whale-code 6.5.11 → 6.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/chat/ChatApp.js +7 -11
- package/dist/cli/chat/ChatApp.js.map +1 -1
- package/dist/cli/chat/ChatInput.js +7 -3
- package/dist/cli/chat/ChatInput.js.map +1 -1
- package/dist/cli/chat/MessageList.js +5 -6
- package/dist/cli/chat/MessageList.js.map +1 -1
- package/dist/cli/chat/StatusBar.d.ts +2 -2
- package/dist/cli/chat/StatusBar.js +90 -160
- package/dist/cli/chat/StatusBar.js.map +1 -1
- package/dist/cli/chat/components/LiveArea.js +78 -115
- package/dist/cli/chat/components/LiveArea.js.map +1 -1
- package/dist/cli/chat/components/StaticMessages.js +60 -79
- package/dist/cli/chat/components/StaticMessages.js.map +1 -1
- package/dist/cli/chat/hooks/useAgentLoop.js +45 -37
- package/dist/cli/chat/hooks/useAgentLoop.js.map +1 -1
- package/dist/cli/chat/store.d.ts +12 -0
- package/dist/cli/chat/store.js +19 -0
- package/dist/cli/chat/store.js.map +1 -1
- package/dist/cli/services/agent-loop-tools.js +10 -1
- package/dist/cli/services/agent-loop-tools.js.map +1 -1
- package/dist/cli/services/cli-agent-loop.js +3 -2
- package/dist/cli/services/cli-agent-loop.js.map +1 -1
- package/dist/cli/services/config-store.js +4 -3
- package/dist/cli/services/config-store.js.map +1 -1
- package/dist/cli/services/memory-manager.js +2 -2
- package/dist/cli/services/memory-manager.js.map +1 -1
- package/dist/cli/services/permission-modes.js +14 -10
- package/dist/cli/services/permission-modes.js.map +1 -1
- package/dist/cli/services/session-client.js +2 -1
- package/dist/cli/services/session-client.js.map +1 -1
- package/dist/cli/services/session-persistence.js +14 -6
- package/dist/cli/services/session-persistence.js.map +1 -1
- package/dist/cli/shared/SpinnerSlot.js +4 -1
- package/dist/cli/shared/SpinnerSlot.js.map +1 -1
- package/dist/server/handlers/browser-lifecycle.js +10 -0
- package/dist/server/handlers/browser-lifecycle.js.map +1 -1
- package/dist/server/handlers/browser.js +16 -1
- package/dist/server/handlers/browser.js.map +1 -1
- package/dist/server/handlers/campaigns.js +11 -0
- package/dist/server/handlers/campaigns.js.map +1 -1
- package/dist/server/handlers/catalog-products.js +19 -5
- package/dist/server/handlers/catalog-products.js.map +1 -1
- package/dist/server/handlers/catalog.js +42 -8
- package/dist/server/handlers/catalog.js.map +1 -1
- package/dist/server/handlers/clickhouse.js +4 -4
- package/dist/server/handlers/clickhouse.js.map +1 -1
- package/dist/server/handlers/comms-email.js +70 -8
- package/dist/server/handlers/comms-email.js.map +1 -1
- package/dist/server/handlers/comms.js +63 -21
- package/dist/server/handlers/comms.js.map +1 -1
- package/dist/server/handlers/coupons.js +141 -77
- package/dist/server/handlers/coupons.js.map +1 -1
- package/dist/server/handlers/google-ads.js +280 -8
- package/dist/server/handlers/google-ads.js.map +1 -1
- package/dist/server/handlers/remove-bg.d.ts +33 -0
- package/dist/server/handlers/remove-bg.js +698 -44
- package/dist/server/handlers/remove-bg.js.map +1 -1
- package/dist/server/handlers/supply-chain.js +93 -1
- package/dist/server/handlers/supply-chain.js.map +1 -1
- package/dist/server/handlers/workflow-steps-types.d.ts +1 -1
- package/dist/server/handlers/workflow-steps-types.js +7 -1
- package/dist/server/handlers/workflow-steps-types.js.map +1 -1
- package/dist/server/handlers/workflow-steps.js +1 -1
- package/dist/server/handlers/workflow-steps.js.map +1 -1
- package/dist/server/index.js +122 -29
- package/dist/server/index.js.map +1 -1
- package/dist/server/lib/agent-loop-turn.js +33 -3
- package/dist/server/lib/agent-loop-turn.js.map +1 -1
- package/dist/server/lib/agent-loop-types.d.ts +6 -2
- package/dist/server/lib/agent-loop-types.js +14 -2
- package/dist/server/lib/agent-loop-types.js.map +1 -1
- package/dist/server/lib/clickhouse-client.js +4 -2
- package/dist/server/lib/clickhouse-client.js.map +1 -1
- package/dist/server/lib/code-worker.js +4 -1
- package/dist/server/lib/code-worker.js.map +1 -1
- package/dist/server/providers/anthropic.js +103 -33
- package/dist/server/providers/anthropic.js.map +1 -1
- package/dist/server/server-chat.js +2 -2
- package/dist/server/server-chat.js.map +1 -1
- package/dist/server/server-helpers.d.ts +8 -1
- package/dist/server/server-helpers.js +17 -3
- package/dist/server/server-helpers.js.map +1 -1
- package/dist/server/server-persist.js +34 -21
- package/dist/server/server-persist.js.map +1 -1
- package/dist/server/server-rate-limit.d.ts +0 -1
- package/dist/server/server-rate-limit.js +5 -5
- package/dist/server/server-rate-limit.js.map +1 -1
- package/dist/server/server-routes-approvals.js +2 -2
- package/dist/server/server-routes-approvals.js.map +1 -1
- package/dist/server/server-routes-auth.js +2 -2
- package/dist/server/server-routes-auth.js.map +1 -1
- package/dist/server/server-routes-events.js +2 -2
- package/dist/server/server-routes-events.js.map +1 -1
- package/dist/server/server-routes-public.js +4 -4
- package/dist/server/server-routes-public.js.map +1 -1
- package/dist/server/server-routes-webchat.js +3 -3
- package/dist/server/server-routes-webchat.js.map +1 -1
- package/dist/server/server-store-circuit-breaker.js +1 -1
- package/dist/server/server-store-circuit-breaker.js.map +1 -1
- package/dist/server/tool-router.js +7 -4
- package/dist/server/tool-router.js.map +1 -1
- package/dist/server/validation.js +11 -0
- package/dist/server/validation.js.map +1 -1
- package/dist/shared/api-client.js +38 -11
- package/dist/shared/api-client.js.map +1 -1
- package/package.json +12 -10
- package/vendor/ink/build/ink.js +68 -24
- package/vendor/ink/node_modules/react-devtools-core/README.md +152 -0
- package/vendor/ink/node_modules/react-devtools-core/backend.js +1 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/648.chunk.js +2 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/648.chunk.js.map +1 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/backend.js +15691 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/backend.js.map +1 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/importFile.worker.worker.js +2 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/importFile.worker.worker.js.map +1 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/parseSourceAndMetadata.worker.worker.js +14 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/parseSourceAndMetadata.worker.worker.js.map +1 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/standalone.js +2 -0
- package/vendor/ink/node_modules/react-devtools-core/dist/standalone.js.map +1 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/LICENSE +21 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/README.md +495 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/browser.js +8 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/index.js +10 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/buffer-util.js +129 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/constants.js +10 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/event-target.js +184 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/extension.js +223 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/limiter.js +55 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/permessage-deflate.js +518 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/receiver.js +607 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/sender.js +409 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/stream.js +180 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/validation.js +104 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/websocket-server.js +449 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/lib/websocket.js +1197 -0
- package/vendor/ink/node_modules/react-devtools-core/node_modules/ws/package.json +56 -0
- package/vendor/ink/node_modules/react-devtools-core/package.json +38 -0
- package/vendor/ink/node_modules/react-devtools-core/standalone.js +1 -0
- package/dist/cli/__tests__/print-mode-streaming.test.js +0 -270
- package/dist/cli/__tests__/print-mode.basic-output.test.js +0 -230
- package/dist/cli/__tests__/print-mode.session-errors.test.js +0 -252
- package/dist/cli/__tests__/print-mode.test.js +0 -273
- package/dist/cli/__tests__/serve-mode-messages.test.js +0 -338
- package/dist/cli/__tests__/serve-mode.messages.part2.test.js +0 -266
- package/dist/cli/__tests__/serve-mode.messages.test.js +0 -277
- package/dist/cli/__tests__/serve-mode.startup-http.test.js +0 -279
- package/dist/cli/__tests__/serve-mode.test.js +0 -345
- package/dist/cli/chat/NodeManager.d.ts +0 -30
- package/dist/cli/chat/NodeManager.js +0 -66
- package/dist/cli/chat/NodeManager.js.map +0 -1
- package/dist/cli/chat/chat-input-menu-handler.d.ts +0 -32
- package/dist/cli/chat/hooks/slash-imsg-handlers.js +0 -148
- package/dist/cli/chat/hooks/slash-imsg-handlers.js.map +0 -1
- package/dist/cli/chat/hooks/useStreamingReducer.d.ts +0 -66
- package/dist/cli/commands/__tests__/config-cmd.test.js +0 -270
- package/dist/cli/commands/__tests__/doctor.test.js +0 -257
- package/dist/cli/commands/__tests__/imsg-node-bridge.test.js +0 -99
- package/dist/cli/commands/__tests__/imsg-utils.test.js +0 -73
- package/dist/cli/commands/__tests__/init.test.js +0 -214
- package/dist/cli/commands/__tests__/mcp.test.js +0 -287
- package/dist/cli/commands/imsg-watcher-helpers.d.ts +0 -40
- package/dist/cli/commands/imsg-watcher-helpers.js +0 -184
- package/dist/cli/commands/imsg-watcher-helpers.js.map +0 -1
- package/dist/cli/commands/imsg-watcher.d.ts +0 -11
- package/dist/cli/commands/imsg-watcher.js +0 -230
- package/dist/cli/commands/imsg-watcher.js.map +0 -1
- package/dist/cli/services/__tests__/agent-definitions.test.js +0 -153
- package/dist/cli/services/__tests__/agent-events-global.test.js +0 -39
- package/dist/cli/services/__tests__/agent-events.part2.test.js +0 -113
- package/dist/cli/services/__tests__/agent-events.test.js +0 -157
- package/dist/cli/services/__tests__/agent-loop-auth.test.js +0 -392
- package/dist/cli/services/__tests__/agent-loop-budget.test.js +0 -389
- package/dist/cli/services/__tests__/agent-loop-tools-lifecycle.test.js +0 -430
- package/dist/cli/services/__tests__/agent-loop-tools-maxturns.test.js +0 -486
- package/dist/cli/services/__tests__/agent-loop-utils-execution.test.js +0 -528
- package/dist/cli/services/__tests__/agent-loop-utils-helpers.test.js +0 -466
- package/dist/cli/services/__tests__/agent-worker-base-execute.test.js +0 -257
- package/dist/cli/services/__tests__/agent-worker-base-helpers.test.js +0 -198
- package/dist/cli/services/__tests__/agent-worker-base.test.js +0 -278
- package/dist/cli/services/__tests__/auth-service-exports.test.js +0 -41
- package/dist/cli/services/__tests__/auth-service.part2.test.js +0 -169
- package/dist/cli/services/__tests__/auth-service.test.js +0 -242
- package/dist/cli/services/__tests__/background-processes.test.js +0 -282
- package/dist/cli/services/__tests__/claude-md-loader.test.js +0 -134
- package/dist/cli/services/__tests__/config-store.test.js +0 -247
- package/dist/cli/services/__tests__/debug-log.test.js +0 -199
- package/dist/cli/services/__tests__/edge-cases-caching.test.js +0 -174
- package/dist/cli/services/__tests__/edge-cases-compaction-core.test.js +0 -226
- package/dist/cli/services/__tests__/edge-cases-compaction-openai.test.js +0 -152
- package/dist/cli/services/__tests__/edge-cases-compaction-shapes.test.js +0 -53
- package/dist/cli/services/__tests__/edge-cases-compaction-thinking.test.js +0 -226
- package/dist/cli/services/__tests__/edge-cases-compaction.test.js +0 -131
- package/dist/cli/services/__tests__/edge-cases-paths.test.js +0 -86
- package/dist/cli/services/__tests__/error-logger-messages.test.js +0 -81
- package/dist/cli/services/__tests__/error-logger-transport.test.js +0 -119
- package/dist/cli/services/__tests__/error-logger.test.js +0 -264
- package/dist/cli/services/__tests__/file-history.test.js +0 -136
- package/dist/cli/services/__tests__/git-context-cache-reset.test.js +0 -223
- package/dist/cli/services/__tests__/git-context.test.js +0 -241
- package/dist/cli/services/__tests__/interactive-tools-execute.test.js +0 -166
- package/dist/cli/services/__tests__/interactive-tools-plan.test.js +0 -197
- package/dist/cli/services/__tests__/interactive-tools.part2.test.js +0 -168
- package/dist/cli/services/__tests__/interactive-tools.test.js +0 -179
- package/dist/cli/services/__tests__/keybinding-manager.test.js +0 -205
- package/dist/cli/services/__tests__/local-tools-dispatch.test.js +0 -404
- package/dist/cli/services/__tests__/local-tools.test.js +0 -238
- package/dist/cli/services/__tests__/lsp-manager.test.js +0 -364
- package/dist/cli/services/__tests__/mcp-client-connect-disconnect.test.js +0 -310
- package/dist/cli/services/__tests__/mcp-client.test.js +0 -93
- package/dist/cli/services/__tests__/memory-manager.test.js +0 -154
- package/dist/cli/services/__tests__/model-manager-utils.test.js +0 -154
- package/dist/cli/services/__tests__/model-manager.test.js +0 -175
- package/dist/cli/services/__tests__/permission-modes.test.js +0 -222
- package/dist/cli/services/__tests__/ripgrep.test.js +0 -328
- package/dist/cli/services/__tests__/server-tools-execute.test.js +0 -317
- package/dist/cli/services/__tests__/server-tools.test.js +0 -272
- package/dist/cli/services/__tests__/session-persistence.test.js +0 -245
- package/dist/cli/services/__tests__/subagent-basic.test.js +0 -489
- package/dist/cli/services/__tests__/subagent-edge.test.js +0 -545
- package/dist/cli/services/__tests__/subagent-prompts.test.js +0 -558
- package/dist/cli/services/__tests__/subagent-worker-errors.test.js +0 -255
- package/dist/cli/services/__tests__/subagent-worker.test.js +0 -242
- package/dist/cli/services/__tests__/system-prompt.test.js +0 -210
- package/dist/cli/services/__tests__/team-lead-comms-messaging.test.js +0 -250
- package/dist/cli/services/__tests__/team-lead-comms-result.test.js +0 -232
- package/dist/cli/services/__tests__/team-lead-comms-stop.test.js +0 -344
- package/dist/cli/services/__tests__/team-lead-comms.test.js +0 -285
- package/dist/cli/services/__tests__/team-lead-create.test.js +0 -327
- package/dist/cli/services/__tests__/team-lead-run.test.js +0 -318
- package/dist/cli/services/__tests__/team-lead-stop.test.js +0 -199
- package/dist/cli/services/__tests__/team-state-comms.test.js +0 -240
- package/dist/cli/services/__tests__/team-state-core.test.js +0 -230
- package/dist/cli/services/__tests__/team-state-tasks-complete-fail-available.test.js +0 -224
- package/dist/cli/services/__tests__/team-state-tasks.test.js +0 -184
- package/dist/cli/services/__tests__/telemetry-ai-metadata.test.js +0 -116
- package/dist/cli/services/__tests__/telemetry.part2.test.js +0 -195
- package/dist/cli/services/__tests__/telemetry.test.js +0 -176
- package/dist/cli/services/agent-loop-iteration.d.ts +0 -13
- package/dist/cli/services/agent-loop-setup.d.ts +0 -32
- package/dist/cli/services/agent-worker-base-api.d.ts +0 -19
- package/dist/cli/services/agent-worker-base-helpers.d.ts +0 -27
- package/dist/cli/services/agent-worker-base-tools.d.ts +0 -16
- package/dist/cli/services/agent-worker-base-types.d.ts +0 -81
- package/dist/cli/services/background-agents.d.ts +0 -26
- package/dist/cli/services/background-processes-ops.d.ts +0 -24
- package/dist/cli/services/background-tool-defs.d.ts +0 -50
- package/dist/cli/services/config-modules-model.test.js +0 -133
- package/dist/cli/services/config-modules-permission.test.js +0 -85
- package/dist/cli/services/config-modules-permissions.test.js +0 -85
- package/dist/cli/services/config-modules-session.test.js +0 -297
- package/dist/cli/services/format-server-response-columns.test.js +0 -265
- package/dist/cli/services/format-server-response-fallback.test.js +0 -65
- package/dist/cli/services/format-server-response-primitives-basic.test.js +0 -261
- package/dist/cli/services/format-server-response-primitives-nested.test.js +0 -188
- package/dist/cli/services/format-server-response-primitives.test.js +0 -300
- package/dist/cli/services/format-server-response-realworld.test.js +0 -248
- package/dist/cli/services/format-server-response-values.test.js +0 -247
- package/dist/cli/services/hooks-runners.test.js +0 -184
- package/dist/cli/services/hooks.glob-load.test.js +0 -233
- package/dist/cli/services/hooks.run-hooks.test.js +0 -184
- package/dist/cli/services/hooks.test.js +0 -233
- package/dist/cli/services/ink-incremental.d.ts +0 -19
- package/dist/cli/services/ink-incremental.js +0 -59
- package/dist/cli/services/ink-incremental.js.map +0 -1
- package/dist/cli/services/ink-resize-fix.d.ts +0 -18
- package/dist/cli/services/ink-resize-fix.js +0 -76
- package/dist/cli/services/ink-resize-fix.js.map +0 -1
- package/dist/cli/services/ink-sync-output.d.ts +0 -12
- package/dist/cli/services/ink-sync-output.js +0 -16
- package/dist/cli/services/ink-sync-output.js.map +0 -1
- package/dist/cli/services/interactive-tool-defs.d.ts +0 -80
- package/dist/cli/services/local-tools-definitions.d.ts +0 -6
- package/dist/cli/services/local-tools-files.test.js +0 -256
- package/dist/cli/services/local-tools-read-many.d.ts +0 -6
- package/dist/cli/services/model-router.test.js +0 -245
- package/dist/cli/services/rewind-rewindTo.test.js +0 -202
- package/dist/cli/services/rewind.test.js +0 -175
- package/dist/cli/services/sandbox.test.js +0 -198
- package/dist/cli/services/subagent-execution.d.ts +0 -12
- package/dist/cli/services/team-lead-auto.d.ts +0 -11
- package/dist/cli/services/team-lead-execution.d.ts +0 -28
- package/dist/cli/services/teammate-loop.js +0 -557
- package/dist/cli/services/teammate-loop.js.map +0 -1
- package/dist/cli/services/tools/__tests__/agent-tools-tasks-teams.test.js +0 -250
- package/dist/cli/services/tools/__tests__/agent-tools-teams.test.js +0 -200
- package/dist/cli/services/tools/__tests__/agent-tools.test.js +0 -340
- package/dist/cli/services/tools/__tests__/file-ops-cache.test.js +0 -152
- package/dist/cli/services/tools/__tests__/file-ops-notebook.test.js +0 -249
- package/dist/cli/services/tools/__tests__/file-ops-read.test.js +0 -261
- package/dist/cli/services/tools/__tests__/file-ops-write.test.js +0 -292
- package/dist/cli/services/tools/__tests__/search-tools-rg.test.js +0 -92
- package/dist/cli/services/tools/__tests__/search-tools.part2.test.js +0 -174
- package/dist/cli/services/tools/__tests__/search-tools.test.js +0 -227
- package/dist/cli/services/tools/__tests__/shell-exec-allowed-core.test.js +0 -163
- package/dist/cli/services/tools/__tests__/shell-exec-allowed-extended.test.js +0 -220
- package/dist/cli/services/tools/__tests__/shell-exec-allowed.part2.test.js +0 -215
- package/dist/cli/services/tools/__tests__/shell-exec-allowed.test.js +0 -154
- package/dist/cli/services/tools/__tests__/shell-exec-blocked.test.js +0 -132
- package/dist/cli/services/tools/__tests__/shell-exec-execution.test.js +0 -245
- package/dist/cli/services/tools/__tests__/task-manager-create.test.js +0 -110
- package/dist/cli/services/tools/__tests__/task-manager-crud.test.js +0 -339
- package/dist/cli/services/tools/__tests__/task-manager-list-get.test.js +0 -343
- package/dist/cli/services/tools/__tests__/task-manager-query.test.js +0 -346
- package/dist/cli/services/tools/__tests__/task-manager-routing.test.js +0 -58
- package/dist/cli/services/tools/__tests__/task-manager-update.test.js +0 -224
- package/dist/cli/services/tools/__tests__/task-manager.test.js +0 -159
- package/dist/cli/services/tools/__tests__/web-tools-html-search.test.js +0 -227
- package/dist/cli/services/tools/__tests__/web-tools.test.js +0 -285
- package/dist/cli/services/tools/shell-exec.test.js +0 -148
- package/dist/cli/shared/SharedTick.d.ts +0 -10
- package/dist/cli/shared/__tests__/markdown.test.js +0 -188
- package/dist/local-agent/__tests__/connection-disconnect.test.js +0 -201
- package/dist/local-agent/__tests__/connection-lifecycle.test.js +0 -289
- package/dist/local-agent/__tests__/connection-msghandling.test.js +0 -311
- package/dist/local-agent/__tests__/connection-reconnect.test.js +0 -230
- package/dist/local-agent/__tests__/connection-toolexec.test.js +0 -253
- package/dist/local-agent/__tests__/discovery.test.js +0 -328
- package/dist/local-agent/__tests__/executor-background.test.js +0 -219
- package/dist/local-agent/__tests__/executor-exec.test.js +0 -221
- package/dist/local-agent/__tests__/executor-jobs-sessions.test.js +0 -220
- package/dist/local-agent/__tests__/executor-system-info.test.js +0 -133
- package/dist/local-agent/__tests__/executor-systeminfo.test.js +0 -109
- package/dist/local-agent/__tests__/executor.test.js +0 -235
- package/dist/local-agent/__tests__/index.test.js +0 -139
- package/dist/node/__tests__/cli-channels.test.js +0 -293
- package/dist/node/__tests__/cli-config-edge.test.js +0 -154
- package/dist/node/__tests__/cli-config.test.js +0 -215
- package/dist/node/__tests__/config.test.js +0 -292
- package/dist/node/__tests__/runtime-heartbeat.test.js +0 -153
- package/dist/node/__tests__/runtime-lifecycle-init.test.js +0 -263
- package/dist/node/__tests__/runtime-lifecycle-stats.test.js +0 -180
- package/dist/node/__tests__/runtime-lifecycle.test.js +0 -305
- package/dist/node/__tests__/runtime-relay.test.js +0 -341
- package/dist/node/adapters/__tests__/base.test.js +0 -286
- package/dist/node/adapters/__tests__/discord.test.js +0 -284
- package/dist/node/adapters/__tests__/email-send.test.js +0 -295
- package/dist/node/adapters/__tests__/email.inbound-send.test.js +0 -217
- package/dist/node/adapters/__tests__/email.lifecycle.test.js +0 -211
- package/dist/node/adapters/__tests__/email.test.js +0 -290
- package/dist/node/adapters/__tests__/email.webhook-send.test.js +0 -251
- package/dist/node/adapters/__tests__/imessage-filter.test.js +0 -183
- package/dist/node/adapters/__tests__/imessage-lifecycle.test.js +0 -215
- package/dist/node/adapters/__tests__/imessage-send-restart.test.js +0 -227
- package/dist/node/adapters/__tests__/slack.part2.test.js +0 -135
- package/dist/node/adapters/__tests__/slack.test.js +0 -241
- package/dist/node/adapters/__tests__/sms-extras.test.js +0 -108
- package/dist/node/adapters/__tests__/sms-lifecycle.test.js +0 -203
- package/dist/node/adapters/__tests__/sms-messaging.test.js +0 -266
- package/dist/node/adapters/__tests__/sms.part2.test.js +0 -174
- package/dist/node/adapters/__tests__/sms.test.js +0 -253
- package/dist/node/adapters/__tests__/telegram-polling.test.js +0 -256
- package/dist/node/adapters/__tests__/telegram-send.test.js +0 -166
- package/dist/node/adapters/__tests__/webchat-inbound.test.js +0 -188
- package/dist/node/adapters/__tests__/webchat-outbound.test.js +0 -178
- package/dist/node/adapters/__tests__/whatsapp-inbound.test.js +0 -200
- package/dist/node/adapters/__tests__/whatsapp-send.test.js +0 -212
- package/dist/node/adapters/__tests__/whatsapp.test.js +0 -280
- package/dist/server/__tests__/gateway-fast-fail.test.js +0 -160
- package/dist/server/__tests__/local-agent-gateway.test.js +0 -186
- package/dist/server/__tests__/proxy-handlers-delegation.test.js +0 -240
- package/dist/server/__tests__/proxy-handlers-validation.test.js +0 -211
- package/dist/server/__tests__/proxy-handlers.part2.test.js +0 -240
- package/dist/server/__tests__/proxy-handlers.test.js +0 -213
- package/dist/server/__tests__/strip-base64-e2e.test.js +0 -303
- package/dist/server/__tests__/strip-base64.test.js +0 -256
- package/dist/server/__tests__/tool-router-agent-tools.test.js +0 -324
- package/dist/server/__tests__/tool-router-execute-core.test.js +0 -357
- package/dist/server/__tests__/tool-router-execute-permissions.test.js +0 -332
- package/dist/server/__tests__/tool-router-execute.test.js +0 -348
- package/dist/server/__tests__/tool-router-load.test.js +0 -432
- package/dist/server/__tests__/tool-router-permissions.test.js +0 -359
- package/dist/server/__tests__/tool-router-registry-cache.test.js +0 -383
- package/dist/server/__tests__/tool-router-registry-handlers.test.js +0 -272
- package/dist/server/__tests__/tool-router-registry.test.js +0 -331
- package/dist/server/__tests__/validation-inventory.test.js +0 -250
- package/dist/server/__tests__/validation-misc.test.js +0 -243
- package/dist/server/__tests__/validation-supply-chain.test.js +0 -188
- package/dist/server/__tests__/worker.test.js +0 -265
- package/dist/server/handlers/__tests__/conversation-lock.test.js +0 -117
- package/dist/server/handlers/__tests__/e2e/auth-cross-platform-login.e2e.test.js +0 -268
- package/dist/server/handlers/__tests__/e2e/auth-cross-platform-tokens.e2e.test.js +0 -264
- package/dist/server/handlers/__tests__/e2e/email-pipeline-send.e2e.test.js +0 -214
- package/dist/server/handlers/__tests__/e2e/email-pipeline-threads.e2e.test.js +0 -168
- package/dist/server/handlers/__tests__/e2e/error-logging-pipeline-dedup.e2e.test.js +0 -229
- package/dist/server/handlers/__tests__/e2e/error-logging-pipeline.e2e.test.js +0 -239
- package/dist/server/handlers/__tests__/e2e/error-logging-rate-limit.e2e.test.js +0 -150
- package/dist/server/handlers/__tests__/e2e/inventory-sync-guards.e2e.test.js +0 -177
- package/dist/server/handlers/__tests__/e2e/inventory-sync.e2e.test.js +0 -228
- package/dist/server/handlers/__tests__/e2e/inventory-sync.part2.e2e.test.js +0 -188
- package/dist/server/handlers/__tests__/e2e/order-lifecycle-fulfillment.e2e.test.js +0 -295
- package/dist/server/handlers/__tests__/e2e/order-lifecycle.e2e.test.js +0 -277
- package/dist/server/handlers/__tests__/e2e/order-lifecycle.fulfillment.e2e.test.js +0 -307
- package/dist/server/handlers/__tests__/e2e/order-lifecycle.setup.e2e.test.js +0 -177
- package/dist/server/handlers/__tests__/e2e/storefront-checkout-cart.e2e.test.js +0 -255
- package/dist/server/handlers/__tests__/e2e/storefront-checkout-webhook.e2e.test.js +0 -231
- package/dist/server/handlers/__tests__/e2e/workflow-execution-failures.e2e.test.js +0 -235
- package/dist/server/handlers/__tests__/e2e/workflow-execution.e2e.test.js +0 -294
- package/dist/server/handlers/__tests__/e2e/workflow-security.e2e.test.js +0 -311
- package/dist/server/handlers/__tests__/e2e/workflow-security.part2.e2e.test.js +0 -267
- package/dist/server/handlers/__tests__/workflow-cache.test.js +0 -237
- package/dist/server/handlers/analytics-errors-edge.test.js +0 -173
- package/dist/server/handlers/analytics.test.js +0 -280
- package/dist/server/handlers/api-docs-examples-ext.d.ts +0 -9
- package/dist/server/handlers/api-docs-examples-ext.js +0 -278
- package/dist/server/handlers/api-docs-examples-ext.js.map +0 -1
- package/dist/server/handlers/api-docs-examples.d.ts +0 -8
- package/dist/server/handlers/api-docs-examples.js +0 -221
- package/dist/server/handlers/api-docs-examples.js.map +0 -1
- package/dist/server/handlers/api-docs-sections-ext.d.ts +0 -2
- package/dist/server/handlers/api-docs-sections-ext.js +0 -497
- package/dist/server/handlers/api-docs-sections-ext.js.map +0 -1
- package/dist/server/handlers/api-docs-sections.d.ts +0 -21
- package/dist/server/handlers/api-docs-sections.js +0 -293
- package/dist/server/handlers/api-docs-sections.js.map +0 -1
- package/dist/server/handlers/api-keys.part2.test.js +0 -157
- package/dist/server/handlers/api-keys.test.js +0 -161
- package/dist/server/handlers/billing-routes.test.js +0 -123
- package/dist/server/handlers/billing.test.js +0 -215
- package/dist/server/handlers/browser-actions-errors.test.js +0 -94
- package/dist/server/handlers/browser-actions.part2.test.js +0 -190
- package/dist/server/handlers/browser-actions.test.js +0 -190
- package/dist/server/handlers/browser-validation.test.js +0 -257
- package/dist/server/handlers/catalog.test.js +0 -297
- package/dist/server/handlers/comms.test.js +0 -289
- package/dist/server/handlers/creations-advanced-collections.test.js +0 -214
- package/dist/server/handlers/creations-advanced-generate.test.js +0 -142
- package/dist/server/handlers/creations-advanced.test.js +0 -171
- package/dist/server/handlers/creations-collections-preview.test.js +0 -214
- package/dist/server/handlers/creations-crud.test.js +0 -260
- package/dist/server/handlers/creations-mutations.test.js +0 -197
- package/dist/server/handlers/crm.test.js +0 -179
- package/dist/server/handlers/discovery-advertise.test.js +0 -185
- package/dist/server/handlers/discovery-scan.test.js +0 -233
- package/dist/server/handlers/embeddings-embed-search.test.js +0 -196
- package/dist/server/handlers/embeddings-index-delete-stats.test.js +0 -140
- package/dist/server/handlers/embeddings-search.test.js +0 -221
- package/dist/server/handlers/embeddings.test.js +0 -137
- package/dist/server/handlers/enrichment-breach.d.ts +0 -8
- package/dist/server/handlers/enrichment-breach.js +0 -266
- package/dist/server/handlers/enrichment-breach.js.map +0 -1
- package/dist/server/handlers/enrichment-data.d.ts +0 -13
- package/dist/server/handlers/enrichment-data.js +0 -145
- package/dist/server/handlers/enrichment-data.js.map +0 -1
- package/dist/server/handlers/enrichment-mutations.test.js +0 -240
- package/dist/server/handlers/enrichment-queries.test.js +0 -181
- package/dist/server/handlers/enrichment-validation.test.js +0 -177
- package/dist/server/handlers/enrichment-writes.d.ts +0 -16
- package/dist/server/handlers/enrichment-writes.js +0 -226
- package/dist/server/handlers/enrichment-writes.js.map +0 -1
- package/dist/server/handlers/image-gen.test.js +0 -205
- package/dist/server/handlers/inventory.test.js +0 -380
- package/dist/server/handlers/kali-background.test.js +0 -222
- package/dist/server/handlers/kali-errors.test.js +0 -92
- package/dist/server/handlers/kali-validation.test.js +0 -234
- package/dist/server/handlers/llm-providers-actions.test.js +0 -220
- package/dist/server/handlers/llm-providers-anthropic.test.js +0 -239
- package/dist/server/handlers/llm-providers-failover.test.js +0 -232
- package/dist/server/handlers/llm-providers-providers.test.js +0 -300
- package/dist/server/handlers/llm-providers-validation.test.js +0 -239
- package/dist/server/handlers/local-agent-tools.test.js +0 -224
- package/dist/server/handlers/local-agent.test.js +0 -198
- package/dist/server/handlers/local-agent.tools-status.test.js +0 -204
- package/dist/server/handlers/local-agent.validation-exec.test.js +0 -182
- package/dist/server/handlers/meta-ads-audience-rules.test.js +0 -243
- package/dist/server/handlers/meta-ads-audience-targeting.test.js +0 -205
- package/dist/server/handlers/meta-ads-audiences-targeting.test.js +0 -383
- package/dist/server/handlers/meta-ads-crud-ads.test.js +0 -136
- package/dist/server/handlers/meta-ads-crud-campaigns.test.js +0 -189
- package/dist/server/handlers/meta-ads-crud-create.test.js +0 -303
- package/dist/server/handlers/meta-ads-crud-list-update.test.js +0 -259
- package/dist/server/handlers/meta-ads-delete-publish-sync.test.js +0 -282
- package/dist/server/handlers/meta-ads-insights.test.js +0 -80
- package/dist/server/handlers/meta-ads-list-get.test.js +0 -237
- package/dist/server/handlers/meta-ads-publish-delete.test.js +0 -254
- package/dist/server/handlers/meta-ads-publish-helpers.js +0 -117
- package/dist/server/handlers/meta-ads-publish-helpers.js.map +0 -1
- package/dist/server/handlers/meta-ads-publish-sync.test.js +0 -205
- package/dist/server/handlers/meta-ads-publish.test.js +0 -254
- package/dist/server/handlers/meta-ads-sync-insights.test.js +0 -184
- package/dist/server/handlers/meta-ads-update.test.js +0 -117
- package/dist/server/handlers/nodes-channels.test.js +0 -413
- package/dist/server/handlers/nodes-events.test.js +0 -131
- package/dist/server/handlers/nodes-list-delete.test.js +0 -171
- package/dist/server/handlers/nodes-messages-delivery.test.js +0 -208
- package/dist/server/handlers/nodes-messages.test.js +0 -211
- package/dist/server/handlers/nodes-register.test.js +0 -277
- package/dist/server/handlers/nodes.test.js +0 -353
- package/dist/server/handlers/operations.test.js +0 -136
- package/dist/server/handlers/platform-telemetry.test.js +0 -200
- package/dist/server/handlers/platform-websearch.test.js +0 -160
- package/dist/server/handlers/storefront.test.js +0 -329
- package/dist/server/handlers/supply-chain.test.js +0 -347
- package/dist/server/handlers/transcription.test.js +0 -118
- package/dist/server/handlers/video-gen-veo.js +0 -114
- package/dist/server/handlers/video-gen-veo.js.map +0 -1
- package/dist/server/handlers/video-gen.test.js +0 -146
- package/dist/server/handlers/voice.test.js +0 -153
- package/dist/server/handlers/workflow-steps.test.js +0 -330
- package/dist/server/handlers/workflows-extras.test.js +0 -65
- package/dist/server/handlers/workflows.part2.test.js +0 -170
- package/dist/server/handlers/workflows.test.js +0 -281
- package/dist/server/lib/__tests__/batch-client-conversion-jsonl.test.js +0 -171
- package/dist/server/lib/__tests__/batch-client-polling.test.js +0 -292
- package/dist/server/lib/__tests__/batch-client-queue.test.js +0 -270
- package/dist/server/lib/__tests__/clickhouse-buffer.test.js +0 -236
- package/dist/server/lib/__tests__/code-worker-edge-cases.test.js +0 -118
- package/dist/server/lib/__tests__/code-worker-pool-execute.test.js +0 -193
- package/dist/server/lib/__tests__/code-worker-pool-execution.test.js +0 -165
- package/dist/server/lib/__tests__/code-worker-pool-init.test.js +0 -131
- package/dist/server/lib/__tests__/code-worker-pool.test.js +0 -194
- package/dist/server/lib/__tests__/code-worker-sandbox-ops.test.js +0 -123
- package/dist/server/lib/__tests__/code-worker-sandbox.test.js +0 -217
- package/dist/server/lib/__tests__/code-worker.test.js +0 -179
- package/dist/server/lib/__tests__/compaction-service-generate.test.js +0 -229
- package/dist/server/lib/__tests__/compaction-service.test.js +0 -319
- package/dist/server/lib/__tests__/otel.test.js +0 -146
- package/dist/server/lib/__tests__/prompt-sanitizer-validation.test.js +0 -165
- package/dist/server/lib/__tests__/prompt-sanitizer.sanitize.test.js +0 -343
- package/dist/server/lib/__tests__/prompt-sanitizer.test.js +0 -328
- package/dist/server/lib/__tests__/prompt-sanitizer.validate-tool.test.js +0 -145
- package/dist/server/lib/__tests__/provider-capabilities.test.js +0 -263
- package/dist/server/lib/__tests__/provider-failover-routing.test.js +0 -145
- package/dist/server/lib/__tests__/provider-failover-state.test.js +0 -131
- package/dist/server/lib/__tests__/rate-limiter-budgets.test.js +0 -216
- package/dist/server/lib/__tests__/rate-limiter.budgets-tools.test.js +0 -113
- package/dist/server/lib/__tests__/rate-limiter.check-request.test.js +0 -141
- package/dist/server/lib/__tests__/rate-limiter.stats-lifecycle.test.js +0 -135
- package/dist/server/lib/__tests__/rate-limiter.test.js +0 -207
- package/dist/server/lib/__tests__/server-agent-loop-abort-conditions.test.js +0 -544
- package/dist/server/lib/__tests__/server-agent-loop-abort.part2.test.js +0 -504
- package/dist/server/lib/__tests__/server-agent-loop-abort.test.js +0 -396
- package/dist/server/lib/__tests__/server-agent-loop-compaction.test.js +0 -397
- package/dist/server/lib/__tests__/server-agent-loop-failover.test.js +0 -356
- package/dist/server/lib/__tests__/server-agent-loop-features-caching.test.js +0 -519
- package/dist/server/lib/__tests__/server-agent-loop-features-edges.test.js +0 -512
- package/dist/server/lib/__tests__/server-subagent-bailout.test.js +0 -194
- package/dist/server/lib/__tests__/server-subagent-basics.test.js +0 -348
- package/dist/server/lib/__tests__/server-subagent-errors-abort.test.js +0 -319
- package/dist/server/lib/__tests__/server-subagent-errors-progress.test.js +0 -253
- package/dist/server/lib/__tests__/server-subagent-errors.part2.test.js +0 -253
- package/dist/server/lib/__tests__/server-subagent-errors.test.js +0 -319
- package/dist/server/lib/__tests__/session-checkpoint-load.test.js +0 -275
- package/dist/server/lib/__tests__/session-checkpoint-save.test.js +0 -159
- package/dist/server/lib/__tests__/ssrf-guard.test.js +0 -93
- package/dist/server/lib/__tests__/supabase-client.test.js +0 -111
- package/dist/server/lib/__tests__/template-resolver.test.js +0 -317
- package/dist/server/lib/__tests__/utils-timeout.test.js +0 -49
- package/dist/server/lib/__tests__/utils.test.js +0 -322
- package/dist/server/providers/__tests__/anthropic-adapter.test.js +0 -228
- package/dist/server/providers/__tests__/anthropic-betas-toolchoice.test.js +0 -257
- package/dist/server/providers/__tests__/anthropic-errors.test.js +0 -262
- package/dist/server/providers/__tests__/anthropic-stream-core.test.js +0 -275
- package/dist/server/providers/__tests__/anthropic-streaming-betas.test.js +0 -247
- package/dist/server/providers/__tests__/anthropic-streaming-core.test.js +0 -275
- package/dist/server/providers/__tests__/bedrock-config.test.js +0 -177
- package/dist/server/providers/__tests__/bedrock-stream-behavior-streaming.test.js +0 -272
- package/dist/server/providers/__tests__/bedrock-stream-behavior-toolchoice.test.js +0 -214
- package/dist/server/providers/__tests__/bedrock-stream-behavior.part2.test.js +0 -165
- package/dist/server/providers/__tests__/bedrock-stream-behavior.test.js +0 -309
- package/dist/server/providers/__tests__/bedrock-stream-body-credentials.test.js +0 -170
- package/dist/server/providers/__tests__/bedrock-stream-body-extras.test.js +0 -183
- package/dist/server/providers/__tests__/bedrock-stream-body-request.test.js +0 -305
- package/dist/server/providers/__tests__/bedrock-stream-body.part2.test.js +0 -305
- package/dist/server/providers/__tests__/bedrock-stream-body.test.js +0 -175
- package/dist/server/providers/__tests__/bedrock-stream-errors.test.js +0 -165
- package/dist/server/providers/__tests__/gemini-config-methods.test.js +0 -182
- package/dist/server/providers/__tests__/gemini-config-streaming.test.js +0 -257
- package/dist/server/providers/__tests__/gemini-conversion-messages.test.js +0 -247
- package/dist/server/providers/__tests__/gemini-conversion-schema.test.js +0 -365
- package/dist/server/providers/__tests__/gemini-tools-choice.test.js +0 -221
- package/dist/server/providers/__tests__/gemini-tools-fn.test.js +0 -252
- package/dist/server/providers/__tests__/openai-config.test.js +0 -194
- package/dist/server/providers/__tests__/openai-conversion.test.js +0 -276
- package/dist/server/providers/__tests__/openai-messages.test.js +0 -261
- package/dist/server/providers/__tests__/openai-streaming.test.js +0 -394
- package/dist/server/providers/__tests__/openai-tools-cache.test.js +0 -227
- package/dist/server/providers/__tests__/registry.test.js +0 -183
- package/dist/server/providers/__tests__/shared.test.js +0 -297
- package/dist/shared/agent-core-config.test.js +0 -132
- package/dist/shared/agent-core-context-thinking.test.js +0 -293
- package/dist/shared/agent-core-loop-calls.test.js +0 -174
- package/dist/shared/agent-core-loop-detector-bail.test.js +0 -201
- package/dist/shared/agent-core-loop-detector.test.js +0 -195
- package/dist/shared/agent-core-loop-errors.test.js +0 -258
- package/dist/shared/agent-core-pricing.test.js +0 -191
- package/dist/shared/agent-core-sanitize-retry.test.js +0 -129
- package/dist/shared/api-client-build-request.test.js +0 -228
- package/dist/shared/api-client-build-system-caching.test.js +0 -107
- package/dist/shared/api-client-build.test.js +0 -223
- package/dist/shared/api-client-config.d.ts +0 -21
- package/dist/shared/api-client-helpers.d.ts +0 -57
- package/dist/shared/api-client-helpers.test.js +0 -261
- package/dist/shared/api-client-proxy-happy.test.js +0 -255
- package/dist/shared/api-client-proxy-retry.test.js +0 -307
- package/dist/shared/api-client-proxy.d.ts +0 -26
- package/dist/shared/api-client-proxy.test.js +0 -255
- package/dist/shared/api-client-retry.test.js +0 -307
- package/dist/shared/api-client-system-trimming.test.js +0 -261
- package/dist/shared/api-client-trimming.d.ts +0 -36
- package/dist/shared/api-client.test.js +0 -228
- package/dist/shared/compaction-thinking.test.js +0 -315
- package/dist/shared/compaction-trimming.test.js +0 -223
- package/dist/shared/sse-parser-callbacks.test.js +0 -422
- package/dist/shared/sse-parser-collect.test.js +0 -252
- package/dist/shared/sse-parser-e2e.test.js +0 -558
- package/dist/shared/sse-parser-parse.test.js +0 -253
- package/dist/shared/tool-dispatch-advanced-batch-build.test.js +0 -405
- package/dist/shared/tool-dispatch-advanced.test.js +0 -320
- package/dist/shared/tool-dispatch-basic.test.js +0 -278
- package/dist/shared/tool-dispatch-content.d.ts +0 -14
- package/dist/shared/tool-dispatch-parallel.test.js +0 -378
- package/dist/webchat/__tests__/widget-messaging.test.js +0 -323
- package/dist/webchat/__tests__/widget.test.js +0 -273
|
@@ -1,311 +0,0 @@
|
|
|
1
|
-
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
2
|
-
import { randomUUID } from "node:crypto";
|
|
3
|
-
import { isBlockedUrl } from "../../../lib/ssrf-guard.js";
|
|
4
|
-
import { HAS_TEST_DB, getTestClient, seedTracked, cleanup, RUN_PREFIX } from "../../__test-utils__/test-db.js";
|
|
5
|
-
|
|
6
|
-
// ============================================================================
|
|
7
|
-
// Real Supabase client
|
|
8
|
-
// ============================================================================
|
|
9
|
-
|
|
10
|
-
const sb = getTestClient();
|
|
11
|
-
|
|
12
|
-
// ============================================================================
|
|
13
|
-
// Auth Helpers
|
|
14
|
-
// ============================================================================
|
|
15
|
-
|
|
16
|
-
let jwtCounter = 0;
|
|
17
|
-
function generateJwt(userId, storeId, expiresInMs = 3600000) {
|
|
18
|
-
const header = {
|
|
19
|
-
alg: "HS256",
|
|
20
|
-
typ: "JWT"
|
|
21
|
-
};
|
|
22
|
-
const payload = {
|
|
23
|
-
sub: userId,
|
|
24
|
-
store_id: storeId,
|
|
25
|
-
iat: Date.now(),
|
|
26
|
-
exp: Date.now() + expiresInMs,
|
|
27
|
-
jti: `${Date.now()}_${++jwtCounter}`
|
|
28
|
-
};
|
|
29
|
-
const b64 = obj => Buffer.from(JSON.stringify(obj)).toString("base64url");
|
|
30
|
-
return `${b64(header)}.${b64(payload)}.mock_signature`;
|
|
31
|
-
}
|
|
32
|
-
function parseJwt(token) {
|
|
33
|
-
try {
|
|
34
|
-
const parts = token.split(".");
|
|
35
|
-
if (parts.length !== 3) return null;
|
|
36
|
-
const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
|
|
37
|
-
return payload;
|
|
38
|
-
} catch {
|
|
39
|
-
return null;
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
async function authenticateRequest(authHeader) {
|
|
43
|
-
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
44
|
-
return {
|
|
45
|
-
userId: null,
|
|
46
|
-
storeId: null,
|
|
47
|
-
error: "Missing or invalid Authorization header",
|
|
48
|
-
statusCode: 401
|
|
49
|
-
};
|
|
50
|
-
}
|
|
51
|
-
const token = authHeader.slice(7);
|
|
52
|
-
const payload = parseJwt(token);
|
|
53
|
-
if (!payload) {
|
|
54
|
-
return {
|
|
55
|
-
userId: null,
|
|
56
|
-
storeId: null,
|
|
57
|
-
error: "Invalid token",
|
|
58
|
-
statusCode: 401
|
|
59
|
-
};
|
|
60
|
-
}
|
|
61
|
-
if (payload.exp < Date.now()) {
|
|
62
|
-
return {
|
|
63
|
-
userId: null,
|
|
64
|
-
storeId: null,
|
|
65
|
-
error: "Token expired",
|
|
66
|
-
statusCode: 401
|
|
67
|
-
};
|
|
68
|
-
}
|
|
69
|
-
const {
|
|
70
|
-
data: user
|
|
71
|
-
} = await sb.from("platform_users").select().eq("id", payload.sub);
|
|
72
|
-
if (!user || user.length === 0) {
|
|
73
|
-
return {
|
|
74
|
-
userId: null,
|
|
75
|
-
storeId: null,
|
|
76
|
-
error: "User not found",
|
|
77
|
-
statusCode: 401
|
|
78
|
-
};
|
|
79
|
-
}
|
|
80
|
-
return {
|
|
81
|
-
userId: payload.sub,
|
|
82
|
-
storeId: payload.store_id,
|
|
83
|
-
error: null,
|
|
84
|
-
statusCode: 200
|
|
85
|
-
};
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
// ============================================================================
|
|
89
|
-
// Workflow API Handlers (simulated)
|
|
90
|
-
// ============================================================================
|
|
91
|
-
|
|
92
|
-
/** Validate senderId -- reject injection characters */
|
|
93
|
-
function validateSenderId(senderId) {
|
|
94
|
-
const INJECTION_PATTERN = /['";\{\}\$\(\)<>\\]/;
|
|
95
|
-
if (INJECTION_PATTERN.test(senderId)) {
|
|
96
|
-
return {
|
|
97
|
-
valid: false,
|
|
98
|
-
error: "senderId contains invalid characters"
|
|
99
|
-
};
|
|
100
|
-
}
|
|
101
|
-
if (senderId.length > 128) {
|
|
102
|
-
return {
|
|
103
|
-
valid: false,
|
|
104
|
-
error: "senderId exceeds maximum length"
|
|
105
|
-
};
|
|
106
|
-
}
|
|
107
|
-
if (senderId.trim().length === 0) {
|
|
108
|
-
return {
|
|
109
|
-
valid: false,
|
|
110
|
-
error: "senderId cannot be empty"
|
|
111
|
-
};
|
|
112
|
-
}
|
|
113
|
-
return {
|
|
114
|
-
valid: true
|
|
115
|
-
};
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
/** Simulated SSE stream endpoint -- checks store authorization */
|
|
119
|
-
async function requestSSEStream(authHeader, targetStoreId) {
|
|
120
|
-
const auth = await authenticateRequest(authHeader);
|
|
121
|
-
if (auth.error) {
|
|
122
|
-
return {
|
|
123
|
-
error: auth.error,
|
|
124
|
-
statusCode: auth.statusCode
|
|
125
|
-
};
|
|
126
|
-
}
|
|
127
|
-
if (auth.storeId !== targetStoreId) {
|
|
128
|
-
await seedTracked("error_events", [{
|
|
129
|
-
id: randomUUID(),
|
|
130
|
-
store_id: targetStoreId,
|
|
131
|
-
error_type: "sse_stream_denied",
|
|
132
|
-
error_message: "Forbidden: store access denied",
|
|
133
|
-
severity: "warning",
|
|
134
|
-
user_id: auth.userId,
|
|
135
|
-
tags: {
|
|
136
|
-
reason: "store_mismatch",
|
|
137
|
-
authorized: false
|
|
138
|
-
}
|
|
139
|
-
}]);
|
|
140
|
-
return {
|
|
141
|
-
error: "Forbidden: store access denied",
|
|
142
|
-
statusCode: 403
|
|
143
|
-
};
|
|
144
|
-
}
|
|
145
|
-
return {
|
|
146
|
-
error: null,
|
|
147
|
-
statusCode: 200,
|
|
148
|
-
stream: `sse:${targetStoreId}`
|
|
149
|
-
};
|
|
150
|
-
}
|
|
151
|
-
|
|
152
|
-
/** Simulated graph action endpoint -- checks store authorization */
|
|
153
|
-
async function executeGraphAction(authHeader, targetStoreId, action) {
|
|
154
|
-
const auth = await authenticateRequest(authHeader);
|
|
155
|
-
if (auth.error) {
|
|
156
|
-
return {
|
|
157
|
-
data: null,
|
|
158
|
-
error: auth.error,
|
|
159
|
-
statusCode: auth.statusCode
|
|
160
|
-
};
|
|
161
|
-
}
|
|
162
|
-
if (auth.storeId !== targetStoreId) {
|
|
163
|
-
return {
|
|
164
|
-
data: null,
|
|
165
|
-
error: "Forbidden: cannot access workflows in another store",
|
|
166
|
-
statusCode: 403
|
|
167
|
-
};
|
|
168
|
-
}
|
|
169
|
-
return {
|
|
170
|
-
data: {
|
|
171
|
-
action,
|
|
172
|
-
store_id: targetStoreId,
|
|
173
|
-
result: "ok"
|
|
174
|
-
},
|
|
175
|
-
error: null,
|
|
176
|
-
statusCode: 200
|
|
177
|
-
};
|
|
178
|
-
}
|
|
179
|
-
|
|
180
|
-
// ============================================================================
|
|
181
|
-
// E2E Tests: Workflow Security + Concurrency
|
|
182
|
-
// ============================================================================
|
|
183
|
-
|
|
184
|
-
describe.skipIf(!HAS_TEST_DB)("Workflow Security E2E", () => {
|
|
185
|
-
let storeAId;
|
|
186
|
-
let storeBId;
|
|
187
|
-
let user1Id;
|
|
188
|
-
let user2Id;
|
|
189
|
-
beforeEach(async () => {
|
|
190
|
-
storeAId = randomUUID();
|
|
191
|
-
storeBId = randomUUID();
|
|
192
|
-
user1Id = randomUUID();
|
|
193
|
-
user2Id = randomUUID();
|
|
194
|
-
|
|
195
|
-
// Seed stores (email is NOT NULL)
|
|
196
|
-
await seedTracked("stores", [{
|
|
197
|
-
id: storeAId,
|
|
198
|
-
store_name: `${RUN_PREFIX}_Store Alpha`,
|
|
199
|
-
slug: `${RUN_PREFIX}-store-alpha-ws`,
|
|
200
|
-
email: `${RUN_PREFIX}_alpha@example.com`
|
|
201
|
-
}, {
|
|
202
|
-
id: storeBId,
|
|
203
|
-
store_name: `${RUN_PREFIX}_Store Beta`,
|
|
204
|
-
slug: `${RUN_PREFIX}-store-beta-ws`,
|
|
205
|
-
email: `${RUN_PREFIX}_beta@example.com`
|
|
206
|
-
}]);
|
|
207
|
-
|
|
208
|
-
// Seed users
|
|
209
|
-
await seedTracked("platform_users", [{
|
|
210
|
-
id: user1Id,
|
|
211
|
-
email: `${RUN_PREFIX}_alice_ws@example.com`
|
|
212
|
-
}, {
|
|
213
|
-
id: user2Id,
|
|
214
|
-
email: `${RUN_PREFIX}_bob_ws@example.com`
|
|
215
|
-
}]);
|
|
216
|
-
});
|
|
217
|
-
afterEach(async () => {
|
|
218
|
-
await cleanup();
|
|
219
|
-
});
|
|
220
|
-
|
|
221
|
-
// --------------------------------------------------------------------------
|
|
222
|
-
// Authentication
|
|
223
|
-
// --------------------------------------------------------------------------
|
|
224
|
-
|
|
225
|
-
it("unauthenticated request returns 401", async () => {
|
|
226
|
-
// No auth header
|
|
227
|
-
const result1 = await authenticateRequest(undefined);
|
|
228
|
-
expect(result1.statusCode).toBe(401);
|
|
229
|
-
expect(result1.error).toContain("Missing");
|
|
230
|
-
|
|
231
|
-
// Empty header
|
|
232
|
-
const result2 = await authenticateRequest("");
|
|
233
|
-
expect(result2.statusCode).toBe(401);
|
|
234
|
-
expect(result2.error).toContain("Missing");
|
|
235
|
-
|
|
236
|
-
// Invalid bearer format
|
|
237
|
-
const result3 = await authenticateRequest("Basic dXNlcjpwYXNz");
|
|
238
|
-
expect(result3.statusCode).toBe(401);
|
|
239
|
-
expect(result3.error).toContain("Missing");
|
|
240
|
-
|
|
241
|
-
// Malformed JWT
|
|
242
|
-
const result4 = await authenticateRequest("Bearer not.valid.jwt.extra");
|
|
243
|
-
expect(result4.statusCode).toBe(401);
|
|
244
|
-
});
|
|
245
|
-
|
|
246
|
-
// --------------------------------------------------------------------------
|
|
247
|
-
// SSRF Protection
|
|
248
|
-
// --------------------------------------------------------------------------
|
|
249
|
-
|
|
250
|
-
it("SSRF attempt on webhook URL is blocked", () => {
|
|
251
|
-
// Internal/private IPs
|
|
252
|
-
expect(isBlockedUrl("http://127.0.0.1/callback")).toBe(true);
|
|
253
|
-
expect(isBlockedUrl("http://localhost/hook")).toBe(true);
|
|
254
|
-
expect(isBlockedUrl("http://10.0.0.1/internal")).toBe(true);
|
|
255
|
-
expect(isBlockedUrl("http://192.168.1.1/admin")).toBe(true);
|
|
256
|
-
expect(isBlockedUrl("http://172.16.0.1/secret")).toBe(true);
|
|
257
|
-
|
|
258
|
-
// Cloud metadata
|
|
259
|
-
expect(isBlockedUrl("http://169.254.169.254/latest/meta-data/")).toBe(true);
|
|
260
|
-
|
|
261
|
-
// Internal infrastructure
|
|
262
|
-
expect(isBlockedUrl("https://whale-agent.fly.dev/api")).toBe(true);
|
|
263
|
-
|
|
264
|
-
// Non-HTTP schemes
|
|
265
|
-
expect(isBlockedUrl("file:///etc/passwd")).toBe(true);
|
|
266
|
-
expect(isBlockedUrl("gopher://evil.com")).toBe(true);
|
|
267
|
-
|
|
268
|
-
// Internal TLDs
|
|
269
|
-
expect(isBlockedUrl("http://service.internal/api")).toBe(true);
|
|
270
|
-
expect(isBlockedUrl("http://db.local/query")).toBe(true);
|
|
271
|
-
|
|
272
|
-
// Public URLs should be allowed
|
|
273
|
-
expect(isBlockedUrl("https://api.example.com/webhook")).toBe(false);
|
|
274
|
-
expect(isBlockedUrl("https://hooks.slack.com/services/T/B/X")).toBe(false);
|
|
275
|
-
});
|
|
276
|
-
|
|
277
|
-
// --------------------------------------------------------------------------
|
|
278
|
-
// Input Validation
|
|
279
|
-
// --------------------------------------------------------------------------
|
|
280
|
-
|
|
281
|
-
it("senderId with injection characters is rejected (400)", () => {
|
|
282
|
-
// SQL injection attempts
|
|
283
|
-
expect(validateSenderId("'; DROP TABLE users;--").valid).toBe(false);
|
|
284
|
-
expect(validateSenderId('user" OR 1=1').valid).toBe(false);
|
|
285
|
-
|
|
286
|
-
// Template injection
|
|
287
|
-
expect(validateSenderId("{{steps.steal.data}}").valid).toBe(false);
|
|
288
|
-
|
|
289
|
-
// NoSQL injection
|
|
290
|
-
expect(validateSenderId('{"$gt": ""}').valid).toBe(false);
|
|
291
|
-
|
|
292
|
-
// Script injection
|
|
293
|
-
expect(validateSenderId("<script>alert(1)</script>").valid).toBe(false);
|
|
294
|
-
|
|
295
|
-
// Shell injection
|
|
296
|
-
expect(validateSenderId("user$(whoami)").valid).toBe(false);
|
|
297
|
-
|
|
298
|
-
// Backslash traversal
|
|
299
|
-
expect(validateSenderId("..\\..\\etc\\passwd").valid).toBe(false);
|
|
300
|
-
|
|
301
|
-
// Valid senderIds should pass
|
|
302
|
-
expect(validateSenderId("user_123").valid).toBe(true);
|
|
303
|
-
expect(validateSenderId("alice@example.com").valid).toBe(true);
|
|
304
|
-
expect(validateSenderId("store-abc-def").valid).toBe(true);
|
|
305
|
-
|
|
306
|
-
// Empty and too long
|
|
307
|
-
expect(validateSenderId("").valid).toBe(false);
|
|
308
|
-
expect(validateSenderId(" ").valid).toBe(false);
|
|
309
|
-
expect(validateSenderId("a".repeat(200)).valid).toBe(false);
|
|
310
|
-
});
|
|
311
|
-
});
|
|
@@ -1,267 +0,0 @@
|
|
|
1
|
-
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
2
|
-
import { randomUUID } from "node:crypto";
|
|
3
|
-
import { HAS_TEST_DB, getTestClient, seedTracked, cleanup, RUN_PREFIX } from "../../__test-utils__/test-db.js";
|
|
4
|
-
|
|
5
|
-
// ============================================================================
|
|
6
|
-
// Real Supabase client
|
|
7
|
-
// ============================================================================
|
|
8
|
-
|
|
9
|
-
const sb = getTestClient();
|
|
10
|
-
|
|
11
|
-
// ============================================================================
|
|
12
|
-
// Auth Helpers
|
|
13
|
-
// ============================================================================
|
|
14
|
-
|
|
15
|
-
let jwtCounter = 0;
|
|
16
|
-
function generateJwt(userId, storeId, expiresInMs = 3600000) {
|
|
17
|
-
const header = {
|
|
18
|
-
alg: "HS256",
|
|
19
|
-
typ: "JWT"
|
|
20
|
-
};
|
|
21
|
-
const payload = {
|
|
22
|
-
sub: userId,
|
|
23
|
-
store_id: storeId,
|
|
24
|
-
iat: Date.now(),
|
|
25
|
-
exp: Date.now() + expiresInMs,
|
|
26
|
-
jti: `${Date.now()}_${++jwtCounter}`
|
|
27
|
-
};
|
|
28
|
-
const b64 = obj => Buffer.from(JSON.stringify(obj)).toString("base64url");
|
|
29
|
-
return `${b64(header)}.${b64(payload)}.mock_signature`;
|
|
30
|
-
}
|
|
31
|
-
function parseJwt(token) {
|
|
32
|
-
try {
|
|
33
|
-
const parts = token.split(".");
|
|
34
|
-
if (parts.length !== 3) return null;
|
|
35
|
-
const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
|
|
36
|
-
return payload;
|
|
37
|
-
} catch {
|
|
38
|
-
return null;
|
|
39
|
-
}
|
|
40
|
-
}
|
|
41
|
-
async function authenticateRequest(authHeader) {
|
|
42
|
-
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
43
|
-
return {
|
|
44
|
-
userId: null,
|
|
45
|
-
storeId: null,
|
|
46
|
-
error: "Missing or invalid Authorization header",
|
|
47
|
-
statusCode: 401
|
|
48
|
-
};
|
|
49
|
-
}
|
|
50
|
-
const token = authHeader.slice(7);
|
|
51
|
-
const payload = parseJwt(token);
|
|
52
|
-
if (!payload) {
|
|
53
|
-
return {
|
|
54
|
-
userId: null,
|
|
55
|
-
storeId: null,
|
|
56
|
-
error: "Invalid token",
|
|
57
|
-
statusCode: 401
|
|
58
|
-
};
|
|
59
|
-
}
|
|
60
|
-
if (payload.exp < Date.now()) {
|
|
61
|
-
return {
|
|
62
|
-
userId: null,
|
|
63
|
-
storeId: null,
|
|
64
|
-
error: "Token expired",
|
|
65
|
-
statusCode: 401
|
|
66
|
-
};
|
|
67
|
-
}
|
|
68
|
-
const {
|
|
69
|
-
data: user
|
|
70
|
-
} = await sb.from("platform_users").select().eq("id", payload.sub);
|
|
71
|
-
if (!user || user.length === 0) {
|
|
72
|
-
return {
|
|
73
|
-
userId: null,
|
|
74
|
-
storeId: null,
|
|
75
|
-
error: "User not found",
|
|
76
|
-
statusCode: 401
|
|
77
|
-
};
|
|
78
|
-
}
|
|
79
|
-
return {
|
|
80
|
-
userId: payload.sub,
|
|
81
|
-
storeId: payload.store_id,
|
|
82
|
-
error: null,
|
|
83
|
-
statusCode: 200
|
|
84
|
-
};
|
|
85
|
-
}
|
|
86
|
-
|
|
87
|
-
// ============================================================================
|
|
88
|
-
// Workflow API Handlers (simulated)
|
|
89
|
-
// ============================================================================
|
|
90
|
-
|
|
91
|
-
/** Simulated SSE stream endpoint -- checks store authorization */
|
|
92
|
-
async function requestSSEStream(authHeader, targetStoreId) {
|
|
93
|
-
const auth = await authenticateRequest(authHeader);
|
|
94
|
-
if (auth.error) {
|
|
95
|
-
return {
|
|
96
|
-
error: auth.error,
|
|
97
|
-
statusCode: auth.statusCode
|
|
98
|
-
};
|
|
99
|
-
}
|
|
100
|
-
if (auth.storeId !== targetStoreId) {
|
|
101
|
-
await seedTracked("error_events", [{
|
|
102
|
-
id: randomUUID(),
|
|
103
|
-
store_id: targetStoreId,
|
|
104
|
-
error_type: "sse_stream_denied",
|
|
105
|
-
error_message: "Forbidden: store access denied",
|
|
106
|
-
severity: "warning",
|
|
107
|
-
user_id: auth.userId,
|
|
108
|
-
tags: {
|
|
109
|
-
reason: "store_mismatch",
|
|
110
|
-
authorized: false
|
|
111
|
-
}
|
|
112
|
-
}]);
|
|
113
|
-
return {
|
|
114
|
-
error: "Forbidden: store access denied",
|
|
115
|
-
statusCode: 403
|
|
116
|
-
};
|
|
117
|
-
}
|
|
118
|
-
return {
|
|
119
|
-
error: null,
|
|
120
|
-
statusCode: 200,
|
|
121
|
-
stream: `sse:${targetStoreId}`
|
|
122
|
-
};
|
|
123
|
-
}
|
|
124
|
-
|
|
125
|
-
/** Simulated graph action endpoint -- checks store authorization */
|
|
126
|
-
async function executeGraphAction(authHeader, targetStoreId, action) {
|
|
127
|
-
const auth = await authenticateRequest(authHeader);
|
|
128
|
-
if (auth.error) {
|
|
129
|
-
return {
|
|
130
|
-
data: null,
|
|
131
|
-
error: auth.error,
|
|
132
|
-
statusCode: auth.statusCode
|
|
133
|
-
};
|
|
134
|
-
}
|
|
135
|
-
if (auth.storeId !== targetStoreId) {
|
|
136
|
-
return {
|
|
137
|
-
data: null,
|
|
138
|
-
error: "Forbidden: cannot access workflows in another store",
|
|
139
|
-
statusCode: 403
|
|
140
|
-
};
|
|
141
|
-
}
|
|
142
|
-
return {
|
|
143
|
-
data: {
|
|
144
|
-
action,
|
|
145
|
-
store_id: targetStoreId,
|
|
146
|
-
result: "ok"
|
|
147
|
-
},
|
|
148
|
-
error: null,
|
|
149
|
-
statusCode: 200
|
|
150
|
-
};
|
|
151
|
-
}
|
|
152
|
-
|
|
153
|
-
// ============================================================================
|
|
154
|
-
// E2E Tests: Store Isolation & Unauthenticated Access
|
|
155
|
-
// ============================================================================
|
|
156
|
-
|
|
157
|
-
describe.skipIf(!HAS_TEST_DB)("Workflow Security E2E — isolation & expiry", () => {
|
|
158
|
-
let storeAId;
|
|
159
|
-
let storeBId;
|
|
160
|
-
let user1Id;
|
|
161
|
-
let user2Id;
|
|
162
|
-
beforeEach(async () => {
|
|
163
|
-
storeAId = randomUUID();
|
|
164
|
-
storeBId = randomUUID();
|
|
165
|
-
user1Id = randomUUID();
|
|
166
|
-
user2Id = randomUUID();
|
|
167
|
-
|
|
168
|
-
// Seed stores (email is NOT NULL)
|
|
169
|
-
await seedTracked("stores", [{
|
|
170
|
-
id: storeAId,
|
|
171
|
-
store_name: `${RUN_PREFIX}_Store Alpha`,
|
|
172
|
-
slug: `${RUN_PREFIX}-store-alpha-p2`,
|
|
173
|
-
email: `${RUN_PREFIX}_alpha_p2@example.com`
|
|
174
|
-
}, {
|
|
175
|
-
id: storeBId,
|
|
176
|
-
store_name: `${RUN_PREFIX}_Store Beta`,
|
|
177
|
-
slug: `${RUN_PREFIX}-store-beta-p2`,
|
|
178
|
-
email: `${RUN_PREFIX}_beta_p2@example.com`
|
|
179
|
-
}]);
|
|
180
|
-
|
|
181
|
-
// Seed users
|
|
182
|
-
await seedTracked("platform_users", [{
|
|
183
|
-
id: user1Id,
|
|
184
|
-
email: `${RUN_PREFIX}_alice_p2@example.com`
|
|
185
|
-
}, {
|
|
186
|
-
id: user2Id,
|
|
187
|
-
email: `${RUN_PREFIX}_bob_p2@example.com`
|
|
188
|
-
}]);
|
|
189
|
-
});
|
|
190
|
-
afterEach(async () => {
|
|
191
|
-
await cleanup();
|
|
192
|
-
});
|
|
193
|
-
|
|
194
|
-
// --------------------------------------------------------------------------
|
|
195
|
-
// Store Isolation: SSE Stream
|
|
196
|
-
// --------------------------------------------------------------------------
|
|
197
|
-
|
|
198
|
-
it("SSE stream for wrong store returns 403", async () => {
|
|
199
|
-
const aliceToken = generateJwt(user1Id, storeAId);
|
|
200
|
-
|
|
201
|
-
// Alice (store_A) should NOT be able to subscribe to store_B events
|
|
202
|
-
const result = await requestSSEStream(`Bearer ${aliceToken}`, storeBId);
|
|
203
|
-
expect(result.statusCode).toBe(403);
|
|
204
|
-
expect(result.error).toBe("Forbidden: store access denied");
|
|
205
|
-
expect(result.stream).toBeUndefined();
|
|
206
|
-
|
|
207
|
-
// Verify the unauthorized attempt was logged
|
|
208
|
-
const {
|
|
209
|
-
data: logs
|
|
210
|
-
} = await sb.from("error_events").select().eq("user_id", user1Id).eq("error_type", "sse_stream_denied");
|
|
211
|
-
expect(logs).toBeDefined();
|
|
212
|
-
expect(logs.length).toBeGreaterThanOrEqual(1);
|
|
213
|
-
|
|
214
|
-
// Alice should be able to subscribe to her own store
|
|
215
|
-
const ownResult = await requestSSEStream(`Bearer ${aliceToken}`, storeAId);
|
|
216
|
-
expect(ownResult.statusCode).toBe(200);
|
|
217
|
-
expect(ownResult.stream).toBe(`sse:${storeAId}`);
|
|
218
|
-
});
|
|
219
|
-
|
|
220
|
-
// --------------------------------------------------------------------------
|
|
221
|
-
// Store Isolation: Graph Actions
|
|
222
|
-
// --------------------------------------------------------------------------
|
|
223
|
-
|
|
224
|
-
it("graph action with wrong store returns error", async () => {
|
|
225
|
-
const bobToken = generateJwt(user2Id, storeBId);
|
|
226
|
-
|
|
227
|
-
// Bob (store_B) should NOT be able to execute graph actions on store_A
|
|
228
|
-
const result = await executeGraphAction(`Bearer ${bobToken}`, storeAId, "run_workflow");
|
|
229
|
-
expect(result.statusCode).toBe(403);
|
|
230
|
-
expect(result.error).toContain("Forbidden");
|
|
231
|
-
expect(result.data).toBeNull();
|
|
232
|
-
|
|
233
|
-
// Bob should be able to execute on his own store
|
|
234
|
-
const ownResult = await executeGraphAction(`Bearer ${bobToken}`, storeBId, "run_workflow");
|
|
235
|
-
expect(ownResult.statusCode).toBe(200);
|
|
236
|
-
expect(ownResult.data).toEqual({
|
|
237
|
-
action: "run_workflow",
|
|
238
|
-
store_id: storeBId,
|
|
239
|
-
result: "ok"
|
|
240
|
-
});
|
|
241
|
-
});
|
|
242
|
-
|
|
243
|
-
// --------------------------------------------------------------------------
|
|
244
|
-
// Unauthenticated SSE / Graph
|
|
245
|
-
// --------------------------------------------------------------------------
|
|
246
|
-
|
|
247
|
-
it("SSE stream without auth returns 401", async () => {
|
|
248
|
-
const result = await requestSSEStream(undefined, storeAId);
|
|
249
|
-
expect(result.statusCode).toBe(401);
|
|
250
|
-
expect(result.error).toContain("Missing");
|
|
251
|
-
});
|
|
252
|
-
it("graph action without auth returns 401", async () => {
|
|
253
|
-
const result = await executeGraphAction(undefined, storeAId, "run_workflow");
|
|
254
|
-
expect(result.statusCode).toBe(401);
|
|
255
|
-
expect(result.error).toContain("Missing");
|
|
256
|
-
});
|
|
257
|
-
it("expired token is rejected across all endpoints", async () => {
|
|
258
|
-
const expiredToken = generateJwt(user1Id, storeAId, -1000);
|
|
259
|
-
const authResult = await authenticateRequest(`Bearer ${expiredToken}`);
|
|
260
|
-
expect(authResult.statusCode).toBe(401);
|
|
261
|
-
expect(authResult.error).toBe("Token expired");
|
|
262
|
-
const sseResult = await requestSSEStream(`Bearer ${expiredToken}`, storeAId);
|
|
263
|
-
expect(sseResult.statusCode).toBe(401);
|
|
264
|
-
const graphResult = await executeGraphAction(`Bearer ${expiredToken}`, storeAId, "run");
|
|
265
|
-
expect(graphResult.statusCode).toBe(401);
|
|
266
|
-
});
|
|
267
|
-
});
|