companion-shell-e2e.test.mjs
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠ breaking
2 days ago
| 1 | /** |
| 2 | * Tier 3 — END TO END: simulated Phase 5 sign-in → verified runtime → local lane. |
| 3 | */ |
| 4 | |
| 5 | import { describe, it } from 'node:test'; |
| 6 | import assert from 'node:assert/strict'; |
| 7 | import crypto from 'node:crypto'; |
| 8 | import { mkdtemp, readFile, rm } from 'node:fs/promises'; |
| 9 | import os from 'node:os'; |
| 10 | import path from 'node:path'; |
| 11 | |
| 12 | import { makeAsyncKeychain } from './helpers/companion-keychain-fake.mjs'; |
| 13 | import { KEYCHAIN_ACCOUNTS } from '../lib/companion-token-custody.mjs'; |
| 14 | import { runCompanionOAuthFlow } from '../lib/companion-oauth-flow.mjs'; |
| 15 | import { |
| 16 | createCompanionShell, |
| 17 | createRuntimeGroup, |
| 18 | downloadVerifyAndStageModel, |
| 19 | validateManifestTrustAnchor, |
| 20 | } from '../lib/companion-shell.mjs'; |
| 21 | |
| 22 | function sha256(data) { |
| 23 | return crypto.createHash('sha256').update(data).digest('hex'); |
| 24 | } |
| 25 | |
| 26 | describe('E2E simulated companion shell', () => { |
| 27 | it('signs in, verifies model bytes, starts runtime, and selects the local lane', async () => { |
| 28 | const keychain = makeAsyncKeychain(); |
| 29 | let openedAuthUrl = null; |
| 30 | |
| 31 | const tokenFetch = async (_url, opts) => { |
| 32 | assert.equal(opts.method, 'POST'); |
| 33 | return { |
| 34 | ok: true, |
| 35 | async json() { |
| 36 | return { |
| 37 | access_token: 'jwt-access-token', |
| 38 | refresh_token: 'refresh-token', |
| 39 | token_type: 'Bearer', |
| 40 | expires_in: 900, |
| 41 | scope: 'vault:read vault:write', |
| 42 | }; |
| 43 | }, |
| 44 | }; |
| 45 | }; |
| 46 | |
| 47 | const oauthResult = await runCompanionOAuthFlow({ |
| 48 | authorizationEndpoint: 'https://gateway.knowtation.com/api/v1/auth/native/authorize', |
| 49 | tokenEndpoint: 'https://gateway.knowtation.com/api/v1/auth/native/token', |
| 50 | expectedIssuer: 'https://gateway.knowtation.com/api/v1/auth/native', |
| 51 | clientId: 'native-client', |
| 52 | scopes: ['vault:read', 'vault:write'], |
| 53 | keychain, |
| 54 | fetch: tokenFetch, |
| 55 | now: () => 5000, |
| 56 | async openBrowser(url) { |
| 57 | openedAuthUrl = new URL(url); |
| 58 | const redirectUri = openedAuthUrl.searchParams.get('redirect_uri'); |
| 59 | const state = openedAuthUrl.searchParams.get('state'); |
| 60 | setTimeout(() => { |
| 61 | const callback = new URL(redirectUri); |
| 62 | callback.searchParams.set('code', 'auth-code'); |
| 63 | callback.searchParams.set('state', state); |
| 64 | callback.searchParams.set('iss', 'https://gateway.knowtation.com/api/v1/auth/native'); |
| 65 | fetch(callback).catch(() => {}); |
| 66 | }, 0); |
| 67 | }, |
| 68 | }); |
| 69 | assert.equal(oauthResult.ok, true); |
| 70 | assert.equal(await keychain.get(KEYCHAIN_ACCOUNTS.ACCESS_TOKEN), 'jwt-access-token'); |
| 71 | assert.equal(openedAuthUrl.searchParams.get('code_challenge_method'), 'S256'); |
| 72 | |
| 73 | const data = Buffer.from('model bytes used by local enrichment'); |
| 74 | const manifest = { |
| 75 | manifestUrl: 'https://gateway.knowtation.com/models/native.json', |
| 76 | modelUrl: 'https://cdn.knowtation-models.com/native.gguf', |
| 77 | expectedDigest: sha256(data), |
| 78 | expectedSizeBytes: data.length, |
| 79 | allowedSourceUrls: ['https://cdn.knowtation-models.com/'], |
| 80 | }; |
| 81 | assert.equal(validateManifestTrustAnchor(manifest).ok, true); |
| 82 | |
| 83 | const tmp = await mkdtemp(path.join(os.tmpdir(), 'knowtation-phase5-e2e-')); |
| 84 | try { |
| 85 | const runtimeGroup = createRuntimeGroup({ |
| 86 | async download(_url, onChunk) { |
| 87 | onChunk(data); |
| 88 | }, |
| 89 | async spawn(opts) { |
| 90 | assert.equal(opts.modelPath, path.join(tmp, 'native.gguf')); |
| 91 | return { pid: 100, port: opts.port, kill: async () => {} }; |
| 92 | }, |
| 93 | async healthCheck() { |
| 94 | return true; |
| 95 | }, |
| 96 | }); |
| 97 | |
| 98 | const verifiedPath = path.join(tmp, 'native.gguf'); |
| 99 | await downloadVerifyAndStageModel({ |
| 100 | runtimeGroup, |
| 101 | tempPath: path.join(tmp, 'native.tmp'), |
| 102 | verifiedPath, |
| 103 | spec: manifest, |
| 104 | }); |
| 105 | assert.equal(await readFile(verifiedPath, 'utf8'), data.toString('utf8')); |
| 106 | |
| 107 | let now = 10_000; |
| 108 | const shell = createCompanionShell({ runtimeGroup, now: () => now }); |
| 109 | shell.markIntegrityVerified(); |
| 110 | shell.setListenerBound(true); |
| 111 | shell.setLoopbackTokenPresent(true); |
| 112 | await shell.startRuntime({ |
| 113 | binaryPath: '/opt/knowtation/runtime', |
| 114 | modelPath: verifiedPath, |
| 115 | port: 45678, |
| 116 | maxRamBytes: 1024, |
| 117 | }); |
| 118 | |
| 119 | assert.equal(shell.companionAvailable(), true); |
| 120 | assert.equal(shell.selectLane({}, { managedKeyAvailable: true }), 'local'); |
| 121 | } finally { |
| 122 | await rm(tmp, { recursive: true, force: true }); |
| 123 | } |
| 124 | }); |
| 125 | }); |
File History
2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠
2 days ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6
docs: accept Calendar Events v0 spec with Phase 0 security …
Human
3 days ago