).toEqual(["ANTHROPIC_API_KEY"]);
+    expect(env.GITHUB_TOKEN).toBeUndefined();
+    expect(env.ANTHROPIC_API_KEY).toBe("sk-test");
+  });
+
+  it("does not register empty values as secrets", () => {
+    const env: NodeJS.ProcessEnv = {};
+
+    const result = applyOverrides({ raw: '{"EMPTY":""}', env });
+
+    expect(result.applied).toEqual(["EMPTY"]);
+    expect(env.EMPTY).toBe("");
+    expect(setSecretMock).not.toHaveBeenCalled();
+  });
+
+  it("denies every name on the deny list", () => {
+    const raw = JSON.stringify(
+      Object.fromEntries(Array.from(DENIED_OVERRIDE_NAMES, (name) => [name, "x"])),
+    );
+    const env: NodeJS.ProcessEnv = {};
+
+    const result = applyOverrides({ raw, env });
+
+    expect(result.applied).toEqual([]);
+    expect(result.denied.sort()).toEqual(Array.from(DENIED_OVERRIDE_NAMES).sort());
+    expect(setSecretMock).not.toHaveBeenCalled();
+  });
+});

package/src/utils/overrides.ts

@@ -0,0 +1,98 @@
+/**
+ * Parse + apply the action's `unsafe_overrides` input — a JSON object of env
+ * var overrides that mutate `process.env` at the start of a run. Designed for
+ * e2e testing / debugging from `workflow_dispatch`; only callers with
+ * `actions:write` on the repo can supply it.
+ *
+ * The `unsafe` prefix is load-bearing: GH Actions echoes the value verbatim
+ * in the runner's step-header log, so the raw JSON (including any values
+ * passed in) is visible to anyone with `actions:read` on the calling repo.
+ * Treat the run log as compromised for any value placed in `unsafe_overrides`.
+ */
+
+import * as core from "@actions/core";
+
+/**
+ * Names refused even when present in the input. Overriding these would let a
+ * caller escape terramend's scope (GITHUB_TOKEN), break runner internals
+ * (ACTIONS_RUNTIME_*), forge OIDC tokens (ACTIONS_ID_TOKEN_REQUEST_*), or
+ * substitute our server-side auth (TERRAMEND_API_SECRET). Customer-facing
+ * provider keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, CLAUDE_CODE_OAUTH_TOKEN,
+ * etc.) are intentionally NOT denied — overriding those is the use case.
+ */
+export const DENIED_OVERRIDE_NAMES: ReadonlySet<string> = new Set([
+  "GITHUB_TOKEN",
+  "GH_TOKEN",
+  "ACTIONS_RUNTIME_TOKEN",
+  "ACTIONS_RUNTIME_URL",
+  "ACTIONS_ID_TOKEN_REQUEST_URL",
+  "ACTIONS_ID_TOKEN_REQUEST_TOKEN",
+  "ACTIONS_CACHE_URL",
+  "TERRAMEND_API_SECRET",
+  "VERCEL_AUTOMATION_BYPASS_SECRET",
+]);
+
+export interface ApplyOverridesResult {
+  applied: string[];
+  denied: string[];
+}
+
+/** Parse the JSON input. Returns `{}` for empty/whitespace. Throws on shape errors. */
+export function parseOverrides(raw: string): Record<string, string> {
+  const trimmed = raw.trim();
+  if (!trimmed) return {};
+
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch (err) {
+    throw new Error(
+      `invalid UNSAFE_OVERRIDES: not valid JSON (${err instanceof Error ? err.message : String(err)})`,
+    );
+  }
+
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(`invalid UNSAFE_OVERRIDES: must be a JSON object`);
+  }
+
+  const out: Record<string, string> = {};
+  for (const [key, value] of Object.entries(parsed as Record<string, unknown>)) {
+    if (typeof value !== "string") {
+      throw new Error(
+        `invalid UNSAFE_OVERRIDES: key "${key}" must have a string value (got ${typeof value})`,
+      );
+    }
+    out[key] = value;
+  }
+  return out;
+}
+
+/**
+ * Mutate `params.env` in place with the supplied JSON overrides, skipping any
+ * names in `DENIED_OVERRIDE_NAMES`. Each applied value is registered with
+ * `core.setSecret` so the runner masks it in subsequent log output, and the
+ * raw `UNSAFE_OVERRIDES` env var is deleted so spawned subprocesses don't
+ * inherit the original JSON (which would defeat both the deny-list and the
+ * masking by exposing the values verbatim).
+ *
+ * Returns the applied/denied breakdown so the caller can render an audit log.
+ */
+export function applyOverrides(params: {
+  raw: string;
+  env: NodeJS.ProcessEnv;
+}): ApplyOverridesResult {
+  const overrides = parseOverrides(params.raw);
+  const applied: string[] = [];
+  const denied: string[] = [];
+  for (const [key, value] of Object.entries(overrides)) {
+    if (DENIED_OVERRIDE_NAMES.has(key)) {
+      denied.push(key);
+      continue;
+    }
+    if (value.length > 0) core.setSecret(value);
+    params.env[key] = value;
+    applied.push(key);
+  }
+  delete params.env.UNSAFE_OVERRIDES;
+  return { applied, denied };
+}

package/src/utils/packageManager.test.ts

@@ -0,0 +1,321 @@
+import { delimiter, join } from "node:path";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  ensurePackageManager,
+  type PackageManagerSpec,
+  packageManagerBinDir,
+  resolvePackageManagerSpec,
+} from "#app/utils/packageManager";
+
+vi.mock("node:fs", () => ({
+  existsSync: vi.fn(() => true),
+}));
+
+vi.mock("node:fs/promises", () => ({
+  mkdir: vi.fn(async () => undefined),
+  readFile: vi.fn(async () => "{}"),
+}));
+
+vi.mock("#app/utils/cli", () => ({
+  log: {
+    info: vi.fn(),
+    debug: vi.fn(),
+    warning: vi.fn(),
+    error: vi.fn(),
+    success: vi.fn(),
+  },
+}));
+
+vi.mock("#app/utils/subprocess", () => ({
+  spawn: vi.fn(),
+}));
+
+import { existsSync } from "node:fs";
+import { readFile } from "node:fs/promises";
+import { log } from "#app/utils/cli";
+import { spawn } from "#app/utils/subprocess";
+
+const existsSyncMock = vi.mocked(existsSync);
+const readFileMock = vi.mocked(readFile);
+const spawnMock = vi.mocked(spawn);
+const warningMock = vi.mocked(log.warning);
+
+function spawnResult(init: { exitCode?: number; stdout?: string; stderr?: string } = {}) {
+  return {
+    exitCode: init.exitCode ?? 0,
+    stdout: init.stdout ?? "",
+    stderr: init.stderr ?? "",
+    durationMs: 1,
+  };
+}
+
+function mockPackageJson(pkg: unknown): void {
+  existsSyncMock.mockReturnValue(true);
+  readFileMock.mockResolvedValue(JSON.stringify(pkg));
+}
+
+describe("resolvePackageManagerSpec", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("returns null when package.json does not exist", async () => {
+    existsSyncMock.mockReturnValue(false);
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toBeNull();
+    expect(existsSyncMock).toHaveBeenCalledWith(join("/repo", "package.json"));
+  });
+
+  it("returns null and warns when package.json is unparseable", async () => {
+    existsSyncMock.mockReturnValue(true);
+    readFileMock.mockResolvedValue("{nope");
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toBeNull();
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("failed to parse"));
+  });
+
+  it("returns null when neither field is declared", async () => {
+    mockPackageJson({});
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toBeNull();
+  });
+
+  it("parses packageManager field and strips the integrity hash", async () => {
+    mockPackageJson({ packageManager: "pnpm@11.1.1+sha512.abcdef" });
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toEqual({
+      name: "pnpm",
+      version: "11.1.1",
+      concrete: true,
+      source: "packageManager",
+    });
+  });
+
+  it("flags range versions as non-concrete", async () => {
+    mockPackageJson({ packageManager: "yarn@^4.0.0" });
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toEqual({
+      name: "yarn",
+      version: "^4.0.0",
+      concrete: false,
+      source: "packageManager",
+    });
+  });
+
+  it("rejects unsupported packageManager names with a warning", async () => {
+    mockPackageJson({ packageManager: "lerna@9.0.0" });
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toBeNull();
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("unknown packageManager"));
+  });
+
+  it("rejects a packageManager value without a name", async () => {
+    mockPackageJson({ packageManager: "@11.0.0" });
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toBeNull();
+  });
+
+  it("parses devEngines.packageManager", async () => {
+    mockPackageJson({ devEngines: { packageManager: { name: "pnpm", version: " 11.0.0 " } } });
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toEqual({
+      name: "pnpm",
+      version: "11.0.0",
+      concrete: true,
+      source: "devEngines",
+    });
+  });
+
+  it("ignores devEngines entries missing name or version", async () => {
+    mockPackageJson({ devEngines: { packageManager: { name: "pnpm" } } });
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toBeNull();
+  });
+
+  it("rejects unsupported devEngines names with a warning", async () => {
+    mockPackageJson({ devEngines: { packageManager: { name: "vlt", version: "1.0.0" } } });
+    await expect(resolvePackageManagerSpec("/repo")).resolves.toBeNull();
+    expect(warningMock).toHaveBeenCalledWith(
+      expect.stringContaining("unknown devEngines.packageManager.name"),
+    );
+  });
+
+  it("prefers devEngines when the two fields name different managers", async () => {
+    mockPackageJson({
+      packageManager: "yarn@4.0.0",
+      devEngines: { packageManager: { name: "pnpm", version: "^11.0.0" } },
+    });
+    const spec = await resolvePackageManagerSpec("/repo");
+    expect(spec?.name).toBe("pnpm");
+    expect(spec?.source).toBe("devEngines");
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("disagrees"));
+  });
+
+  it("uses a concrete devEngines version, warning when packageManager disagrees", async () => {
+    mockPackageJson({
+      packageManager: "pnpm@11.2.0",
+      devEngines: { packageManager: { name: "pnpm", version: "11.1.0" } },
+    });
+    const spec = await resolvePackageManagerSpec("/repo");
+    expect(spec?.version).toBe("11.1.0");
+    expect(spec?.source).toBe("devEngines");
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("disagrees"));
+  });
+
+  it("keeps a concrete devEngines version without warning when both agree", async () => {
+    mockPackageJson({
+      packageManager: "pnpm@11.1.0",
+      devEngines: { packageManager: { name: "pnpm", version: "11.1.0" } },
+    });
+    const spec = await resolvePackageManagerSpec("/repo");
+    expect(spec?.version).toBe("11.1.0");
+    expect(warningMock).not.toHaveBeenCalled();
+  });
+
+  it("prefers a concrete packageManager that satisfies the devEngines range", async () => {
+    mockPackageJson({
+      packageManager: "pnpm@11.2.3",
+      devEngines: { packageManager: { name: "pnpm", version: "^11.0.0" } },
+    });
+    const spec = await resolvePackageManagerSpec("/repo");
+    expect(spec).toEqual({
+      name: "pnpm",
+      version: "11.2.3",
+      concrete: true,
+      source: "packageManager",
+    });
+  });
+
+  it("falls back to devEngines when packageManager does not satisfy the range", async () => {
+    mockPackageJson({
+      packageManager: "pnpm@10.0.0",
+      devEngines: { packageManager: { name: "pnpm", version: "^11.0.0" } },
+    });
+    const spec = await resolvePackageManagerSpec("/repo");
+    expect(spec?.source).toBe("devEngines");
+    expect(spec?.version).toBe("^11.0.0");
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("does not satisfy"));
+  });
+
+  it("falls back to devEngines when both are ranges without warning", async () => {
+    mockPackageJson({
+      packageManager: "pnpm@^11.0.0",
+      devEngines: { packageManager: { name: "pnpm", version: "^11.0.0" } },
+    });
+    const spec = await resolvePackageManagerSpec("/repo");
+    expect(spec?.source).toBe("devEngines");
+    expect(warningMock).not.toHaveBeenCalled();
+  });
+
+  it("falls back to packageManager when devEngines is absent", async () => {
+    mockPackageJson({ packageManager: "npm@10.9.0" });
+    const spec = await resolvePackageManagerSpec("/repo");
+    expect(spec?.name).toBe("npm");
+    expect(spec?.source).toBe("packageManager");
+  });
+});
+
+describe("packageManagerBinDir", () => {
+  it("nests pm-bin under the run tmpdir", () => {
+    expect(packageManagerBinDir("/tmp/run")).toBe(join("/tmp/run", "pm-bin"));
+  });
+});
+
+describe("ensurePackageManager", () => {
+  const binDir = join("/tmp/run", "pm-bin");
+  let originalPath: string | undefined;
+
+  function spec(overrides: Partial<PackageManagerSpec> = {}): PackageManagerSpec {
+    return {
+      name: "pnpm",
+      version: "11.1.1",
+      concrete: true,
+      source: "packageManager",
+      ...overrides,
+    };
+  }
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    originalPath = process.env.PATH;
+  });
+
+  afterEach(() => {
+    process.env.PATH = originalPath;
+  });
+
+  it("returns true for npm without spawning anything", async () => {
+    await expect(ensurePackageManager({ spec: spec({ name: "npm" }), binDir })).resolves.toBe(true);
+    expect(spawnMock).not.toHaveBeenCalled();
+  });
+
+  it("returns false for managers corepack does not ship (bun)", async () => {
+    await expect(ensurePackageManager({ spec: spec({ name: "bun" }), binDir })).resolves.toBe(
+      false,
+    );
+    expect(spawnMock).not.toHaveBeenCalled();
+  });
+
+  it("returns false for range versions with a warning", async () => {
+    const result = await ensurePackageManager({
+      spec: spec({ version: "^11.0.0", concrete: false }),
+      binDir,
+    });
+    expect(result).toBe(false);
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("requires a concrete pin"));
+    expect(spawnMock).not.toHaveBeenCalled();
+  });
+
+  it("short-circuits when the requested version is already active", async () => {
+    spawnMock.mockResolvedValueOnce(spawnResult({ stdout: "11.1.1\n" }));
+    await expect(ensurePackageManager({ spec: spec(), binDir })).resolves.toBe(true);
+    expect(spawnMock).toHaveBeenCalledTimes(1);
+    expect(spawnMock).toHaveBeenCalledWith(
+      expect.objectContaining({ cmd: "pnpm", args: ["--version"] }),
+    );
+  });
+
+  it("returns false when corepack enable fails", async () => {
+    spawnMock
+      .mockResolvedValueOnce(spawnResult({ exitCode: 1 })) // pnpm --version
+      .mockResolvedValueOnce(spawnResult({ exitCode: 1, stderr: "enable broke" })); // enable
+    await expect(ensurePackageManager({ spec: spec(), binDir })).resolves.toBe(false);
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("corepack enable failed"));
+  });
+
+  it("returns false when corepack prepare fails, after prepending binDir to PATH", async () => {
+    process.env.PATH = "/usr/bin";
+    spawnMock
+      .mockResolvedValueOnce(spawnResult({ stdout: "10.0.0\n" })) // wrong version active
+      .mockResolvedValueOnce(spawnResult()) // enable ok
+      .mockResolvedValueOnce(spawnResult({ exitCode: 1, stderr: "" })); // prepare fails
+    await expect(ensurePackageManager({ spec: spec(), binDir })).resolves.toBe(false);
+    expect(process.env.PATH).toBe(`${binDir}${delimiter}/usr/bin`);
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("(empty)"));
+  });
+
+  it("returns true on full corepack success and verifies the resolved version", async () => {
+    spawnMock
+      .mockResolvedValueOnce(spawnResult({ exitCode: 1 })) // not on PATH yet
+      .mockImplementationOnce(async (call) => {
+        // exercise the corepack stream-forwarding callbacks
+        call.onStdout?.("");
+        call.onStderr?.("");
+        return spawnResult(); // enable ok
+      })
+      .mockResolvedValueOnce(spawnResult()) // prepare ok
+      .mockResolvedValueOnce(spawnResult({ stdout: "11.1.1\n" })); // verify
+    await expect(ensurePackageManager({ spec: spec(), binDir })).resolves.toBe(true);
+    expect(warningMock).not.toHaveBeenCalled();
+    expect(spawnMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        cmd: "corepack",
+        args: ["enable", "--install-directory", binDir, "pnpm"],
+      }),
+    );
+    expect(spawnMock).toHaveBeenCalledWith(
+      expect.objectContaining({ cmd: "corepack", args: ["prepare", "pnpm@11.1.1", "--activate"] }),
+    );
+  });
+
+  it("returns true but warns when PATH still resolves to another version", async () => {
+    spawnMock
+      .mockResolvedValueOnce(spawnResult({ exitCode: 1 })) // not on PATH yet
+      .mockResolvedValueOnce(spawnResult()) // enable ok
+      .mockResolvedValueOnce(spawnResult()) // prepare ok
+      .mockResolvedValueOnce(spawnResult({ exitCode: 1 })); // verify fails → null
+    await expect(ensurePackageManager({ spec: spec(), binDir })).resolves.toBe(true);
+    expect(warningMock).toHaveBeenCalledWith(expect.stringContaining("(missing)"));
+  });
+});