mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix: Resolve merge conflicts with develop
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
Details
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source 
Merged OIDC validation changes (#271) with rate limiting (#272)
Both features are now active together
This commit is contained in:
Jason Woltje
2026-02-03 19:32:34 -06:00
parent 760b5c6e8c 0f60b7efe2
commit db3782773f
491 changed files with 26522 additions and 2240 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/api/.env.test Normal file
View File

@@ -0,0 +1,5 @@
DATABASE_URL="postgresql://test:test@localhost:5432/test"
ENCRYPTION_KEY="test-encryption-key-32-characters"
JWT_SECRET="test-jwt-secret"
INSTANCE_NAME="Test Instance"
INSTANCE_URL="https://test.example.com"

68
apps/api/README.md
View File

@@ -5,6 +5,7 @@ The Mosaic Stack API is a NestJS-based backend service providing REST endpoints
## Overview
The API serves as the central backend for:
- **Task Management** - Create, update, track tasks with filtering and sorting
- **Event Management** - Calendar events and scheduling
- **Project Management** - Organize work into projects
@@ -18,20 +19,20 @@ The API serves as the central backend for:
## Available Modules
| Module | Base Path | Description |
|--------|-----------|-------------|
| **Tasks** | `/api/tasks` | CRUD operations for tasks with filtering |
| **Events** | `/api/events` | Calendar events and scheduling |
| **Projects** | `/api/projects` | Project management |
| **Knowledge** | `/api/knowledge/entries` | Wiki entries with markdown support |
| **Knowledge Tags** | `/api/knowledge/tags` | Tag management for knowledge entries |
| **Ideas** | `/api/ideas` | Quick capture and idea management |
| **Domains** | `/api/domains` | Domain categorization |
| **Personalities** | `/api/personalities` | AI personality configurations |
| **Widgets** | `/api/widgets` | Dashboard widget data |
| **Layouts** | `/api/layouts` | Dashboard layout configuration |
| **Ollama** | `/api/ollama` | LLM integration (generate, chat, embed) |
| **Users** | `/api/users/me/preferences` | User preferences |
| Module | Base Path | Description |
| ------------------ | --------------------------- | ---------------------------------------- |
| **Tasks** | `/api/tasks` | CRUD operations for tasks with filtering |
| **Events** | `/api/events` | Calendar events and scheduling |
| **Projects** | `/api/projects` | Project management |
| **Knowledge** | `/api/knowledge/entries` | Wiki entries with markdown support |
| **Knowledge Tags** | `/api/knowledge/tags` | Tag management for knowledge entries |
| **Ideas** | `/api/ideas` | Quick capture and idea management |
| **Domains** | `/api/domains` | Domain categorization |
| **Personalities** | `/api/personalities` | AI personality configurations |
| **Widgets** | `/api/widgets` | Dashboard widget data |
| **Layouts** | `/api/layouts` | Dashboard layout configuration |
| **Ollama** | `/api/ollama` | LLM integration (generate, chat, embed) |
| **Users** | `/api/users/me/preferences` | User preferences |
### Health Check
@@ -51,11 +52,11 @@ The API uses **BetterAuth** for authentication with the following features:
The API uses a layered guard system:
| Guard | Purpose | Applies To |
|-------|---------|------------|
| **AuthGuard** | Verifies user authentication via Bearer token | Most protected endpoints |
| **WorkspaceGuard** | Validates workspace membership and sets Row-Level Security (RLS) context | Workspace-scoped resources |
| **PermissionGuard** | Enforces role-based access control | Admin operations |
| Guard | Purpose | Applies To |
| ------------------- | ------------------------------------------------------------------------ | -------------------------- |
| **AuthGuard** | Verifies user authentication via Bearer token | Most protected endpoints |
| **WorkspaceGuard** | Validates workspace membership and sets Row-Level Security (RLS) context | Workspace-scoped resources |
| **PermissionGuard** | Enforces role-based access control | Admin operations |
### Workspace Roles
@@ -69,15 +70,16 @@ The API uses a layered guard system:
Used with `@RequirePermission()` decorator:
```typescript
Permission.WORKSPACE_OWNER // Requires OWNER role
Permission.WORKSPACE_ADMIN // Requires ADMIN or OWNER
Permission.WORKSPACE_MEMBER // Requires MEMBER, ADMIN, or OWNER
Permission.WORKSPACE_ANY // Any authenticated member including GUEST
Permission.WORKSPACE_OWNER; // Requires OWNER role
Permission.WORKSPACE_ADMIN; // Requires ADMIN or OWNER
Permission.WORKSPACE_MEMBER; // Requires MEMBER, ADMIN, or OWNER
Permission.WORKSPACE_ANY; // Any authenticated member including GUEST
```
### Providing Workspace Context
Workspace ID can be provided via:
1. **Header**: `X-Workspace-Id: <workspace-id>` (highest priority)
2. **URL Parameter**: `:workspaceId`
3. **Request Body**: `workspaceId` field
@@ -85,7 +87,7 @@ Workspace ID can be provided via:
### Example: Protected Controller
```typescript
@Controller('tasks')
@Controller("tasks")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class TasksController {
@Post()
@@ -98,13 +100,13 @@ export class TasksController {
## Environment Variables
| Variable | Description | Default |
|----------|-------------|---------|
| `PORT` | API server port | `3001` |
| `DATABASE_URL` | PostgreSQL connection string | Required |
| `NODE_ENV` | Environment (`development`, `production`) | - |
| `NEXT_PUBLIC_APP_URL` | Frontend application URL (for CORS) | `http://localhost:3000` |
| `WEB_URL` | WebSocket CORS origin | `http://localhost:3000` |
| Variable | Description | Default |
| --------------------- | ----------------------------------------- | ----------------------- |
| `PORT` | API server port | `3001` |
| `DATABASE_URL` | PostgreSQL connection string | Required |
| `NODE_ENV` | Environment (`development`, `production`) | - |
| `NEXT_PUBLIC_APP_URL` | Frontend application URL (for CORS) | `http://localhost:3000` |
| `WEB_URL` | WebSocket CORS origin | `http://localhost:3000` |
## Running Locally
@@ -117,22 +119,26 @@ export class TasksController {
### Setup
1. **Install dependencies:**
```bash
pnpm install
```
2. **Set up environment variables:**
```bash
cp .env.example .env # If available
# Edit .env with your DATABASE_URL
```
3. **Generate Prisma client:**
```bash
pnpm prisma:generate
```
4. **Run database migrations:**
```bash
pnpm prisma:migrate
```

1
apps/api/package.json
View File

@@ -57,6 +57,7 @@
"gray-matter": "^4.0.3",
"highlight.js": "^11.11.1",
"ioredis": "^5.9.2",
"jose": "^6.1.3",
"marked": "^17.0.1",
"marked-gfm-heading-id": "^4.1.3",
"marked-highlight": "^2.2.3",

40
apps/api/prisma/migrations/20260203_add_federation_event_subscriptions/migration.sql Normal file
View File

@@ -0,0 +1,40 @@
-- Add eventType column to federation_messages table
ALTER TABLE "federation_messages" ADD COLUMN "event_type" TEXT;
-- Add index for eventType
CREATE INDEX "federation_messages_event_type_idx" ON "federation_messages"("event_type");
-- CreateTable
CREATE TABLE "federation_event_subscriptions" (
"id" UUID NOT NULL,
"workspace_id" UUID NOT NULL,
"connection_id" UUID NOT NULL,
"event_type" TEXT NOT NULL,
"metadata" JSONB NOT NULL DEFAULT '{}',
"is_active" BOOLEAN NOT NULL DEFAULT true,
"created_at" TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
"updated_at" TIMESTAMPTZ NOT NULL,
CONSTRAINT "federation_event_subscriptions_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE INDEX "federation_event_subscriptions_workspace_id_idx" ON "federation_event_subscriptions"("workspace_id");
-- CreateIndex
CREATE INDEX "federation_event_subscriptions_connection_id_idx" ON "federation_event_subscriptions"("connection_id");
-- CreateIndex
CREATE INDEX "federation_event_subscriptions_event_type_idx" ON "federation_event_subscriptions"("event_type");
-- CreateIndex
CREATE INDEX "federation_event_subscriptions_workspace_id_is_active_idx" ON "federation_event_subscriptions"("workspace_id", "is_active");
-- CreateIndex
CREATE UNIQUE INDEX "federation_event_subscriptions_workspace_id_connection_id_even_key" ON "federation_event_subscriptions"("workspace_id", "connection_id", "event_type");
-- AddForeignKey
ALTER TABLE "federation_event_subscriptions" ADD CONSTRAINT "federation_event_subscriptions_connection_id_fkey" FOREIGN KEY ("connection_id") REFERENCES "federation_connections"("id") ON DELETE CASCADE ON UPDATE CASCADE;
-- AddForeignKey
ALTER TABLE "federation_event_subscriptions" ADD CONSTRAINT "federation_event_subscriptions_workspace_id_fkey" FOREIGN KEY ("workspace_id") REFERENCES "workspaces"("id") ON DELETE CASCADE ON UPDATE CASCADE;

88
apps/api/prisma/schema.prisma
View File

@@ -173,6 +173,19 @@ enum FederationConnectionStatus {
DISCONNECTED
}
enum FederationMessageType {
QUERY
COMMAND
EVENT
}
enum FederationMessageStatus {
PENDING
DELIVERED
FAILED
TIMEOUT
}
// ============================================
// MODELS
// ============================================
@@ -255,8 +268,10 @@ model Workspace {
personalities Personality[]
llmSettings WorkspaceLlmSettings?
qualityGates QualityGate[]
runnerJobs RunnerJob[]
federationConnections FederationConnection[]
runnerJobs RunnerJob[]
federationConnections FederationConnection[]
federationMessages FederationMessage[]
federationEventSubscriptions FederationEventSubscription[]
@@index([ownerId])
@@map("workspaces")
@@ -1273,7 +1288,9 @@ model FederationConnection {
disconnectedAt DateTime? @map("disconnected_at") @db.Timestamptz
// Relations
workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
messages FederationMessage[]
eventSubscriptions FederationEventSubscription[]
@@unique([workspaceId, remoteInstanceId])
@@index([workspaceId])
@@ -1301,3 +1318,68 @@ model FederatedIdentity {
@@index([oidcSubject])
@@map("federated_identities")
}
model FederationMessage {
id String @id @default(uuid()) @db.Uuid
workspaceId String @map("workspace_id") @db.Uuid
connectionId String @map("connection_id") @db.Uuid
// Message metadata
messageType FederationMessageType @map("message_type")
messageId String @unique @map("message_id") // UUID for deduplication
correlationId String? @map("correlation_id") // For request/response tracking
// Message content
query String? @db.Text
commandType String? @map("command_type") @db.Text
eventType String? @map("event_type") @db.Text // For EVENT messages
payload Json? @default("{}")
response Json? @default("{}")
// Status tracking
status FederationMessageStatus @default(PENDING)
error String? @db.Text
// Security
signature String @db.Text
// Timestamps
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz
deliveredAt DateTime? @map("delivered_at") @db.Timestamptz
// Relations
connection FederationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
@@index([workspaceId])
@@index([connectionId])
@@index([messageId])
@@index([correlationId])
@@index([eventType])
@@map("federation_messages")
}
model FederationEventSubscription {
id String @id @default(uuid()) @db.Uuid
workspaceId String @map("workspace_id") @db.Uuid
connectionId String @map("connection_id") @db.Uuid
// Event subscription details
eventType String @map("event_type")
metadata Json @default("{}")
isActive Boolean @default(true) @map("is_active")
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz
// Relations
connection FederationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
@@unique([workspaceId, connectionId, eventType])
@@index([workspaceId])
@@index([connectionId])
@@index([eventType])
@@index([workspaceId, isActive])
@@map("federation_event_subscriptions")
}

17
apps/api/prisma/seed.ts
View File

@@ -340,7 +340,8 @@ pnpm prisma migrate deploy
\`\`\`
For setup instructions, see [[development-setup]].`,
summary: "Comprehensive documentation of the Mosaic Stack database schema and Prisma conventions",
summary:
"Comprehensive documentation of the Mosaic Stack database schema and Prisma conventions",
status: EntryStatus.PUBLISHED,
visibility: Visibility.WORKSPACE,
tags: ["architecture", "development"],
@@ -373,7 +374,7 @@ This is a draft document. See [[architecture-overview]] for current state.`,
// Create entries and track them for linking
const createdEntries = new Map<string, any>();
for (const entryData of entries) {
const entry = await tx.knowledgeEntry.create({
data: {
@@ -388,7 +389,7 @@ This is a draft document. See [[architecture-overview]] for current state.`,
updatedBy: user.id,
},
});
createdEntries.set(entryData.slug, entry);
// Create initial version
@@ -406,7 +407,7 @@ This is a draft document. See [[architecture-overview]] for current state.`,
// Add tags
for (const tagSlug of entryData.tags) {
const tag = tags.find(t => t.slug === tagSlug);
const tag = tags.find((t) => t.slug === tagSlug);
if (tag) {
await tx.knowledgeEntryTag.create({
data: {
@@ -427,7 +428,11 @@ This is a draft document. See [[architecture-overview]] for current state.`,
{ source: "welcome", target: "database-schema", text: "database-schema" },
{ source: "architecture-overview", target: "development-setup", text: "development-setup" },
{ source: "architecture-overview", target: "database-schema", text: "database-schema" },
{ source: "development-setup", target: "architecture-overview", text: "architecture-overview" },
{
source: "development-setup",
target: "architecture-overview",
text: "architecture-overview",
},
{ source: "development-setup", target: "database-schema", text: "database-schema" },
{ source: "database-schema", target: "architecture-overview", text: "architecture-overview" },
{ source: "database-schema", target: "development-setup", text: "development-setup" },
@@ -437,7 +442,7 @@ This is a draft document. See [[architecture-overview]] for current state.`,
for (const link of links) {
const sourceEntry = createdEntries.get(link.source);
const targetEntry = createdEntries.get(link.target);
if (sourceEntry && targetEntry) {
await tx.knowledgeLink.create({
data: {

23
apps/api/src/activity/activity.controller.spec.ts
View File

@@ -152,10 +152,7 @@ describe("ActivityController", () => {
const result = await controller.findOne("activity-123", mockWorkspaceId);
expect(result).toEqual(mockActivity);
expect(mockActivityService.findOne).toHaveBeenCalledWith(
"activity-123",
"workspace-123"
);
expect(mockActivityService.findOne).toHaveBeenCalledWith("activity-123", "workspace-123");
});
it("should return null if activity not found", async () => {
@@ -213,11 +210,7 @@ describe("ActivityController", () => {
it("should return audit trail for a task using authenticated user's workspaceId", async () => {
mockActivityService.getAuditTrail.mockResolvedValue(mockAuditTrail);
const result = await controller.getAuditTrail(
EntityType.TASK,
"task-123",
mockWorkspaceId
);
const result = await controller.getAuditTrail(EntityType.TASK, "task-123", mockWorkspaceId);
expect(result).toEqual(mockAuditTrail);
expect(mockActivityService.getAuditTrail).toHaveBeenCalledWith(
@@ -248,11 +241,7 @@ describe("ActivityController", () => {
mockActivityService.getAuditTrail.mockResolvedValue(eventAuditTrail);
const result = await controller.getAuditTrail(
EntityType.EVENT,
"event-123",
mockWorkspaceId
);
const result = await controller.getAuditTrail(EntityType.EVENT, "event-123", mockWorkspaceId);
expect(result).toEqual(eventAuditTrail);
expect(mockActivityService.getAuditTrail).toHaveBeenCalledWith(
@@ -312,11 +301,7 @@ describe("ActivityController", () => {
it("should return empty array if workspaceId is missing (service handles gracefully)", async () => {
mockActivityService.getAuditTrail.mockResolvedValue([]);
const result = await controller.getAuditTrail(
EntityType.TASK,
"task-123",
undefined as any
);
const result = await controller.getAuditTrail(EntityType.TASK, "task-123", undefined as any);
expect(result).toEqual([]);
expect(mockActivityService.getAuditTrail).toHaveBeenCalledWith(

12
apps/api/src/activity/interceptors/activity-logging.interceptor.spec.ts
View File

@@ -25,9 +25,7 @@ describe("ActivityLoggingInterceptor", () => {
],
}).compile();
interceptor = module.get<ActivityLoggingInterceptor>(
ActivityLoggingInterceptor
);
interceptor = module.get<ActivityLoggingInterceptor>(ActivityLoggingInterceptor);
activityService = module.get<ActivityService>(ActivityService);
vi.clearAllMocks();
@@ -324,9 +322,7 @@ describe("ActivityLoggingInterceptor", () => {
const context = createMockExecutionContext("POST", {}, {}, user);
const next = createMockCallHandler({ id: "test-123" });
mockActivityService.logActivity.mockRejectedValue(
new Error("Logging failed")
);
mockActivityService.logActivity.mockRejectedValue(new Error("Logging failed"));
await new Promise<void>((resolve) => {
interceptor.intercept(context, next).subscribe(() => {
@@ -727,9 +723,7 @@ describe("ActivityLoggingInterceptor", () => {
expect(logCall.details.data.settings.apiKey).toBe("[REDACTED]");
expect(logCall.details.data.settings.public).toBe("visible_data");
expect(logCall.details.data.settings.auth.token).toBe("[REDACTED]");
expect(logCall.details.data.settings.auth.refreshToken).toBe(
"[REDACTED]"
);
expect(logCall.details.data.settings.auth.refreshToken).toBe("[REDACTED]");
resolve();
});
});

22
apps/api/src/agent-tasks/agent-tasks.controller.spec.ts
View File

@@ -86,11 +86,7 @@ describe("AgentTasksController", () => {
const result = await controller.create(createDto, workspaceId, user);
expect(mockAgentTasksService.create).toHaveBeenCalledWith(
workspaceId,
user.id,
createDto
);
expect(mockAgentTasksService.create).toHaveBeenCalledWith(workspaceId, user.id, createDto);
expect(result).toEqual(mockTask);
});
});
@@ -183,10 +179,7 @@ describe("AgentTasksController", () => {
const result = await controller.findOne(id, workspaceId);
expect(mockAgentTasksService.findOne).toHaveBeenCalledWith(
id,
workspaceId
);
expect(mockAgentTasksService.findOne).toHaveBeenCalledWith(id, workspaceId);
expect(result).toEqual(mockTask);
});
});
@@ -220,11 +213,7 @@ describe("AgentTasksController", () => {
const result = await controller.update(id, updateDto, workspaceId);
expect(mockAgentTasksService.update).toHaveBeenCalledWith(
id,
workspaceId,
updateDto
);
expect(mockAgentTasksService.update).toHaveBeenCalledWith(id, workspaceId, updateDto);
expect(result).toEqual(mockTask);
});
});
@@ -240,10 +229,7 @@ describe("AgentTasksController", () => {
const result = await controller.remove(id, workspaceId);
expect(mockAgentTasksService.remove).toHaveBeenCalledWith(
id,
workspaceId
);
expect(mockAgentTasksService.remove).toHaveBeenCalledWith(id, workspaceId);
expect(result).toEqual(mockResponse);
});
});

12
apps/api/src/agent-tasks/agent-tasks.service.spec.ts
View File

@@ -242,9 +242,7 @@ describe("AgentTasksService", () => {
mockPrismaService.agentTask.findUnique.mockResolvedValue(null);
await expect(service.findOne(id, workspaceId)).rejects.toThrow(
NotFoundException
);
await expect(service.findOne(id, workspaceId)).rejects.toThrow(NotFoundException);
});
});
@@ -316,9 +314,7 @@ describe("AgentTasksService", () => {
mockPrismaService.agentTask.findUnique.mockResolvedValue(null);
await expect(
service.update(id, workspaceId, updateDto)
).rejects.toThrow(NotFoundException);
await expect(service.update(id, workspaceId, updateDto)).rejects.toThrow(NotFoundException);
});
});
@@ -345,9 +341,7 @@ describe("AgentTasksService", () => {
mockPrismaService.agentTask.findUnique.mockResolvedValue(null);
await expect(service.remove(id, workspaceId)).rejects.toThrow(
NotFoundException
);
await expect(service.remove(id, workspaceId)).rejects.toThrow(NotFoundException);
});
});
});

3
apps/api/src/bridge/discord/discord.service.spec.ts
View File

@@ -551,7 +551,8 @@ describe("DiscordService", () => {
Authorization: "Bearer secret_token_12345",
},
};
(errorWithSecrets as any).token = "MTk4NjIyNDgzNDcxOTI1MjQ4.Cl2FMQ.ZnCjm1XVW7vRze4b7Cq4se7kKWs";
(errorWithSecrets as any).token =
"MTk4NjIyNDgzNDcxOTI1MjQ4.Cl2FMQ.ZnCjm1XVW7vRze4b7Cq4se7kKWs";
// Trigger error event handler
expect(mockErrorCallbacks.length).toBeGreaterThan(0);

79
apps/api/src/common/README.md
View File

@@ -5,6 +5,7 @@ This directory contains shared guards and decorators for workspace-based permiss
## Overview
The permission system provides:
- **Workspace isolation** via Row-Level Security (RLS)
- **Role-based access control** (RBAC) using workspace member roles
- **Declarative permission requirements** using decorators
@@ -18,6 +19,7 @@ Located in `../auth/guards/auth.guard.ts`
Verifies user authentication and attaches user data to the request.
**Sets on request:**
- `request.user` - Authenticated user object
- `request.session` - User session data
@@ -26,23 +28,27 @@ Verifies user authentication and attaches user data to the request.
Validates workspace access and sets up RLS context.
**Responsibilities:**
1. Extracts workspace ID from request (header, param, or body)
2. Verifies user is a member of the workspace
3. Sets the current user context for RLS policies
4. Attaches workspace context to the request
**Sets on request:**
- `request.workspace.id` - Validated workspace ID
- `request.user.workspaceId` - Workspace ID (for backward compatibility)
**Workspace ID Sources (in priority order):**
1. `X-Workspace-Id` header
2. `:workspaceId` URL parameter
3. `workspaceId` in request body
**Example:**
```typescript
@Controller('tasks')
@Controller("tasks")
@UseGuards(AuthGuard, WorkspaceGuard)
export class TasksController {
@Get()
@@ -57,23 +63,26 @@ export class TasksController {
Enforces role-based access control using workspace member roles.
**Responsibilities:**
1. Reads required permission from `@RequirePermission()` decorator
2. Fetches user's role in the workspace
3. Checks if role satisfies the required permission
4. Attaches role to request for convenience
**Sets on request:**
- `request.user.workspaceRole` - User's role in the workspace
**Must be used after AuthGuard and WorkspaceGuard.**
**Example:**
```typescript
@Controller('admin')
@Controller("admin")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class AdminController {
@RequirePermission(Permission.WORKSPACE_ADMIN)
@Delete('data')
@Delete("data")
async deleteData() {
// Only ADMIN or OWNER can execute
}
@@ -88,14 +97,15 @@ Specifies the minimum permission level required for a route.
**Permission Levels:**
| Permission | Allowed Roles | Use Case |
|------------|--------------|----------|
| `WORKSPACE_OWNER` | OWNER | Critical operations (delete workspace, transfer ownership) |
| `WORKSPACE_ADMIN` | OWNER, ADMIN | Administrative functions (manage members, settings) |
| `WORKSPACE_MEMBER` | OWNER, ADMIN, MEMBER | Standard operations (create/edit content) |
| `WORKSPACE_ANY` | All roles including GUEST | Read-only or basic access |
| Permission | Allowed Roles | Use Case |
| ------------------ | ------------------------- | ---------------------------------------------------------- |
| `WORKSPACE_OWNER` | OWNER | Critical operations (delete workspace, transfer ownership) |
| `WORKSPACE_ADMIN` | OWNER, ADMIN | Administrative functions (manage members, settings) |
| `WORKSPACE_MEMBER` | OWNER, ADMIN, MEMBER | Standard operations (create/edit content) |
| `WORKSPACE_ANY` | All roles including GUEST | Read-only or basic access |
**Example:**
```typescript
@RequirePermission(Permission.WORKSPACE_ADMIN)
@Post('invite')
@@ -109,6 +119,7 @@ async inviteMember(@Body() inviteDto: InviteDto) {
Parameter decorator to extract the validated workspace ID.
**Example:**
```typescript
@Get()
async getTasks(@Workspace() workspaceId: string) {
@@ -121,6 +132,7 @@ async getTasks(@Workspace() workspaceId: string) {
Parameter decorator to extract the full workspace context.
**Example:**
```typescript
@Get()
async getTasks(@WorkspaceContext() workspace: { id: string }) {
@@ -135,6 +147,7 @@ Located in `../auth/decorators/current-user.decorator.ts`
Extracts the authenticated user from the request.
**Example:**
```typescript
@Post()
async create(@CurrentUser() user: any, @Body() dto: CreateDto) {
@@ -153,7 +166,7 @@ import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
@Controller('resources')
@Controller("resources")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class ResourcesController {
@Get()
@@ -164,17 +177,13 @@ export class ResourcesController {
@Post()
@RequirePermission(Permission.WORKSPACE_MEMBER)
async create(
@Workspace() workspaceId: string,
@CurrentUser() user: any,
@Body() dto: CreateDto
) {
async create(@Workspace() workspaceId: string, @CurrentUser() user: any, @Body() dto: CreateDto) {
// Members and above can create
}
@Delete(':id')
@Delete(":id")
@RequirePermission(Permission.WORKSPACE_ADMIN)
async delete(@Param('id') id: string) {
async delete(@Param("id") id: string) {
// Only admins can delete
}
}
@@ -185,24 +194,32 @@ export class ResourcesController {
Different endpoints can have different permission requirements:
```typescript
@Controller('projects')
@Controller("projects")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class ProjectsController {
@Get()
@RequirePermission(Permission.WORKSPACE_ANY)
async list() { /* Anyone can view */ }
async list() {
/* Anyone can view */
}
@Post()
@RequirePermission(Permission.WORKSPACE_MEMBER)
async create() { /* Members can create */ }
async create() {
/* Members can create */
}
@Patch('settings')
@Patch("settings")
@RequirePermission(Permission.WORKSPACE_ADMIN)
async updateSettings() { /* Only admins */ }
async updateSettings() {
/* Only admins */
}
@Delete()
@RequirePermission(Permission.WORKSPACE_OWNER)
async deleteProject() { /* Only owner */ }
async deleteProject() {
/* Only owner */
}
}
```
@@ -211,17 +228,19 @@ export class ProjectsController {
The workspace ID can be provided in multiple ways:
**Via Header (Recommended for SPAs):**
```typescript
// Frontend
fetch('/api/tasks', {
fetch("/api/tasks", {
headers: {
'Authorization': 'Bearer <token>',
'X-Workspace-Id': 'workspace-uuid',
}
})
Authorization: "Bearer <token>",
"X-Workspace-Id": "workspace-uuid",
},
});
```
**Via URL Parameter:**
```typescript
@Get(':workspaceId/tasks')
async getTasks(@Param('workspaceId') workspaceId: string) {
@@ -230,6 +249,7 @@ async getTasks(@Param('workspaceId') workspaceId: string) {
```
**Via Request Body:**
```typescript
@Post()
async create(@Body() dto: { workspaceId: string; name: string }) {
@@ -240,6 +260,7 @@ async create(@Body() dto: { workspaceId: string; name: string }) {
## Row-Level Security (RLS)
When `WorkspaceGuard` is applied, it automatically:
1. Calls `setCurrentUser(userId)` to set the RLS context
2. All subsequent database queries are automatically filtered by RLS policies
3. Users can only access data in workspaces they're members of
@@ -249,10 +270,12 @@ When `WorkspaceGuard` is applied, it automatically:
## Testing
Tests are provided for both guards:
- `workspace.guard.spec.ts` - WorkspaceGuard tests
- `permission.guard.spec.ts` - PermissionGuard tests
**Run tests:**
```bash
npm test -- workspace.guard.spec
npm test -- permission.guard.spec

8
apps/api/src/common/dto/base-filter.dto.spec.ts
View File

@@ -104,7 +104,7 @@ describe("BaseFilterDto", () => {
const errors = await validate(dto);
expect(errors.length).toBeGreaterThan(0);
expect(errors.some(e => e.property === "sortOrder")).toBe(true);
expect(errors.some((e) => e.property === "sortOrder")).toBe(true);
});
it("should accept comma-separated sortBy fields", async () => {
@@ -134,7 +134,7 @@ describe("BaseFilterDto", () => {
const errors = await validate(dto);
expect(errors.length).toBeGreaterThan(0);
expect(errors.some(e => e.property === "dateFrom")).toBe(true);
expect(errors.some((e) => e.property === "dateFrom")).toBe(true);
});
it("should reject invalid date format for dateTo", async () => {
@@ -144,7 +144,7 @@ describe("BaseFilterDto", () => {
const errors = await validate(dto);
expect(errors.length).toBeGreaterThan(0);
expect(errors.some(e => e.property === "dateTo")).toBe(true);
expect(errors.some((e) => e.property === "dateTo")).toBe(true);
});
it("should trim whitespace from search query", async () => {
@@ -165,6 +165,6 @@ describe("BaseFilterDto", () => {
const errors = await validate(dto);
expect(errors.length).toBeGreaterThan(0);
expect(errors.some(e => e.property === "search")).toBe(true);
expect(errors.some((e) => e.property === "search")).toBe(true);
});
});

102
apps/api/src/common/guards/permission.guard.spec.ts
View File

@@ -44,10 +44,7 @@ describe("PermissionGuard", () => {
vi.clearAllMocks();
});
const createMockExecutionContext = (
user: any,
workspace: any
): ExecutionContext => {
const createMockExecutionContext = (user: any, workspace: any): ExecutionContext => {
const mockRequest = {
user,
workspace,
@@ -67,10 +64,7 @@ describe("PermissionGuard", () => {
const workspaceId = "workspace-456";
it("should allow access when no permission is required", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(undefined);
@@ -80,10 +74,7 @@ describe("PermissionGuard", () => {
});
it("should allow OWNER to access WORKSPACE_OWNER permission", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_OWNER);
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
@@ -99,30 +90,19 @@ describe("PermissionGuard", () => {
});
it("should deny ADMIN access to WORKSPACE_OWNER permission", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_OWNER);
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
role: WorkspaceMemberRole.ADMIN,
});
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
});
it("should allow OWNER and ADMIN to access WORKSPACE_ADMIN permission", async () => {
const context1 = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context2 = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context1 = createMockExecutionContext({ id: userId }, { id: workspaceId });
const context2 = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_ADMIN);
@@ -140,34 +120,20 @@ describe("PermissionGuard", () => {
});
it("should deny MEMBER access to WORKSPACE_ADMIN permission", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_ADMIN);
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
role: WorkspaceMemberRole.MEMBER,
});
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
});
it("should allow OWNER, ADMIN, and MEMBER to access WORKSPACE_MEMBER permission", async () => {
const context1 = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context2 = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context3 = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context1 = createMockExecutionContext({ id: userId }, { id: workspaceId });
const context2 = createMockExecutionContext({ id: userId }, { id: workspaceId });
const context3 = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_MEMBER);
@@ -191,26 +157,18 @@ describe("PermissionGuard", () => {
});
it("should deny GUEST access to WORKSPACE_MEMBER permission", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_MEMBER);
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
role: WorkspaceMemberRole.GUEST,
});
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
});
it("should allow any role (including GUEST) to access WORKSPACE_ANY permission", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_ANY);
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
@@ -227,9 +185,7 @@ describe("PermissionGuard", () => {
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_MEMBER);
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
});
it("should throw ForbiddenException when workspace context is missing", async () => {
@@ -237,42 +193,28 @@ describe("PermissionGuard", () => {
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_MEMBER);
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
});
it("should throw ForbiddenException when user is not a workspace member", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_MEMBER);
mockPrismaService.workspaceMember.findUnique.mockResolvedValue(null);
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
await expect(guard.canActivate(context)).rejects.toThrow(
"You are not a member of this workspace"
);
});
it("should handle database errors gracefully", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ id: workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { id: workspaceId });
mockReflector.getAllAndOverride.mockReturnValue(Permission.WORKSPACE_MEMBER);
mockPrismaService.workspaceMember.findUnique.mockRejectedValue(
new Error("Database error")
);
mockPrismaService.workspaceMember.findUnique.mockRejectedValue(new Error("Database error"));
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
});
});
});

57
apps/api/src/common/guards/workspace.guard.spec.ts
View File

@@ -58,10 +58,7 @@ describe("WorkspaceGuard", () => {
const workspaceId = "workspace-456";
it("should allow access when user is a workspace member (via header)", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ "x-workspace-id": workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { "x-workspace-id": workspaceId });
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
workspaceId,
@@ -87,11 +84,7 @@ describe("WorkspaceGuard", () => {
});
it("should allow access when user is a workspace member (via URL param)", async () => {
const context = createMockExecutionContext(
{ id: userId },
{},
{ workspaceId }
);
const context = createMockExecutionContext({ id: userId }, {}, { workspaceId });
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
workspaceId,
@@ -105,12 +98,7 @@ describe("WorkspaceGuard", () => {
});
it("should allow access when user is a workspace member (via body)", async () => {
const context = createMockExecutionContext(
{ id: userId },
{},
{},
{ workspaceId }
);
const context = createMockExecutionContext({ id: userId }, {}, {}, { workspaceId });
mockPrismaService.workspaceMember.findUnique.mockResolvedValue({
workspaceId,
@@ -154,59 +142,38 @@ describe("WorkspaceGuard", () => {
});
it("should throw ForbiddenException when user is not authenticated", async () => {
const context = createMockExecutionContext(
null,
{ "x-workspace-id": workspaceId }
);
const context = createMockExecutionContext(null, { "x-workspace-id": workspaceId });
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(
"User not authenticated"
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
await expect(guard.canActivate(context)).rejects.toThrow("User not authenticated");
});
it("should throw BadRequestException when workspace ID is missing", async () => {
const context = createMockExecutionContext({ id: userId });
await expect(guard.canActivate(context)).rejects.toThrow(
BadRequestException
);
await expect(guard.canActivate(context)).rejects.toThrow(
"Workspace ID is required"
);
await expect(guard.canActivate(context)).rejects.toThrow(BadRequestException);
await expect(guard.canActivate(context)).rejects.toThrow("Workspace ID is required");
});
it("should throw ForbiddenException when user is not a workspace member", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ "x-workspace-id": workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { "x-workspace-id": workspaceId });
mockPrismaService.workspaceMember.findUnique.mockResolvedValue(null);
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
await expect(guard.canActivate(context)).rejects.toThrow(
"You do not have access to this workspace"
);
});
it("should handle database errors gracefully", async () => {
const context = createMockExecutionContext(
{ id: userId },
{ "x-workspace-id": workspaceId }
);
const context = createMockExecutionContext({ id: userId }, { "x-workspace-id": workspaceId });
mockPrismaService.workspaceMember.findUnique.mockRejectedValue(
new Error("Database connection failed")
);
await expect(guard.canActivate(context)).rejects.toThrow(
ForbiddenException
);
await expect(guard.canActivate(context)).rejects.toThrow(ForbiddenException);
});
});
});

23
apps/api/src/common/utils/query-builder.spec.ts
View File

@@ -27,18 +27,14 @@ describe("QueryBuilder", () => {
it("should handle single field", () => {
const result = QueryBuilder.buildSearchFilter("test", ["title"]);
expect(result).toEqual({
OR: [
{ title: { contains: "test", mode: "insensitive" } },
],
OR: [{ title: { contains: "test", mode: "insensitive" } }],
});
});
it("should trim search query", () => {
const result = QueryBuilder.buildSearchFilter(" test ", ["title"]);
expect(result).toEqual({
OR: [
{ title: { contains: "test", mode: "insensitive" } },
],
OR: [{ title: { contains: "test", mode: "insensitive" } }],
});
});
});
@@ -56,26 +52,17 @@ describe("QueryBuilder", () => {
it("should build multi-field sort", () => {
const result = QueryBuilder.buildSortOrder("priority,dueDate", SortOrder.DESC);
expect(result).toEqual([
{ priority: "desc" },
{ dueDate: "desc" },
]);
expect(result).toEqual([{ priority: "desc" }, { dueDate: "desc" }]);
});
it("should handle mixed sorting with custom order per field", () => {
const result = QueryBuilder.buildSortOrder("priority:asc,dueDate:desc");
expect(result).toEqual([
{ priority: "asc" },
{ dueDate: "desc" },
]);
expect(result).toEqual([{ priority: "asc" }, { dueDate: "desc" }]);
});
it("should use default order when not specified per field", () => {
const result = QueryBuilder.buildSortOrder("priority,dueDate", SortOrder.ASC);
expect(result).toEqual([
{ priority: "asc" },
{ dueDate: "asc" },
]);
expect(result).toEqual([{ priority: "asc" }, { dueDate: "asc" }]);
});
});

32
apps/api/src/coordinator-integration/coordinator-integration.security.spec.ts
View File

@@ -60,9 +60,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
it("PATCH /coordinator/jobs/:id/status should require authentication", async () => {
@@ -72,9 +70,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
it("PATCH /coordinator/jobs/:id/progress should require authentication", async () => {
@@ -84,9 +80,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
it("POST /coordinator/jobs/:id/complete should require authentication", async () => {
@@ -96,9 +90,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
it("POST /coordinator/jobs/:id/fail should require authentication", async () => {
@@ -108,9 +100,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
it("GET /coordinator/jobs/:id should require authentication", async () => {
@@ -120,9 +110,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
it("GET /coordinator/health should require authentication", async () => {
@@ -132,9 +120,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
});
@@ -161,9 +147,7 @@ describe("CoordinatorIntegrationController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow("Invalid API key");
});
});

16
apps/api/src/cron/cron.service.spec.ts
View File

@@ -83,8 +83,20 @@ describe("CronService", () => {
it("should return all schedules for a workspace", async () => {
const workspaceId = "ws-123";
const expectedSchedules = [
{ id: "cron-1", workspaceId, expression: "0 9 * * *", command: "morning briefing", enabled: true },
{ id: "cron-2", workspaceId, expression: "0 17 * * *", command: "evening summary", enabled: true },
{
id: "cron-1",
workspaceId,
expression: "0 9 * * *",
command: "morning briefing",
enabled: true,
},
{
id: "cron-2",
workspaceId,
expression: "0 17 * * *",
command: "evening summary",
enabled: true,
},
];
mockPrisma.cronSchedule.findMany.mockResolvedValue(expectedSchedules);

30
apps/api/src/domains/domains.controller.spec.ts
View File

@@ -103,18 +103,10 @@ describe("DomainsController", () => {
mockDomainsService.create.mockResolvedValue(mockDomain);
const result = await controller.create(
createDto,
mockWorkspaceId,
mockUser
);
const result = await controller.create(createDto, mockWorkspaceId, mockUser);
expect(result).toEqual(mockDomain);
expect(service.create).toHaveBeenCalledWith(
mockWorkspaceId,
mockUserId,
createDto
);
expect(service.create).toHaveBeenCalledWith(mockWorkspaceId, mockUserId, createDto);
});
});
@@ -170,10 +162,7 @@ describe("DomainsController", () => {
const result = await controller.findOne(mockDomainId, mockWorkspaceId);
expect(result).toEqual(mockDomain);
expect(service.findOne).toHaveBeenCalledWith(
mockDomainId,
mockWorkspaceId
);
expect(service.findOne).toHaveBeenCalledWith(mockDomainId, mockWorkspaceId);
});
});
@@ -187,12 +176,7 @@ describe("DomainsController", () => {
const updatedDomain = { ...mockDomain, ...updateDto };
mockDomainsService.update.mockResolvedValue(updatedDomain);
const result = await controller.update(
mockDomainId,
updateDto,
mockWorkspaceId,
mockUser
);
const result = await controller.update(mockDomainId, updateDto, mockWorkspaceId, mockUser);
expect(result).toEqual(updatedDomain);
expect(service.update).toHaveBeenCalledWith(
@@ -210,11 +194,7 @@ describe("DomainsController", () => {
await controller.remove(mockDomainId, mockWorkspaceId, mockUser);
expect(service.remove).toHaveBeenCalledWith(
mockDomainId,
mockWorkspaceId,
mockUserId
);
expect(service.remove).toHaveBeenCalledWith(mockDomainId, mockWorkspaceId, mockUserId);
});
});
});

19
apps/api/src/events/events.controller.spec.ts
View File

@@ -63,11 +63,7 @@ describe("EventsController", () => {
const result = await controller.create(createDto, mockWorkspaceId, mockUser);
expect(result).toEqual(mockEvent);
expect(service.create).toHaveBeenCalledWith(
mockWorkspaceId,
mockUserId,
createDto
);
expect(service.create).toHaveBeenCalledWith(mockWorkspaceId, mockUserId, createDto);
});
it("should pass undefined workspaceId to service (validation handled by guards in production)", async () => {
@@ -153,7 +149,12 @@ describe("EventsController", () => {
await controller.update(mockEventId, updateDto, undefined as any, mockUser);
expect(mockEventsService.update).toHaveBeenCalledWith(mockEventId, undefined, mockUserId, updateDto);
expect(mockEventsService.update).toHaveBeenCalledWith(
mockEventId,
undefined,
mockUserId,
updateDto
);
});
});
@@ -163,11 +164,7 @@ describe("EventsController", () => {
await controller.remove(mockEventId, mockWorkspaceId, mockUser);
expect(service.remove).toHaveBeenCalledWith(
mockEventId,
mockWorkspaceId,
mockUserId
);
expect(service.remove).toHaveBeenCalledWith(mockEventId, mockWorkspaceId, mockUserId);
});
it("should pass undefined workspaceId to service (validation handled by guards in production)", async () => {

61
apps/api/src/federation/audit.service.ts
View File

@@ -25,6 +25,25 @@ export class FederationAuditService {
});
}
/**
* Log instance configuration update (system-level operation)
* Logged to application logs for security audit trail
*/
logInstanceConfigurationUpdate(
userId: string,
instanceId: string,
updates: Record<string, unknown>
): void {
this.logger.log({
event: "FEDERATION_INSTANCE_CONFIG_UPDATED",
userId,
instanceId,
updates,
timestamp: new Date().toISOString(),
securityEvent: true,
});
}
/**
* Log federated authentication initiation
*/
@@ -62,4 +81,46 @@ export class FederationAuditService {
securityEvent: true,
});
}
/**
* Log identity verification attempt
*/
logIdentityVerification(userId: string, remoteInstanceId: string, success: boolean): void {
const level = success ? "log" : "warn";
this.logger[level]({
event: "FEDERATION_IDENTITY_VERIFIED",
userId,
remoteInstanceId,
success,
timestamp: new Date().toISOString(),
securityEvent: true,
});
}
/**
* Log identity linking (create mapping)
*/
logIdentityLinking(localUserId: string, remoteInstanceId: string, remoteUserId: string): void {
this.logger.log({
event: "FEDERATION_IDENTITY_LINKED",
localUserId,
remoteUserId,
remoteInstanceId,
timestamp: new Date().toISOString(),
securityEvent: true,
});
}
/**
* Log identity revocation (remove mapping)
*/
logIdentityRevocation(localUserId: string, remoteInstanceId: string): void {
this.logger.warn({
event: "FEDERATION_IDENTITY_REVOKED",
localUserId,
remoteInstanceId,
timestamp: new Date().toISOString(),
securityEvent: true,
});
}
}

236
apps/api/src/federation/command.controller.spec.ts Normal file
View File

@@ -0,0 +1,236 @@
/**
* Command Controller Tests
*/
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { CommandController } from "./command.controller";
import { CommandService } from "./command.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { FederationMessageType, FederationMessageStatus } from "@prisma/client";
import type { AuthenticatedRequest } from "../common/types/user.types";
import type { CommandMessage, CommandResponse } from "./types/message.types";
describe("CommandController", () => {
let controller: CommandController;
let commandService: CommandService;
const mockWorkspaceId = "workspace-123";
const mockUserId = "user-123";
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [CommandController],
providers: [
{
provide: CommandService,
useValue: {
sendCommand: vi.fn(),
handleIncomingCommand: vi.fn(),
getCommandMessages: vi.fn(),
getCommandMessage: vi.fn(),
},
},
],
})
.overrideGuard(AuthGuard)
.useValue({ canActivate: () => true })
.compile();
controller = module.get<CommandController>(CommandController);
commandService = module.get<CommandService>(CommandService);
});
describe("sendCommand", () => {
it("should send a command", async () => {
const req = {
user: { id: mockUserId, workspaceId: mockWorkspaceId },
} as AuthenticatedRequest;
const dto = {
connectionId: "conn-123",
commandType: "spawn_agent",
payload: { agentType: "task_executor" },
};
const mockResult = {
id: "msg-123",
workspaceId: mockWorkspaceId,
connectionId: "conn-123",
messageType: FederationMessageType.COMMAND,
messageId: "cmd-123",
commandType: "spawn_agent",
payload: { agentType: "task_executor" },
status: FederationMessageStatus.PENDING,
createdAt: new Date(),
updatedAt: new Date(),
};
vi.spyOn(commandService, "sendCommand").mockResolvedValue(mockResult as never);
const result = await controller.sendCommand(req, dto);
expect(result).toEqual(mockResult);
expect(commandService.sendCommand).toHaveBeenCalledWith(
mockWorkspaceId,
"conn-123",
"spawn_agent",
{ agentType: "task_executor" }
);
});
it("should throw error if workspace ID not found", async () => {
const req = {
user: { id: mockUserId },
} as AuthenticatedRequest;
const dto = {
connectionId: "conn-123",
commandType: "test",
payload: {},
};
await expect(controller.sendCommand(req, dto)).rejects.toThrow(
"Workspace ID not found in request"
);
});
});
describe("handleIncomingCommand", () => {
it("should handle an incoming command", async () => {
const dto: CommandMessage = {
messageId: "cmd-123",
instanceId: "remote-instance",
commandType: "spawn_agent",
payload: { agentType: "task_executor" },
timestamp: Date.now(),
signature: "signature-123",
};
const mockResponse: CommandResponse = {
messageId: "resp-123",
correlationId: "cmd-123",
instanceId: "local-instance",
success: true,
data: { result: "success" },
timestamp: Date.now(),
signature: "response-signature",
};
vi.spyOn(commandService, "handleIncomingCommand").mockResolvedValue(mockResponse);
const result = await controller.handleIncomingCommand(dto);
expect(result).toEqual(mockResponse);
expect(commandService.handleIncomingCommand).toHaveBeenCalledWith(dto);
});
});
describe("getCommands", () => {
it("should return all commands for workspace", async () => {
const req = {
user: { id: mockUserId, workspaceId: mockWorkspaceId },
} as AuthenticatedRequest;
const mockCommands = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: "conn-123",
messageType: FederationMessageType.COMMAND,
messageId: "cmd-1",
commandType: "test",
payload: {},
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
},
];
vi.spyOn(commandService, "getCommandMessages").mockResolvedValue(mockCommands as never);
const result = await controller.getCommands(req);
expect(result).toEqual(mockCommands);
expect(commandService.getCommandMessages).toHaveBeenCalledWith(mockWorkspaceId, undefined);
});
it("should filter commands by status", async () => {
const req = {
user: { id: mockUserId, workspaceId: mockWorkspaceId },
} as AuthenticatedRequest;
const mockCommands = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: "conn-123",
messageType: FederationMessageType.COMMAND,
messageId: "cmd-1",
commandType: "test",
payload: {},
status: FederationMessageStatus.PENDING,
createdAt: new Date(),
updatedAt: new Date(),
},
];
vi.spyOn(commandService, "getCommandMessages").mockResolvedValue(mockCommands as never);
await controller.getCommands(req, FederationMessageStatus.PENDING);
expect(commandService.getCommandMessages).toHaveBeenCalledWith(
mockWorkspaceId,
FederationMessageStatus.PENDING
);
});
it("should throw error if workspace ID not found", async () => {
const req = {
user: { id: mockUserId },
} as AuthenticatedRequest;
await expect(controller.getCommands(req)).rejects.toThrow(
"Workspace ID not found in request"
);
});
});
describe("getCommand", () => {
it("should return a single command", async () => {
const req = {
user: { id: mockUserId, workspaceId: mockWorkspaceId },
} as AuthenticatedRequest;
const mockCommand = {
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: "conn-123",
messageType: FederationMessageType.COMMAND,
messageId: "cmd-1",
commandType: "test",
payload: { key: "value" },
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
};
vi.spyOn(commandService, "getCommandMessage").mockResolvedValue(mockCommand as never);
const result = await controller.getCommand(req, "msg-1");
expect(result).toEqual(mockCommand);
expect(commandService.getCommandMessage).toHaveBeenCalledWith(mockWorkspaceId, "msg-1");
});
it("should throw error if workspace ID not found", async () => {
const req = {
user: { id: mockUserId },
} as AuthenticatedRequest;
await expect(controller.getCommand(req, "msg-1")).rejects.toThrow(
"Workspace ID not found in request"
);
});
});
});

91
apps/api/src/federation/command.controller.ts Normal file
View File

@@ -0,0 +1,91 @@
/**
* Command Controller
*
* API endpoints for federated command messages.
*/
import { Controller, Post, Get, Body, Param, Query, UseGuards, Req, Logger } from "@nestjs/common";
import { CommandService } from "./command.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { SendCommandDto, IncomingCommandDto } from "./dto/command.dto";
import type { AuthenticatedRequest } from "../common/types/user.types";
import type { CommandMessageDetails, CommandResponse } from "./types/message.types";
import type { FederationMessageStatus } from "@prisma/client";
@Controller("api/v1/federation")
export class CommandController {
private readonly logger = new Logger(CommandController.name);
constructor(private readonly commandService: CommandService) {}
/**
* Send a command to a remote instance
* Requires authentication
*/
@Post("command")
@UseGuards(AuthGuard)
async sendCommand(
@Req() req: AuthenticatedRequest,
@Body() dto: SendCommandDto
): Promise<CommandMessageDetails> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
this.logger.log(
`User ${req.user.id} sending command to connection ${dto.connectionId} in workspace ${req.user.workspaceId}`
);
return this.commandService.sendCommand(
req.user.workspaceId,
dto.connectionId,
dto.commandType,
dto.payload
);
}
/**
* Handle incoming command from remote instance
* Public endpoint - no authentication required (signature-based verification)
*/
@Post("incoming/command")
async handleIncomingCommand(@Body() dto: IncomingCommandDto): Promise<CommandResponse> {
this.logger.log(`Received command from ${dto.instanceId}: ${dto.messageId}`);
return this.commandService.handleIncomingCommand(dto);
}
/**
* Get all command messages for the workspace
* Requires authentication
*/
@Get("commands")
@UseGuards(AuthGuard)
async getCommands(
@Req() req: AuthenticatedRequest,
@Query("status") status?: FederationMessageStatus
): Promise<CommandMessageDetails[]> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
return this.commandService.getCommandMessages(req.user.workspaceId, status);
}
/**
* Get a single command message
* Requires authentication
*/
@Get("commands/:id")
@UseGuards(AuthGuard)
async getCommand(
@Req() req: AuthenticatedRequest,
@Param("id") messageId: string
): Promise<CommandMessageDetails> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
return this.commandService.getCommandMessage(req.user.workspaceId, messageId);
}
}

574
apps/api/src/federation/command.service.spec.ts Normal file
View File

@@ -0,0 +1,574 @@
/**
* Command Service Tests
*/
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { HttpService } from "@nestjs/axios";
import { CommandService } from "./command.service";
import { PrismaService } from "../prisma/prisma.service";
import { FederationService } from "./federation.service";
import { SignatureService } from "./signature.service";
import {
FederationConnectionStatus,
FederationMessageType,
FederationMessageStatus,
} from "@prisma/client";
import { of } from "rxjs";
import type { CommandMessage, CommandResponse } from "./types/message.types";
describe("CommandService", () => {
let service: CommandService;
let prisma: PrismaService;
let federationService: FederationService;
let signatureService: SignatureService;
let httpService: HttpService;
const mockWorkspaceId = "workspace-123";
const mockConnectionId = "connection-123";
const mockInstanceId = "instance-456";
const mockRemoteUrl = "https://remote.example.com";
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
CommandService,
{
provide: PrismaService,
useValue: {
federationConnection: {
findUnique: vi.fn(),
findFirst: vi.fn(),
},
federationMessage: {
create: vi.fn(),
update: vi.fn(),
findMany: vi.fn(),
findUnique: vi.fn(),
findFirst: vi.fn(),
},
},
},
{
provide: FederationService,
useValue: {
getInstanceIdentity: vi.fn(),
},
},
{
provide: SignatureService,
useValue: {
signMessage: vi.fn(),
verifyMessage: vi.fn(),
validateTimestamp: vi.fn(),
},
},
{
provide: HttpService,
useValue: {
post: vi.fn(),
},
},
],
}).compile();
service = module.get<CommandService>(CommandService);
prisma = module.get<PrismaService>(PrismaService);
federationService = module.get<FederationService>(FederationService);
signatureService = module.get<SignatureService>(SignatureService);
httpService = module.get<HttpService>(HttpService);
});
describe("sendCommand", () => {
it("should send a command to a remote instance", async () => {
const commandType = "spawn_agent";
const payload = { agentType: "task_executor" };
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
status: FederationConnectionStatus.ACTIVE,
remoteUrl: mockRemoteUrl,
remoteInstanceId: mockInstanceId,
};
const mockIdentity = {
instanceId: "local-instance",
displayName: "Local Instance",
};
const mockMessage = {
id: "msg-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.COMMAND,
messageId: expect.any(String),
correlationId: null,
query: null,
commandType,
payload,
response: {},
status: FederationMessageStatus.PENDING,
error: null,
signature: "signature-123",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
};
vi.spyOn(prisma.federationConnection, "findUnique").mockResolvedValue(
mockConnection as never
);
vi.spyOn(federationService, "getInstanceIdentity").mockResolvedValue(mockIdentity as never);
vi.spyOn(signatureService, "signMessage").mockResolvedValue("signature-123");
vi.spyOn(prisma.federationMessage, "create").mockResolvedValue(mockMessage as never);
vi.spyOn(httpService, "post").mockReturnValue(of({} as never));
const result = await service.sendCommand(
mockWorkspaceId,
mockConnectionId,
commandType,
payload
);
expect(result).toMatchObject({
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.COMMAND,
commandType,
status: FederationMessageStatus.PENDING,
});
expect(httpService.post).toHaveBeenCalledWith(
`${mockRemoteUrl}/api/v1/federation/incoming/command`,
expect.objectContaining({
messageId: expect.any(String),
instanceId: "local-instance",
commandType,
payload,
timestamp: expect.any(Number),
signature: "signature-123",
})
);
});
it("should throw error if connection not found", async () => {
vi.spyOn(prisma.federationConnection, "findUnique").mockResolvedValue(null);
await expect(
service.sendCommand(mockWorkspaceId, mockConnectionId, "test", {})
).rejects.toThrow("Connection not found");
});
it("should throw error if connection is not active", async () => {
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
status: FederationConnectionStatus.SUSPENDED,
};
vi.spyOn(prisma.federationConnection, "findUnique").mockResolvedValue(
mockConnection as never
);
await expect(
service.sendCommand(mockWorkspaceId, mockConnectionId, "test", {})
).rejects.toThrow("Connection is not active");
});
it("should mark command as failed if sending fails", async () => {
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
status: FederationConnectionStatus.ACTIVE,
remoteUrl: mockRemoteUrl,
};
const mockIdentity = {
instanceId: "local-instance",
displayName: "Local Instance",
};
const mockMessage = {
id: "msg-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.COMMAND,
messageId: "test-msg-id",
correlationId: null,
query: null,
commandType: "test",
payload: {},
response: {},
status: FederationMessageStatus.PENDING,
error: null,
signature: "signature-123",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
};
vi.spyOn(prisma.federationConnection, "findUnique").mockResolvedValue(
mockConnection as never
);
vi.spyOn(federationService, "getInstanceIdentity").mockResolvedValue(mockIdentity as never);
vi.spyOn(signatureService, "signMessage").mockResolvedValue("signature-123");
vi.spyOn(prisma.federationMessage, "create").mockResolvedValue(mockMessage as never);
vi.spyOn(httpService, "post").mockReturnValue(
new (class {
subscribe(handlers: { error: (err: Error) => void }) {
handlers.error(new Error("Network error"));
}
})() as never
);
vi.spyOn(prisma.federationMessage, "update").mockResolvedValue(mockMessage as never);
await expect(
service.sendCommand(mockWorkspaceId, mockConnectionId, "test", {})
).rejects.toThrow("Failed to send command");
expect(prisma.federationMessage.update).toHaveBeenCalledWith({
where: { id: "msg-123" },
data: {
status: FederationMessageStatus.FAILED,
error: "Network error",
},
});
});
});
describe("handleIncomingCommand", () => {
it("should process a valid incoming command", async () => {
const commandMessage: CommandMessage = {
messageId: "cmd-123",
instanceId: mockInstanceId,
commandType: "spawn_agent",
payload: { agentType: "task_executor" },
timestamp: Date.now(),
signature: "signature-123",
};
const mockConnection = {
id: mockConnectionId,
remoteInstanceId: mockInstanceId,
status: FederationConnectionStatus.ACTIVE,
};
const mockIdentity = {
instanceId: "local-instance",
displayName: "Local Instance",
};
vi.spyOn(signatureService, "validateTimestamp").mockReturnValue(true);
vi.spyOn(prisma.federationConnection, "findFirst").mockResolvedValue(mockConnection as never);
vi.spyOn(signatureService, "verifyMessage").mockResolvedValue({
valid: true,
error: null,
} as never);
vi.spyOn(federationService, "getInstanceIdentity").mockResolvedValue(mockIdentity as never);
vi.spyOn(signatureService, "signMessage").mockResolvedValue("response-signature");
const response = await service.handleIncomingCommand(commandMessage);
expect(response).toMatchObject({
correlationId: "cmd-123",
instanceId: "local-instance",
success: true,
});
expect(signatureService.validateTimestamp).toHaveBeenCalledWith(commandMessage.timestamp);
expect(signatureService.verifyMessage).toHaveBeenCalledWith(
expect.objectContaining({
messageId: "cmd-123",
instanceId: mockInstanceId,
commandType: "spawn_agent",
}),
"signature-123",
mockInstanceId
);
});
it("should reject command with invalid timestamp", async () => {
const commandMessage: CommandMessage = {
messageId: "cmd-123",
instanceId: mockInstanceId,
commandType: "test",
payload: {},
timestamp: Date.now() - 1000000,
signature: "signature-123",
};
vi.spyOn(signatureService, "validateTimestamp").mockReturnValue(false);
await expect(service.handleIncomingCommand(commandMessage)).rejects.toThrow(
"Command timestamp is outside acceptable range"
);
});
it("should reject command if no connection found", async () => {
const commandMessage: CommandMessage = {
messageId: "cmd-123",
instanceId: mockInstanceId,
commandType: "test",
payload: {},
timestamp: Date.now(),
signature: "signature-123",
};
vi.spyOn(signatureService, "validateTimestamp").mockReturnValue(true);
vi.spyOn(prisma.federationConnection, "findFirst").mockResolvedValue(null);
await expect(service.handleIncomingCommand(commandMessage)).rejects.toThrow(
"No connection found for remote instance"
);
});
it("should reject command with invalid signature", async () => {
const commandMessage: CommandMessage = {
messageId: "cmd-123",
instanceId: mockInstanceId,
commandType: "test",
payload: {},
timestamp: Date.now(),
signature: "invalid-signature",
};
const mockConnection = {
id: mockConnectionId,
remoteInstanceId: mockInstanceId,
status: FederationConnectionStatus.ACTIVE,
};
vi.spyOn(signatureService, "validateTimestamp").mockReturnValue(true);
vi.spyOn(prisma.federationConnection, "findFirst").mockResolvedValue(mockConnection as never);
vi.spyOn(signatureService, "verifyMessage").mockResolvedValue({
valid: false,
error: "Invalid signature",
} as never);
await expect(service.handleIncomingCommand(commandMessage)).rejects.toThrow(
"Invalid signature"
);
});
});
describe("processCommandResponse", () => {
it("should process a successful command response", async () => {
const response: CommandResponse = {
messageId: "resp-123",
correlationId: "cmd-123",
instanceId: mockInstanceId,
success: true,
data: { result: "success" },
timestamp: Date.now(),
signature: "signature-123",
};
const mockMessage = {
id: "msg-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.COMMAND,
messageId: "cmd-123",
correlationId: null,
query: null,
commandType: "test",
payload: {},
response: {},
status: FederationMessageStatus.PENDING,
error: null,
signature: "signature-123",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
};
vi.spyOn(signatureService, "validateTimestamp").mockReturnValue(true);
vi.spyOn(prisma.federationMessage, "findFirst").mockResolvedValue(mockMessage as never);
vi.spyOn(signatureService, "verifyMessage").mockResolvedValue({
valid: true,
error: null,
} as never);
vi.spyOn(prisma.federationMessage, "update").mockResolvedValue(mockMessage as never);
await service.processCommandResponse(response);
expect(prisma.federationMessage.update).toHaveBeenCalledWith({
where: { id: "msg-123" },
data: {
status: FederationMessageStatus.DELIVERED,
deliveredAt: expect.any(Date),
response: { result: "success" },
},
});
});
it("should handle failed command response", async () => {
const response: CommandResponse = {
messageId: "resp-123",
correlationId: "cmd-123",
instanceId: mockInstanceId,
success: false,
error: "Command execution failed",
timestamp: Date.now(),
signature: "signature-123",
};
const mockMessage = {
id: "msg-123",
messageType: FederationMessageType.COMMAND,
messageId: "cmd-123",
};
vi.spyOn(signatureService, "validateTimestamp").mockReturnValue(true);
vi.spyOn(prisma.federationMessage, "findFirst").mockResolvedValue(mockMessage as never);
vi.spyOn(signatureService, "verifyMessage").mockResolvedValue({
valid: true,
error: null,
} as never);
vi.spyOn(prisma.federationMessage, "update").mockResolvedValue(mockMessage as never);
await service.processCommandResponse(response);
expect(prisma.federationMessage.update).toHaveBeenCalledWith({
where: { id: "msg-123" },
data: {
status: FederationMessageStatus.FAILED,
deliveredAt: expect.any(Date),
error: "Command execution failed",
},
});
});
it("should reject response with invalid timestamp", async () => {
const response: CommandResponse = {
messageId: "resp-123",
correlationId: "cmd-123",
instanceId: mockInstanceId,
success: true,
timestamp: Date.now() - 1000000,
signature: "signature-123",
};
vi.spyOn(signatureService, "validateTimestamp").mockReturnValue(false);
await expect(service.processCommandResponse(response)).rejects.toThrow(
"Response timestamp is outside acceptable range"
);
});
});
describe("getCommandMessages", () => {
it("should return all command messages for a workspace", async () => {
const mockMessages = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.COMMAND,
messageId: "cmd-1",
correlationId: null,
query: null,
commandType: "test",
payload: {},
response: {},
status: FederationMessageStatus.DELIVERED,
error: null,
signature: "sig-1",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: new Date(),
},
];
vi.spyOn(prisma.federationMessage, "findMany").mockResolvedValue(mockMessages as never);
const result = await service.getCommandMessages(mockWorkspaceId);
expect(result).toHaveLength(1);
expect(result[0]).toMatchObject({
workspaceId: mockWorkspaceId,
messageType: FederationMessageType.COMMAND,
commandType: "test",
});
});
it("should filter command messages by status", async () => {
const mockMessages = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.COMMAND,
messageId: "cmd-1",
correlationId: null,
query: null,
commandType: "test",
payload: {},
response: {},
status: FederationMessageStatus.PENDING,
error: null,
signature: "sig-1",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
},
];
vi.spyOn(prisma.federationMessage, "findMany").mockResolvedValue(mockMessages as never);
await service.getCommandMessages(mockWorkspaceId, FederationMessageStatus.PENDING);
expect(prisma.federationMessage.findMany).toHaveBeenCalledWith({
where: {
workspaceId: mockWorkspaceId,
messageType: FederationMessageType.COMMAND,
status: FederationMessageStatus.PENDING,
},
orderBy: { createdAt: "desc" },
});
});
});
describe("getCommandMessage", () => {
it("should return a single command message", async () => {
const mockMessage = {
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.COMMAND,
messageId: "cmd-1",
correlationId: null,
query: null,
commandType: "test",
payload: { key: "value" },
response: {},
status: FederationMessageStatus.DELIVERED,
error: null,
signature: "sig-1",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: new Date(),
};
vi.spyOn(prisma.federationMessage, "findUnique").mockResolvedValue(mockMessage as never);
const result = await service.getCommandMessage(mockWorkspaceId, "msg-1");
expect(result).toMatchObject({
id: "msg-1",
workspaceId: mockWorkspaceId,
commandType: "test",
payload: { key: "value" },
});
});
it("should throw error if command message not found", async () => {
vi.spyOn(prisma.federationMessage, "findUnique").mockResolvedValue(null);
await expect(service.getCommandMessage(mockWorkspaceId, "invalid-id")).rejects.toThrow(
"Command message not found"
);
});
});
});

386
apps/api/src/federation/command.service.ts Normal file
View File

@@ -0,0 +1,386 @@
/**
* Command Service
*
* Handles federated command messages.
*/
import { Injectable, Logger } from "@nestjs/common";
import { ModuleRef } from "@nestjs/core";
import { HttpService } from "@nestjs/axios";
import { randomUUID } from "crypto";
import { firstValueFrom } from "rxjs";
import { PrismaService } from "../prisma/prisma.service";
import { FederationService } from "./federation.service";
import { SignatureService } from "./signature.service";
import {
FederationConnectionStatus,
FederationMessageType,
FederationMessageStatus,
} from "@prisma/client";
import type { CommandMessage, CommandResponse, CommandMessageDetails } from "./types/message.types";
@Injectable()
export class CommandService {
private readonly logger = new Logger(CommandService.name);
constructor(
private readonly prisma: PrismaService,
private readonly federationService: FederationService,
private readonly signatureService: SignatureService,
private readonly httpService: HttpService,
private readonly moduleRef: ModuleRef
) {}
/**
* Send a command to a remote instance
*/
async sendCommand(
workspaceId: string,
connectionId: string,
commandType: string,
payload: Record<string, unknown>
): Promise<CommandMessageDetails> {
// Validate connection exists and is active
const connection = await this.prisma.federationConnection.findUnique({
where: { id: connectionId, workspaceId },
});
if (!connection) {
throw new Error("Connection not found");
}
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Get local instance identity
const identity = await this.federationService.getInstanceIdentity();
// Create command message
const messageId = randomUUID();
const timestamp = Date.now();
const commandPayload: Record<string, unknown> = {
messageId,
instanceId: identity.instanceId,
commandType,
payload,
timestamp,
};
// Sign the command
const signature = await this.signatureService.signMessage(commandPayload);
const signedCommand = {
messageId,
instanceId: identity.instanceId,
commandType,
payload,
timestamp,
signature,
} as CommandMessage;
// Store message in database
const message = await this.prisma.federationMessage.create({
data: {
workspaceId,
connectionId,
messageType: FederationMessageType.COMMAND,
messageId,
commandType,
payload: payload as never,
status: FederationMessageStatus.PENDING,
signature,
},
});
// Send command to remote instance
try {
const remoteUrl = `${connection.remoteUrl}/api/v1/federation/incoming/command`;
await firstValueFrom(this.httpService.post(remoteUrl, signedCommand));
this.logger.log(`Command sent to ${connection.remoteUrl}: ${messageId}`);
} catch (error) {
this.logger.error(`Failed to send command to ${connection.remoteUrl}`, error);
// Update message status to failed
await this.prisma.federationMessage.update({
where: { id: message.id },
data: {
status: FederationMessageStatus.FAILED,
error: error instanceof Error ? error.message : "Unknown error",
},
});
throw new Error("Failed to send command");
}
return this.mapToCommandMessageDetails(message);
}
/**
* Handle incoming command from remote instance
*/
async handleIncomingCommand(commandMessage: CommandMessage): Promise<CommandResponse> {
this.logger.log(
`Received command from ${commandMessage.instanceId}: ${commandMessage.messageId}`
);
// Validate timestamp
if (!this.signatureService.validateTimestamp(commandMessage.timestamp)) {
throw new Error("Command timestamp is outside acceptable range");
}
// Find connection for remote instance
const connection = await this.prisma.federationConnection.findFirst({
where: {
remoteInstanceId: commandMessage.instanceId,
status: FederationConnectionStatus.ACTIVE,
},
});
if (!connection) {
throw new Error("No connection found for remote instance");
}
// Validate connection is active
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Verify signature
const { signature, ...messageToVerify } = commandMessage;
const verificationResult = await this.signatureService.verifyMessage(
messageToVerify,
signature,
commandMessage.instanceId
);
if (!verificationResult.valid) {
throw new Error(verificationResult.error ?? "Invalid signature");
}
// Process command
let responseData: unknown;
let success = true;
let errorMessage: string | undefined;
try {
// Route agent commands to FederationAgentService
if (commandMessage.commandType.startsWith("agent.")) {
// Import FederationAgentService dynamically to avoid circular dependency
const { FederationAgentService } = await import("./federation-agent.service");
const federationAgentService = this.moduleRef.get(FederationAgentService, {
strict: false,
});
const agentResponse = await federationAgentService.handleAgentCommand(
commandMessage.instanceId,
commandMessage.commandType,
commandMessage.payload
);
success = agentResponse.success;
responseData = agentResponse.data;
errorMessage = agentResponse.error;
} else {
// Other command types can be added here
responseData = { message: "Command received and processed" };
}
} catch (error) {
success = false;
errorMessage = error instanceof Error ? error.message : "Command processing failed";
this.logger.error(`Command processing failed: ${errorMessage}`);
}
// Get local instance identity
const identity = await this.federationService.getInstanceIdentity();
// Create response
const responseMessageId = randomUUID();
const responseTimestamp = Date.now();
const responsePayload: Record<string, unknown> = {
messageId: responseMessageId,
correlationId: commandMessage.messageId,
instanceId: identity.instanceId,
success,
timestamp: responseTimestamp,
};
if (responseData !== undefined) {
responsePayload.data = responseData;
}
if (errorMessage !== undefined) {
responsePayload.error = errorMessage;
}
// Sign the response
const responseSignature = await this.signatureService.signMessage(responsePayload);
const response = {
messageId: responseMessageId,
correlationId: commandMessage.messageId,
instanceId: identity.instanceId,
success,
...(responseData !== undefined ? { data: responseData } : {}),
...(errorMessage !== undefined ? { error: errorMessage } : {}),
timestamp: responseTimestamp,
signature: responseSignature,
} as CommandResponse;
return response;
}
/**
* Get all command messages for a workspace
*/
async getCommandMessages(
workspaceId: string,
status?: FederationMessageStatus
): Promise<CommandMessageDetails[]> {
const where: Record<string, unknown> = {
workspaceId,
messageType: FederationMessageType.COMMAND,
};
if (status) {
where.status = status;
}
const messages = await this.prisma.federationMessage.findMany({
where,
orderBy: { createdAt: "desc" },
});
return messages.map((msg) => this.mapToCommandMessageDetails(msg));
}
/**
* Get a single command message
*/
async getCommandMessage(workspaceId: string, messageId: string): Promise<CommandMessageDetails> {
const message = await this.prisma.federationMessage.findUnique({
where: { id: messageId, workspaceId },
});
if (!message) {
throw new Error("Command message not found");
}
return this.mapToCommandMessageDetails(message);
}
/**
* Process a command response from remote instance
*/
async processCommandResponse(response: CommandResponse): Promise<void> {
this.logger.log(`Received response for command: ${response.correlationId}`);
// Validate timestamp
if (!this.signatureService.validateTimestamp(response.timestamp)) {
throw new Error("Response timestamp is outside acceptable range");
}
// Find original command message
const message = await this.prisma.federationMessage.findFirst({
where: {
messageId: response.correlationId,
messageType: FederationMessageType.COMMAND,
},
});
if (!message) {
throw new Error("Original command message not found");
}
// Verify signature
const { signature, ...responseToVerify } = response;
const verificationResult = await this.signatureService.verifyMessage(
responseToVerify,
signature,
response.instanceId
);
if (!verificationResult.valid) {
throw new Error(verificationResult.error ?? "Invalid signature");
}
// Update message with response
const updateData: Record<string, unknown> = {
status: response.success ? FederationMessageStatus.DELIVERED : FederationMessageStatus.FAILED,
deliveredAt: new Date(),
};
if (response.data !== undefined) {
updateData.response = response.data;
}
if (response.error !== undefined) {
updateData.error = response.error;
}
await this.prisma.federationMessage.update({
where: { id: message.id },
data: updateData,
});
this.logger.log(`Command response processed: ${response.correlationId}`);
}
/**
* Map Prisma FederationMessage to CommandMessageDetails
*/
private mapToCommandMessageDetails(message: {
id: string;
workspaceId: string;
connectionId: string;
messageType: FederationMessageType;
messageId: string;
correlationId: string | null;
query: string | null;
commandType: string | null;
payload: unknown;
response: unknown;
status: FederationMessageStatus;
error: string | null;
createdAt: Date;
updatedAt: Date;
deliveredAt: Date | null;
}): CommandMessageDetails {
const details: CommandMessageDetails = {
id: message.id,
workspaceId: message.workspaceId,
connectionId: message.connectionId,
messageType: message.messageType,
messageId: message.messageId,
response: message.response,
status: message.status,
createdAt: message.createdAt,
updatedAt: message.updatedAt,
};
if (message.correlationId !== null) {
details.correlationId = message.correlationId;
}
if (message.commandType !== null) {
details.commandType = message.commandType;
}
if (message.payload !== null && typeof message.payload === "object") {
details.payload = message.payload as Record<string, unknown>;
}
if (message.error !== null) {
details.error = message.error;
}
if (message.deliveredAt !== null) {
details.deliveredAt = message.deliveredAt;
}
return details;
}
}

54
apps/api/src/federation/dto/command.dto.ts Normal file
View File

@@ -0,0 +1,54 @@
/**
* Command DTOs
*
* Data Transfer Objects for command message operations.
*/
import { IsString, IsObject, IsNotEmpty, IsNumber } from "class-validator";
import type { CommandMessage } from "../types/message.types";
/**
* DTO for sending a command to a remote instance
*/
export class SendCommandDto {
@IsString()
@IsNotEmpty()
connectionId!: string;
@IsString()
@IsNotEmpty()
commandType!: string;
@IsObject()
@IsNotEmpty()
payload!: Record<string, unknown>;
}
/**
* DTO for incoming command request from remote instance
*/
export class IncomingCommandDto implements CommandMessage {
@IsString()
@IsNotEmpty()
messageId!: string;
@IsString()
@IsNotEmpty()
instanceId!: string;
@IsString()
@IsNotEmpty()
commandType!: string;
@IsObject()
@IsNotEmpty()
payload!: Record<string, unknown>;
@IsNumber()
@IsNotEmpty()
timestamp!: number;
@IsString()
@IsNotEmpty()
signature!: string;
}

109
apps/api/src/federation/dto/event.dto.ts Normal file
View File

@@ -0,0 +1,109 @@
/**
* Event DTOs
*
* Data Transfer Objects for event subscription and publishing.
*/
import { IsString, IsNotEmpty, IsOptional, IsObject } from "class-validator";
/**
* DTO for subscribing to an event type
*/
export class SubscribeToEventDto {
@IsString()
@IsNotEmpty()
connectionId!: string;
@IsString()
@IsNotEmpty()
eventType!: string;
@IsOptional()
@IsObject()
metadata?: Record<string, unknown>;
}
/**
* DTO for unsubscribing from an event type
*/
export class UnsubscribeFromEventDto {
@IsString()
@IsNotEmpty()
connectionId!: string;
@IsString()
@IsNotEmpty()
eventType!: string;
}
/**
* DTO for publishing an event
*/
export class PublishEventDto {
@IsString()
@IsNotEmpty()
eventType!: string;
@IsObject()
@IsNotEmpty()
payload!: Record<string, unknown>;
}
/**
* DTO for incoming event request
*/
export class IncomingEventDto {
@IsString()
@IsNotEmpty()
messageId!: string;
@IsString()
@IsNotEmpty()
instanceId!: string;
@IsString()
@IsNotEmpty()
eventType!: string;
@IsObject()
@IsNotEmpty()
payload!: Record<string, unknown>;
@IsNotEmpty()
timestamp!: number;
@IsString()
@IsNotEmpty()
signature!: string;
}
/**
* DTO for incoming event acknowledgment
*/
export class IncomingEventAckDto {
@IsString()
@IsNotEmpty()
messageId!: string;
@IsString()
@IsNotEmpty()
correlationId!: string;
@IsString()
@IsNotEmpty()
instanceId!: string;
@IsNotEmpty()
received!: boolean;
@IsOptional()
@IsString()
error?: string;
@IsNotEmpty()
timestamp!: number;
@IsString()
@IsNotEmpty()
signature!: string;
}

98
apps/api/src/federation/dto/identity-linking.dto.ts Normal file
View File

@@ -0,0 +1,98 @@
/**
* Identity Linking DTOs
*
* Data transfer objects for identity linking API endpoints.
*/
import { IsString, IsEmail, IsOptional, IsObject, IsArray, IsNumber } from "class-validator";
/**
* DTO for verifying identity from remote instance
*/
export class VerifyIdentityDto {
@IsString()
localUserId!: string;
@IsString()
remoteUserId!: string;
@IsString()
remoteInstanceId!: string;
@IsString()
oidcToken!: string;
@IsNumber()
timestamp!: number;
@IsString()
signature!: string;
}
/**
* DTO for resolving remote user to local user
*/
export class ResolveIdentityDto {
@IsString()
remoteInstanceId!: string;
@IsString()
remoteUserId!: string;
}
/**
* DTO for reverse resolving local user to remote identity
*/
export class ReverseResolveIdentityDto {
@IsString()
localUserId!: string;
@IsString()
remoteInstanceId!: string;
}
/**
* DTO for bulk identity resolution
*/
export class BulkResolveIdentityDto {
@IsString()
remoteInstanceId!: string;
@IsArray()
@IsString({ each: true })
remoteUserIds!: string[];
}
/**
* DTO for creating identity mapping
*/
export class CreateIdentityMappingDto {
@IsString()
remoteInstanceId!: string;
@IsString()
remoteUserId!: string;
@IsString()
oidcSubject!: string;
@IsEmail()
email!: string;
@IsOptional()
@IsObject()
metadata?: Record<string, unknown>;
@IsOptional()
@IsString()
oidcToken?: string;
}
/**
* DTO for updating identity mapping
*/
export class UpdateIdentityMappingDto {
@IsOptional()
@IsObject()
metadata?: Record<string, unknown>;
}

46
apps/api/src/federation/dto/instance.dto.ts Normal file
View File

@@ -0,0 +1,46 @@
/**
* Instance Configuration DTOs
*
* Data Transfer Objects for instance configuration API.
*/
import { IsString, IsBoolean, IsOptional, IsObject, ValidateNested } from "class-validator";
import { Type } from "class-transformer";
/**
* DTO for federation capabilities
*/
export class FederationCapabilitiesDto {
@IsBoolean()
supportsQuery!: boolean;
@IsBoolean()
supportsCommand!: boolean;
@IsBoolean()
supportsEvent!: boolean;
@IsBoolean()
supportsAgentSpawn!: boolean;
@IsString()
protocolVersion!: string;
}
/**
* DTO for updating instance configuration
*/
export class UpdateInstanceDto {
@IsOptional()
@IsString()
name?: string;
@IsOptional()
@ValidateNested()
@Type(() => FederationCapabilitiesDto)
capabilities?: FederationCapabilitiesDto;
@IsOptional()
@IsObject()
metadata?: Record<string, unknown>;
}

53
apps/api/src/federation/dto/query.dto.ts Normal file
View File

@@ -0,0 +1,53 @@
/**
* Query DTOs
*
* Data Transfer Objects for query message operations.
*/
import { IsString, IsOptional, IsObject, IsNotEmpty } from "class-validator";
import type { QueryMessage } from "../types/message.types";
/**
* DTO for sending a query to a remote instance
*/
export class SendQueryDto {
@IsString()
@IsNotEmpty()
connectionId!: string;
@IsString()
@IsNotEmpty()
query!: string;
@IsOptional()
@IsObject()
context?: Record<string, unknown>;
}
/**
* DTO for incoming query request from remote instance
*/
export class IncomingQueryDto implements QueryMessage {
@IsString()
@IsNotEmpty()
messageId!: string;
@IsString()
@IsNotEmpty()
instanceId!: string;
@IsString()
@IsNotEmpty()
query!: string;
@IsOptional()
@IsObject()
context?: Record<string, unknown>;
@IsNotEmpty()
timestamp!: number;
@IsString()
@IsNotEmpty()
signature!: string;
}

393
apps/api/src/federation/event.controller.spec.ts Normal file
View File

@@ -0,0 +1,393 @@
/**
* EventController Tests
*
* Tests for event subscription and publishing endpoints.
*/
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { EventController } from "./event.controller";
import { EventService } from "./event.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { FederationMessageType, FederationMessageStatus } from "@prisma/client";
import type { AuthenticatedRequest } from "../common/types/user.types";
import type { EventMessage, EventAck } from "./types/message.types";
describe("EventController", () => {
let controller: EventController;
let eventService: EventService;
const mockEventService = {
subscribeToEventType: vi.fn(),
unsubscribeFromEventType: vi.fn(),
publishEvent: vi.fn(),
getEventSubscriptions: vi.fn(),
getEventMessages: vi.fn(),
getEventMessage: vi.fn(),
handleIncomingEvent: vi.fn(),
processEventAck: vi.fn(),
};
const mockWorkspaceId = "workspace-123";
const mockUserId = "user-123";
const mockConnectionId = "connection-123";
const mockEventType = "task.created";
beforeEach(async () => {
vi.clearAllMocks();
const module: TestingModule = await Test.createTestingModule({
controllers: [EventController],
providers: [
{
provide: EventService,
useValue: mockEventService,
},
],
})
.overrideGuard(AuthGuard)
.useValue({ canActivate: () => true })
.compile();
controller = module.get<EventController>(EventController);
eventService = module.get<EventService>(EventService);
});
describe("subscribeToEvent", () => {
it("should subscribe to an event type", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const dto = {
connectionId: mockConnectionId,
eventType: mockEventType,
metadata: { key: "value" },
};
const mockSubscription = {
id: "sub-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: mockEventType,
metadata: { key: "value" },
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
};
mockEventService.subscribeToEventType.mockResolvedValue(mockSubscription);
const result = await controller.subscribeToEvent(req, dto);
expect(result).toEqual(mockSubscription);
expect(mockEventService.subscribeToEventType).toHaveBeenCalledWith(
mockWorkspaceId,
mockConnectionId,
mockEventType,
{ key: "value" }
);
});
it("should throw error if workspace not found", async () => {
const req = {
user: {
id: mockUserId,
},
} as AuthenticatedRequest;
const dto = {
connectionId: mockConnectionId,
eventType: mockEventType,
};
await expect(controller.subscribeToEvent(req, dto)).rejects.toThrow(
"Workspace ID not found in request"
);
});
});
describe("unsubscribeFromEvent", () => {
it("should unsubscribe from an event type", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const dto = {
connectionId: mockConnectionId,
eventType: mockEventType,
};
mockEventService.unsubscribeFromEventType.mockResolvedValue(undefined);
await controller.unsubscribeFromEvent(req, dto);
expect(mockEventService.unsubscribeFromEventType).toHaveBeenCalledWith(
mockWorkspaceId,
mockConnectionId,
mockEventType
);
});
});
describe("publishEvent", () => {
it("should publish an event", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const dto = {
eventType: mockEventType,
payload: { data: "test" },
};
const mockMessages = [
{
id: "msg-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: "msg-id-123",
eventType: mockEventType,
payload: { data: "test" },
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockEventService.publishEvent.mockResolvedValue(mockMessages);
const result = await controller.publishEvent(req, dto);
expect(result).toEqual(mockMessages);
expect(mockEventService.publishEvent).toHaveBeenCalledWith(mockWorkspaceId, mockEventType, {
data: "test",
});
});
});
describe("getSubscriptions", () => {
it("should return all subscriptions for workspace", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const mockSubscriptions = [
{
id: "sub-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: "task.created",
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockEventService.getEventSubscriptions.mockResolvedValue(mockSubscriptions);
const result = await controller.getSubscriptions(req);
expect(result).toEqual(mockSubscriptions);
expect(mockEventService.getEventSubscriptions).toHaveBeenCalledWith(
mockWorkspaceId,
undefined
);
});
it("should filter by connectionId when provided", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const mockSubscriptions = [
{
id: "sub-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: "task.created",
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockEventService.getEventSubscriptions.mockResolvedValue(mockSubscriptions);
const result = await controller.getSubscriptions(req, mockConnectionId);
expect(result).toEqual(mockSubscriptions);
expect(mockEventService.getEventSubscriptions).toHaveBeenCalledWith(
mockWorkspaceId,
mockConnectionId
);
});
});
describe("getEventMessages", () => {
it("should return all event messages for workspace", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const mockMessages = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: "msg-id-1",
eventType: "task.created",
payload: { data: "test1" },
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockEventService.getEventMessages.mockResolvedValue(mockMessages);
const result = await controller.getEventMessages(req);
expect(result).toEqual(mockMessages);
expect(mockEventService.getEventMessages).toHaveBeenCalledWith(mockWorkspaceId, undefined);
});
it("should filter by status when provided", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const mockMessages = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: "msg-id-1",
eventType: "task.created",
payload: { data: "test1" },
status: FederationMessageStatus.PENDING,
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockEventService.getEventMessages.mockResolvedValue(mockMessages);
const result = await controller.getEventMessages(req, FederationMessageStatus.PENDING);
expect(result).toEqual(mockMessages);
expect(mockEventService.getEventMessages).toHaveBeenCalledWith(
mockWorkspaceId,
FederationMessageStatus.PENDING
);
});
});
describe("getEventMessage", () => {
it("should return a single event message", async () => {
const req = {
user: {
id: mockUserId,
workspaceId: mockWorkspaceId,
},
} as AuthenticatedRequest;
const messageId = "msg-123";
const mockMessage = {
id: messageId,
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: "msg-id-123",
eventType: "task.created",
payload: { data: "test" },
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
};
mockEventService.getEventMessage.mockResolvedValue(mockMessage);
const result = await controller.getEventMessage(req, messageId);
expect(result).toEqual(mockMessage);
expect(mockEventService.getEventMessage).toHaveBeenCalledWith(mockWorkspaceId, messageId);
});
});
describe("handleIncomingEvent", () => {
it("should handle incoming event and return acknowledgment", async () => {
const eventMessage: EventMessage = {
messageId: "msg-123",
instanceId: "remote-instance-123",
eventType: "task.created",
payload: { data: "test" },
timestamp: Date.now(),
signature: "signature-123",
};
const mockAck: EventAck = {
messageId: "ack-123",
correlationId: eventMessage.messageId,
instanceId: "local-instance-123",
received: true,
timestamp: Date.now(),
signature: "ack-signature-123",
};
mockEventService.handleIncomingEvent.mockResolvedValue(mockAck);
const result = await controller.handleIncomingEvent(eventMessage);
expect(result).toEqual(mockAck);
expect(mockEventService.handleIncomingEvent).toHaveBeenCalledWith(eventMessage);
});
});
describe("handleIncomingEventAck", () => {
it("should process event acknowledgment", async () => {
const ack: EventAck = {
messageId: "ack-123",
correlationId: "msg-123",
instanceId: "remote-instance-123",
received: true,
timestamp: Date.now(),
signature: "ack-signature-123",
};
mockEventService.processEventAck.mockResolvedValue(undefined);
const result = await controller.handleIncomingEventAck(ack);
expect(result).toEqual({ status: "acknowledged" });
expect(mockEventService.processEventAck).toHaveBeenCalledWith(ack);
});
});
});

197
apps/api/src/federation/event.controller.ts Normal file
View File

@@ -0,0 +1,197 @@
/**
* Event Controller
*
* API endpoints for event subscriptions and publishing.
*/
import { Controller, Get, Post, UseGuards, Logger, Req, Body, Param, Query } from "@nestjs/common";
import { EventService } from "./event.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { FederationMessageStatus } from "@prisma/client";
import type { AuthenticatedRequest } from "../common/types/user.types";
import type {
EventMessage,
EventAck,
EventMessageDetails,
SubscriptionDetails,
} from "./types/message.types";
import {
SubscribeToEventDto,
UnsubscribeFromEventDto,
PublishEventDto,
IncomingEventDto,
IncomingEventAckDto,
} from "./dto/event.dto";
@Controller("api/v1/federation")
export class EventController {
private readonly logger = new Logger(EventController.name);
constructor(private readonly eventService: EventService) {}
/**
* Subscribe to an event type from a remote instance
* Requires authentication
*/
@Post("events/subscribe")
@UseGuards(AuthGuard)
async subscribeToEvent(
@Req() req: AuthenticatedRequest,
@Body() dto: SubscribeToEventDto
): Promise<SubscriptionDetails> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
this.logger.log(
`User ${req.user.id} subscribing to event type ${dto.eventType} on connection ${dto.connectionId}`
);
return this.eventService.subscribeToEventType(
req.user.workspaceId,
dto.connectionId,
dto.eventType,
dto.metadata
);
}
/**
* Unsubscribe from an event type
* Requires authentication
*/
@Post("events/unsubscribe")
@UseGuards(AuthGuard)
async unsubscribeFromEvent(
@Req() req: AuthenticatedRequest,
@Body() dto: UnsubscribeFromEventDto
): Promise<{ status: string }> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
this.logger.log(
`User ${req.user.id} unsubscribing from event type ${dto.eventType} on connection ${dto.connectionId}`
);
await this.eventService.unsubscribeFromEventType(
req.user.workspaceId,
dto.connectionId,
dto.eventType
);
return { status: "unsubscribed" };
}
/**
* Publish an event to subscribed instances
* Requires authentication
*/
@Post("events/publish")
@UseGuards(AuthGuard)
async publishEvent(
@Req() req: AuthenticatedRequest,
@Body() dto: PublishEventDto
): Promise<EventMessageDetails[]> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
this.logger.log(`User ${req.user.id} publishing event type ${dto.eventType}`);
return this.eventService.publishEvent(req.user.workspaceId, dto.eventType, dto.payload);
}
/**
* Get all event subscriptions for the workspace
* Requires authentication
*/
@Get("events/subscriptions")
@UseGuards(AuthGuard)
async getSubscriptions(
@Req() req: AuthenticatedRequest,
@Query("connectionId") connectionId?: string
): Promise<SubscriptionDetails[]> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
return this.eventService.getEventSubscriptions(req.user.workspaceId, connectionId);
}
/**
* Get all event messages for the workspace
* Requires authentication
*/
@Get("events/messages")
@UseGuards(AuthGuard)
async getEventMessages(
@Req() req: AuthenticatedRequest,
@Query("status") status?: FederationMessageStatus
): Promise<EventMessageDetails[]> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
return this.eventService.getEventMessages(req.user.workspaceId, status);
}
/**
* Get a single event message
* Requires authentication
*/
@Get("events/messages/:id")
@UseGuards(AuthGuard)
async getEventMessage(
@Req() req: AuthenticatedRequest,
@Param("id") messageId: string
): Promise<EventMessageDetails> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
return this.eventService.getEventMessage(req.user.workspaceId, messageId);
}
/**
* Handle incoming event from remote instance
* Public endpoint - no authentication required (signature-based verification)
*/
@Post("incoming/event")
async handleIncomingEvent(@Body() dto: IncomingEventDto): Promise<EventAck> {
this.logger.log(`Received event from ${dto.instanceId}: ${dto.messageId}`);
const eventMessage: EventMessage = {
messageId: dto.messageId,
instanceId: dto.instanceId,
eventType: dto.eventType,
payload: dto.payload,
timestamp: dto.timestamp,
signature: dto.signature,
};
return this.eventService.handleIncomingEvent(eventMessage);
}
/**
* Handle incoming event acknowledgment from remote instance
* Public endpoint - no authentication required (signature-based verification)
*/
@Post("incoming/event/ack")
async handleIncomingEventAck(@Body() dto: IncomingEventAckDto): Promise<{ status: string }> {
this.logger.log(`Received acknowledgment for event: ${dto.correlationId}`);
const ack: EventAck = {
messageId: dto.messageId,
correlationId: dto.correlationId,
instanceId: dto.instanceId,
received: dto.received,
...(dto.error !== undefined ? { error: dto.error } : {}),
timestamp: dto.timestamp,
signature: dto.signature,
};
await this.eventService.processEventAck(ack);
return { status: "acknowledged" };
}
}

825
apps/api/src/federation/event.service.spec.ts Normal file
View File

@@ -0,0 +1,825 @@
/**
* EventService Tests
*
* Tests for federated event message handling.
*/
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { EventService } from "./event.service";
import { PrismaService } from "../prisma/prisma.service";
import { FederationService } from "./federation.service";
import { SignatureService } from "./signature.service";
import { HttpService } from "@nestjs/axios";
import { of, throwError } from "rxjs";
import {
FederationConnectionStatus,
FederationMessageType,
FederationMessageStatus,
} from "@prisma/client";
import type { EventMessage, EventAck } from "./types/message.types";
import type { AxiosResponse } from "axios";
describe("EventService", () => {
let service: EventService;
let prisma: PrismaService;
let federationService: FederationService;
let signatureService: SignatureService;
let httpService: HttpService;
const mockWorkspaceId = "workspace-123";
const mockConnectionId = "connection-123";
const mockInstanceId = "instance-123";
const mockRemoteInstanceId = "remote-instance-123";
const mockMessageId = "message-123";
const mockEventType = "task.created";
const mockPrisma = {
federationConnection: {
findUnique: vi.fn(),
findFirst: vi.fn(),
},
federationEventSubscription: {
create: vi.fn(),
findMany: vi.fn(),
findUnique: vi.fn(),
findFirst: vi.fn(),
update: vi.fn(),
delete: vi.fn(),
},
federationMessage: {
create: vi.fn(),
findMany: vi.fn(),
findUnique: vi.fn(),
findFirst: vi.fn(),
update: vi.fn(),
},
};
const mockFederationService = {
getInstanceIdentity: vi.fn(),
};
const mockSignatureService = {
signMessage: vi.fn(),
verifyMessage: vi.fn(),
validateTimestamp: vi.fn(),
};
const mockHttpService = {
post: vi.fn(),
};
beforeEach(async () => {
vi.clearAllMocks();
const module: TestingModule = await Test.createTestingModule({
providers: [
EventService,
{
provide: PrismaService,
useValue: mockPrisma,
},
{
provide: FederationService,
useValue: mockFederationService,
},
{
provide: SignatureService,
useValue: mockSignatureService,
},
{
provide: HttpService,
useValue: mockHttpService,
},
],
}).compile();
service = module.get<EventService>(EventService);
prisma = module.get(PrismaService);
federationService = module.get(FederationService);
signatureService = module.get(SignatureService);
httpService = module.get(HttpService);
});
describe("subscribeToEventType", () => {
it("should create a new subscription", async () => {
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: mockRemoteInstanceId,
remoteUrl: "https://remote.example.com",
remotePublicKey: "public-key",
remoteCapabilities: {},
status: FederationConnectionStatus.ACTIVE,
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
connectedAt: new Date(),
disconnectedAt: null,
};
const mockSubscription = {
id: "subscription-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: mockEventType,
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
};
prisma.federationConnection.findUnique.mockResolvedValue(mockConnection);
prisma.federationEventSubscription.create.mockResolvedValue(mockSubscription);
const result = await service.subscribeToEventType(
mockWorkspaceId,
mockConnectionId,
mockEventType
);
expect(result).toEqual({
id: mockSubscription.id,
workspaceId: mockSubscription.workspaceId,
connectionId: mockSubscription.connectionId,
eventType: mockSubscription.eventType,
metadata: mockSubscription.metadata,
isActive: mockSubscription.isActive,
createdAt: mockSubscription.createdAt,
updatedAt: mockSubscription.updatedAt,
});
expect(prisma.federationConnection.findUnique).toHaveBeenCalledWith({
where: { id: mockConnectionId, workspaceId: mockWorkspaceId },
});
expect(prisma.federationEventSubscription.create).toHaveBeenCalledWith({
data: {
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: mockEventType,
metadata: {},
},
});
});
it("should throw error if connection not found", async () => {
prisma.federationConnection.findUnique.mockResolvedValue(null);
await expect(
service.subscribeToEventType(mockWorkspaceId, mockConnectionId, mockEventType)
).rejects.toThrow("Connection not found");
});
it("should throw error if connection not active", async () => {
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: mockRemoteInstanceId,
remoteUrl: "https://remote.example.com",
remotePublicKey: "public-key",
remoteCapabilities: {},
status: FederationConnectionStatus.SUSPENDED,
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
connectedAt: new Date(),
disconnectedAt: null,
};
prisma.federationConnection.findUnique.mockResolvedValue(mockConnection);
await expect(
service.subscribeToEventType(mockWorkspaceId, mockConnectionId, mockEventType)
).rejects.toThrow("Connection is not active");
});
});
describe("unsubscribeFromEventType", () => {
it("should delete an existing subscription", async () => {
const mockSubscription = {
id: "subscription-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: mockEventType,
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
};
prisma.federationEventSubscription.findFirst.mockResolvedValue(mockSubscription);
prisma.federationEventSubscription.delete.mockResolvedValue(mockSubscription);
await service.unsubscribeFromEventType(mockWorkspaceId, mockConnectionId, mockEventType);
expect(prisma.federationEventSubscription.findFirst).toHaveBeenCalledWith({
where: {
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: mockEventType,
},
});
expect(prisma.federationEventSubscription.delete).toHaveBeenCalledWith({
where: { id: mockSubscription.id },
});
});
it("should throw error if subscription not found", async () => {
prisma.federationEventSubscription.findFirst.mockResolvedValue(null);
await expect(
service.unsubscribeFromEventType(mockWorkspaceId, mockConnectionId, mockEventType)
).rejects.toThrow("Subscription not found");
});
});
describe("publishEvent", () => {
it("should publish event to subscribed connections", async () => {
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: mockRemoteInstanceId,
remoteUrl: "https://remote.example.com",
remotePublicKey: "public-key",
remoteCapabilities: {},
status: FederationConnectionStatus.ACTIVE,
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
connectedAt: new Date(),
disconnectedAt: null,
};
const mockSubscription = {
id: "subscription-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: mockEventType,
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
connection: mockConnection,
};
const mockIdentity = {
id: "id-123",
instanceId: mockInstanceId,
name: "Local Instance",
url: "https://local.example.com",
publicKey: "public-key",
privateKey: "private-key",
capabilities: {},
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
};
const mockMessage = {
id: "message-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: expect.any(String),
correlationId: null,
query: null,
commandType: null,
eventType: mockEventType,
payload: { data: "test" },
response: null,
status: FederationMessageStatus.PENDING,
error: null,
signature: "signature-123",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
};
prisma.federationEventSubscription.findMany.mockResolvedValue([mockSubscription]);
federationService.getInstanceIdentity.mockResolvedValue(mockIdentity);
signatureService.signMessage.mockResolvedValue("signature-123");
prisma.federationMessage.create.mockResolvedValue(mockMessage);
httpService.post.mockReturnValue(
of({ data: {}, status: 200, statusText: "OK", headers: {}, config: {} as never })
);
const result = await service.publishEvent(mockWorkspaceId, mockEventType, { data: "test" });
expect(result).toHaveLength(1);
expect(result[0]).toMatchObject({
id: mockMessage.id,
workspaceId: mockMessage.workspaceId,
connectionId: mockMessage.connectionId,
messageType: mockMessage.messageType,
eventType: mockMessage.eventType,
status: mockMessage.status,
});
expect(prisma.federationEventSubscription.findMany).toHaveBeenCalledWith({
where: {
workspaceId: mockWorkspaceId,
eventType: mockEventType,
isActive: true,
},
include: {
connection: true,
},
});
expect(httpService.post).toHaveBeenCalledWith(
`${mockConnection.remoteUrl}/api/v1/federation/incoming/event`,
expect.objectContaining({
instanceId: mockInstanceId,
eventType: mockEventType,
payload: { data: "test" },
signature: "signature-123",
})
);
});
it("should return empty array if no active subscriptions", async () => {
prisma.federationEventSubscription.findMany.mockResolvedValue([]);
const result = await service.publishEvent(mockWorkspaceId, mockEventType, { data: "test" });
expect(result).toEqual([]);
});
it("should handle failed delivery", async () => {
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: mockRemoteInstanceId,
remoteUrl: "https://remote.example.com",
remotePublicKey: "public-key",
remoteCapabilities: {},
status: FederationConnectionStatus.ACTIVE,
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
connectedAt: new Date(),
disconnectedAt: null,
};
const mockSubscription = {
id: "subscription-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: mockEventType,
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
connection: mockConnection,
};
const mockIdentity = {
id: "id-123",
instanceId: mockInstanceId,
name: "Local Instance",
url: "https://local.example.com",
publicKey: "public-key",
privateKey: "private-key",
capabilities: {},
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
};
const mockMessage = {
id: "message-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: expect.any(String),
correlationId: null,
query: null,
commandType: null,
eventType: mockEventType,
payload: { data: "test" },
response: null,
status: FederationMessageStatus.PENDING,
error: null,
signature: "signature-123",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
};
prisma.federationEventSubscription.findMany.mockResolvedValue([mockSubscription]);
federationService.getInstanceIdentity.mockResolvedValue(mockIdentity);
signatureService.signMessage.mockResolvedValue("signature-123");
prisma.federationMessage.create.mockResolvedValue(mockMessage);
httpService.post.mockReturnValue(throwError(() => new Error("Network error")));
prisma.federationMessage.update.mockResolvedValue({
...mockMessage,
status: FederationMessageStatus.FAILED,
error: "Network error",
});
const result = await service.publishEvent(mockWorkspaceId, mockEventType, { data: "test" });
expect(result).toHaveLength(1);
expect(prisma.federationMessage.update).toHaveBeenCalledWith({
where: { id: mockMessage.id },
data: {
status: FederationMessageStatus.FAILED,
error: "Network error",
},
});
});
});
describe("handleIncomingEvent", () => {
it("should handle incoming event and return acknowledgment", async () => {
const eventMessage: EventMessage = {
messageId: mockMessageId,
instanceId: mockRemoteInstanceId,
eventType: mockEventType,
payload: { data: "test" },
timestamp: Date.now(),
signature: "signature-123",
};
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: mockRemoteInstanceId,
remoteUrl: "https://remote.example.com",
remotePublicKey: "public-key",
remoteCapabilities: {},
status: FederationConnectionStatus.ACTIVE,
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
connectedAt: new Date(),
disconnectedAt: null,
};
const mockIdentity = {
id: "id-123",
instanceId: mockInstanceId,
name: "Local Instance",
url: "https://local.example.com",
publicKey: "public-key",
privateKey: "private-key",
capabilities: {},
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
};
signatureService.validateTimestamp.mockReturnValue(true);
prisma.federationConnection.findFirst.mockResolvedValue(mockConnection);
signatureService.verifyMessage.mockResolvedValue({ valid: true, error: null });
federationService.getInstanceIdentity.mockResolvedValue(mockIdentity);
signatureService.signMessage.mockResolvedValue("ack-signature-123");
const result = await service.handleIncomingEvent(eventMessage);
expect(result).toEqual({
messageId: expect.any(String),
correlationId: mockMessageId,
instanceId: mockInstanceId,
received: true,
timestamp: expect.any(Number),
signature: "ack-signature-123",
});
expect(signatureService.validateTimestamp).toHaveBeenCalledWith(eventMessage.timestamp);
expect(prisma.federationConnection.findFirst).toHaveBeenCalledWith({
where: {
remoteInstanceId: mockRemoteInstanceId,
status: FederationConnectionStatus.ACTIVE,
},
});
expect(signatureService.verifyMessage).toHaveBeenCalledWith(
{
messageId: eventMessage.messageId,
instanceId: eventMessage.instanceId,
eventType: eventMessage.eventType,
payload: eventMessage.payload,
timestamp: eventMessage.timestamp,
},
eventMessage.signature,
eventMessage.instanceId
);
});
it("should throw error for invalid timestamp", async () => {
const eventMessage: EventMessage = {
messageId: mockMessageId,
instanceId: mockRemoteInstanceId,
eventType: mockEventType,
payload: { data: "test" },
timestamp: Date.now(),
signature: "signature-123",
};
signatureService.validateTimestamp.mockReturnValue(false);
await expect(service.handleIncomingEvent(eventMessage)).rejects.toThrow(
"Event timestamp is outside acceptable range"
);
});
it("should throw error if no active connection found", async () => {
const eventMessage: EventMessage = {
messageId: mockMessageId,
instanceId: mockRemoteInstanceId,
eventType: mockEventType,
payload: { data: "test" },
timestamp: Date.now(),
signature: "signature-123",
};
signatureService.validateTimestamp.mockReturnValue(true);
prisma.federationConnection.findFirst.mockResolvedValue(null);
await expect(service.handleIncomingEvent(eventMessage)).rejects.toThrow(
"No connection found for remote instance"
);
});
it("should throw error for invalid signature", async () => {
const eventMessage: EventMessage = {
messageId: mockMessageId,
instanceId: mockRemoteInstanceId,
eventType: mockEventType,
payload: { data: "test" },
timestamp: Date.now(),
signature: "signature-123",
};
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: mockRemoteInstanceId,
remoteUrl: "https://remote.example.com",
remotePublicKey: "public-key",
remoteCapabilities: {},
status: FederationConnectionStatus.ACTIVE,
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
connectedAt: new Date(),
disconnectedAt: null,
};
signatureService.validateTimestamp.mockReturnValue(true);
prisma.federationConnection.findFirst.mockResolvedValue(mockConnection);
signatureService.verifyMessage.mockResolvedValue({
valid: false,
error: "Invalid signature",
});
await expect(service.handleIncomingEvent(eventMessage)).rejects.toThrow("Invalid signature");
});
});
describe("processEventAck", () => {
it("should process event acknowledgment", async () => {
const ack: EventAck = {
messageId: "ack-123",
correlationId: mockMessageId,
instanceId: mockRemoteInstanceId,
received: true,
timestamp: Date.now(),
signature: "ack-signature-123",
};
const mockMessage = {
id: "message-123",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: mockMessageId,
correlationId: null,
query: null,
commandType: null,
eventType: mockEventType,
payload: { data: "test" },
response: null,
status: FederationMessageStatus.PENDING,
error: null,
signature: "signature-123",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
};
signatureService.validateTimestamp.mockReturnValue(true);
prisma.federationMessage.findFirst.mockResolvedValue(mockMessage);
signatureService.verifyMessage.mockResolvedValue({ valid: true, error: null });
prisma.federationMessage.update.mockResolvedValue({
...mockMessage,
status: FederationMessageStatus.DELIVERED,
deliveredAt: new Date(),
});
await service.processEventAck(ack);
expect(signatureService.validateTimestamp).toHaveBeenCalledWith(ack.timestamp);
expect(prisma.federationMessage.findFirst).toHaveBeenCalledWith({
where: {
messageId: ack.correlationId,
messageType: FederationMessageType.EVENT,
},
});
expect(prisma.federationMessage.update).toHaveBeenCalledWith({
where: { id: mockMessage.id },
data: {
status: FederationMessageStatus.DELIVERED,
deliveredAt: expect.any(Date),
},
});
});
it("should throw error if original event not found", async () => {
const ack: EventAck = {
messageId: "ack-123",
correlationId: mockMessageId,
instanceId: mockRemoteInstanceId,
received: true,
timestamp: Date.now(),
signature: "ack-signature-123",
};
signatureService.validateTimestamp.mockReturnValue(true);
prisma.federationMessage.findFirst.mockResolvedValue(null);
await expect(service.processEventAck(ack)).rejects.toThrow(
"Original event message not found"
);
});
});
describe("getEventSubscriptions", () => {
it("should return all subscriptions for workspace", async () => {
const mockSubscriptions = [
{
id: "sub-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: "task.created",
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
},
{
id: "sub-2",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: "task.updated",
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
},
];
prisma.federationEventSubscription.findMany.mockResolvedValue(mockSubscriptions);
const result = await service.getEventSubscriptions(mockWorkspaceId);
expect(result).toHaveLength(2);
expect(prisma.federationEventSubscription.findMany).toHaveBeenCalledWith({
where: {
workspaceId: mockWorkspaceId,
},
orderBy: { createdAt: "desc" },
});
});
it("should filter by connectionId when provided", async () => {
const mockSubscriptions = [
{
id: "sub-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
eventType: "task.created",
metadata: {},
isActive: true,
createdAt: new Date(),
updatedAt: new Date(),
},
];
prisma.federationEventSubscription.findMany.mockResolvedValue(mockSubscriptions);
const result = await service.getEventSubscriptions(mockWorkspaceId, mockConnectionId);
expect(result).toHaveLength(1);
expect(prisma.federationEventSubscription.findMany).toHaveBeenCalledWith({
where: {
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
},
orderBy: { createdAt: "desc" },
});
});
});
describe("getEventMessages", () => {
it("should return all event messages for workspace", async () => {
const mockMessages = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: "msg-id-1",
correlationId: null,
query: null,
commandType: null,
eventType: "task.created",
payload: { data: "test1" },
response: null,
status: FederationMessageStatus.DELIVERED,
error: null,
signature: "sig-1",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: new Date(),
},
{
id: "msg-2",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: "msg-id-2",
correlationId: null,
query: null,
commandType: null,
eventType: "task.updated",
payload: { data: "test2" },
response: null,
status: FederationMessageStatus.PENDING,
error: null,
signature: "sig-2",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
},
];
prisma.federationMessage.findMany.mockResolvedValue(mockMessages);
const result = await service.getEventMessages(mockWorkspaceId);
expect(result).toHaveLength(2);
expect(prisma.federationMessage.findMany).toHaveBeenCalledWith({
where: {
workspaceId: mockWorkspaceId,
messageType: FederationMessageType.EVENT,
},
orderBy: { createdAt: "desc" },
});
});
it("should filter by status when provided", async () => {
const mockMessages = [
{
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: FederationMessageType.EVENT,
messageId: "msg-id-1",
correlationId: null,
query: null,
commandType: null,
eventType: "task.created",
payload: { data: "test1" },
response: null,
status: FederationMessageStatus.PENDING,
error: null,
signature: "sig-1",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
},
];
prisma.federationMessage.findMany.mockResolvedValue(mockMessages);
const result = await service.getEventMessages(
mockWorkspaceId,
FederationMessageStatus.PENDING
);
expect(result).toHaveLength(1);
expect(prisma.federationMessage.findMany).toHaveBeenCalledWith({
where: {
workspaceId: mockWorkspaceId,
messageType: FederationMessageType.EVENT,
status: FederationMessageStatus.PENDING,
},
orderBy: { createdAt: "desc" },
});
});
});
});

500
apps/api/src/federation/event.service.ts Normal file
View File

@@ -0,0 +1,500 @@
/**
* Event Service
*
* Handles federated event messages and subscriptions.
*/
import { Injectable, Logger } from "@nestjs/common";
import { HttpService } from "@nestjs/axios";
import { randomUUID } from "crypto";
import { firstValueFrom } from "rxjs";
import { PrismaService } from "../prisma/prisma.service";
import { FederationService } from "./federation.service";
import { SignatureService } from "./signature.service";
import {
FederationConnectionStatus,
FederationMessageType,
FederationMessageStatus,
} from "@prisma/client";
import type {
EventMessage,
EventAck,
EventMessageDetails,
SubscriptionDetails,
} from "./types/message.types";
@Injectable()
export class EventService {
private readonly logger = new Logger(EventService.name);
constructor(
private readonly prisma: PrismaService,
private readonly federationService: FederationService,
private readonly signatureService: SignatureService,
private readonly httpService: HttpService
) {}
/**
* Subscribe to an event type from a remote instance
*/
async subscribeToEventType(
workspaceId: string,
connectionId: string,
eventType: string,
metadata?: Record<string, unknown>
): Promise<SubscriptionDetails> {
// Validate connection exists and is active
const connection = await this.prisma.federationConnection.findUnique({
where: { id: connectionId, workspaceId },
});
if (!connection) {
throw new Error("Connection not found");
}
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Create subscription
const subscription = await this.prisma.federationEventSubscription.create({
data: {
workspaceId,
connectionId,
eventType,
metadata: (metadata ?? {}) as never,
},
});
this.logger.log(`Subscribed to event type ${eventType} on connection ${connectionId}`);
return this.mapToSubscriptionDetails(subscription);
}
/**
* Unsubscribe from an event type
*/
async unsubscribeFromEventType(
workspaceId: string,
connectionId: string,
eventType: string
): Promise<void> {
// Find subscription
const subscription = await this.prisma.federationEventSubscription.findFirst({
where: {
workspaceId,
connectionId,
eventType,
},
});
if (!subscription) {
throw new Error("Subscription not found");
}
// Delete subscription
await this.prisma.federationEventSubscription.delete({
where: { id: subscription.id },
});
this.logger.log(`Unsubscribed from event type ${eventType} on connection ${connectionId}`);
}
/**
* Publish an event to all subscribed instances
*/
async publishEvent(
workspaceId: string,
eventType: string,
payload: Record<string, unknown>
): Promise<EventMessageDetails[]> {
// Find all active subscriptions for this event type
const subscriptions = await this.prisma.federationEventSubscription.findMany({
where: {
workspaceId,
eventType,
isActive: true,
},
include: {
connection: true,
},
});
if (subscriptions.length === 0) {
this.logger.debug(`No active subscriptions for event type ${eventType}`);
return [];
}
// Get local instance identity
const identity = await this.federationService.getInstanceIdentity();
const results: EventMessageDetails[] = [];
// Publish to each subscribed connection
for (const subscription of subscriptions) {
const connection = subscription.connection;
// Skip if connection is not active
if (connection.status !== FederationConnectionStatus.ACTIVE) {
this.logger.warn(`Skipping inactive connection ${connection.id} for event ${eventType}`);
continue;
}
try {
// Create event message
const messageId = randomUUID();
const timestamp = Date.now();
const eventPayload: Record<string, unknown> = {
messageId,
instanceId: identity.instanceId,
eventType,
payload,
timestamp,
};
// Sign the event
const signature = await this.signatureService.signMessage(eventPayload);
const signedEvent = {
messageId,
instanceId: identity.instanceId,
eventType,
payload,
timestamp,
signature,
} as EventMessage;
// Store message in database
const message = await this.prisma.federationMessage.create({
data: {
workspaceId,
connectionId: connection.id,
messageType: FederationMessageType.EVENT,
messageId,
eventType,
payload: payload as never,
status: FederationMessageStatus.PENDING,
signature,
},
});
// Send event to remote instance
try {
const remoteUrl = `${connection.remoteUrl}/api/v1/federation/incoming/event`;
await firstValueFrom(this.httpService.post(remoteUrl, signedEvent));
this.logger.log(`Event sent to ${connection.remoteUrl}: ${messageId}`);
results.push(this.mapToEventMessageDetails(message));
} catch (error) {
this.logger.error(`Failed to send event to ${connection.remoteUrl}`, error);
// Update message status to failed
await this.prisma.federationMessage.update({
where: { id: message.id },
data: {
status: FederationMessageStatus.FAILED,
error: error instanceof Error ? error.message : "Unknown error",
},
});
results.push(
this.mapToEventMessageDetails({
...message,
status: FederationMessageStatus.FAILED,
error: error instanceof Error ? error.message : "Unknown error",
})
);
}
} catch (error) {
this.logger.error(`Failed to publish event to connection ${connection.id}`, error);
}
}
return results;
}
/**
* Handle incoming event from remote instance
*/
async handleIncomingEvent(eventMessage: EventMessage): Promise<EventAck> {
this.logger.log(`Received event from ${eventMessage.instanceId}: ${eventMessage.messageId}`);
// Validate timestamp
if (!this.signatureService.validateTimestamp(eventMessage.timestamp)) {
throw new Error("Event timestamp is outside acceptable range");
}
// Find connection for remote instance
const connection = await this.prisma.federationConnection.findFirst({
where: {
remoteInstanceId: eventMessage.instanceId,
status: FederationConnectionStatus.ACTIVE,
},
});
if (!connection) {
throw new Error("No connection found for remote instance");
}
// Validate connection is active
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Verify signature
const { signature, ...messageToVerify } = eventMessage;
const verificationResult = await this.signatureService.verifyMessage(
messageToVerify,
signature,
eventMessage.instanceId
);
if (!verificationResult.valid) {
throw new Error(verificationResult.error ?? "Invalid signature");
}
// Store received event
await this.prisma.federationMessage.create({
data: {
workspaceId: connection.workspaceId,
connectionId: connection.id,
messageType: FederationMessageType.EVENT,
messageId: eventMessage.messageId,
eventType: eventMessage.eventType,
payload: eventMessage.payload as never,
status: FederationMessageStatus.DELIVERED,
signature: eventMessage.signature,
deliveredAt: new Date(),
},
});
// Get local instance identity
const identity = await this.federationService.getInstanceIdentity();
// Create acknowledgment
const ackMessageId = randomUUID();
const ackTimestamp = Date.now();
const ackPayload: Record<string, unknown> = {
messageId: ackMessageId,
correlationId: eventMessage.messageId,
instanceId: identity.instanceId,
received: true,
timestamp: ackTimestamp,
};
// Sign the acknowledgment
const ackSignature = await this.signatureService.signMessage(ackPayload);
const ack = {
messageId: ackMessageId,
correlationId: eventMessage.messageId,
instanceId: identity.instanceId,
received: true,
timestamp: ackTimestamp,
signature: ackSignature,
} as EventAck;
return ack;
}
/**
* Process an event acknowledgment from remote instance
*/
async processEventAck(ack: EventAck): Promise<void> {
this.logger.log(`Received acknowledgment for event: ${ack.correlationId}`);
// Validate timestamp
if (!this.signatureService.validateTimestamp(ack.timestamp)) {
throw new Error("Acknowledgment timestamp is outside acceptable range");
}
// Find original event message
const message = await this.prisma.federationMessage.findFirst({
where: {
messageId: ack.correlationId,
messageType: FederationMessageType.EVENT,
},
});
if (!message) {
throw new Error("Original event message not found");
}
// Verify signature
const { signature, ...ackToVerify } = ack;
const verificationResult = await this.signatureService.verifyMessage(
ackToVerify,
signature,
ack.instanceId
);
if (!verificationResult.valid) {
throw new Error(verificationResult.error ?? "Invalid signature");
}
// Update message with acknowledgment
const updateData: Record<string, unknown> = {
status: ack.received ? FederationMessageStatus.DELIVERED : FederationMessageStatus.FAILED,
deliveredAt: new Date(),
};
if (ack.error !== undefined) {
updateData.error = ack.error;
}
await this.prisma.federationMessage.update({
where: { id: message.id },
data: updateData,
});
this.logger.log(`Event acknowledgment processed: ${ack.correlationId}`);
}
/**
* Get all event subscriptions for a workspace
*/
async getEventSubscriptions(
workspaceId: string,
connectionId?: string
): Promise<SubscriptionDetails[]> {
const where: Record<string, unknown> = {
workspaceId,
};
if (connectionId) {
where.connectionId = connectionId;
}
const subscriptions = await this.prisma.federationEventSubscription.findMany({
where,
orderBy: { createdAt: "desc" },
});
return subscriptions.map((sub) => this.mapToSubscriptionDetails(sub));
}
/**
* Get all event messages for a workspace
*/
async getEventMessages(
workspaceId: string,
status?: FederationMessageStatus
): Promise<EventMessageDetails[]> {
const where: Record<string, unknown> = {
workspaceId,
messageType: FederationMessageType.EVENT,
};
if (status) {
where.status = status;
}
const messages = await this.prisma.federationMessage.findMany({
where,
orderBy: { createdAt: "desc" },
});
return messages.map((msg) => this.mapToEventMessageDetails(msg));
}
/**
* Get a single event message
*/
async getEventMessage(workspaceId: string, messageId: string): Promise<EventMessageDetails> {
const message = await this.prisma.federationMessage.findUnique({
where: { id: messageId, workspaceId },
});
if (!message) {
throw new Error("Event message not found");
}
return this.mapToEventMessageDetails(message);
}
/**
* Map Prisma FederationMessage to EventMessageDetails
*/
private mapToEventMessageDetails(message: {
id: string;
workspaceId: string;
connectionId: string;
messageType: FederationMessageType;
messageId: string;
correlationId: string | null;
query: string | null;
commandType: string | null;
eventType: string | null;
payload: unknown;
response: unknown;
status: FederationMessageStatus;
error: string | null;
createdAt: Date;
updatedAt: Date;
deliveredAt: Date | null;
}): EventMessageDetails {
const details: EventMessageDetails = {
id: message.id,
workspaceId: message.workspaceId,
connectionId: message.connectionId,
messageType: message.messageType,
messageId: message.messageId,
response: message.response,
status: message.status,
createdAt: message.createdAt,
updatedAt: message.updatedAt,
};
if (message.correlationId !== null) {
details.correlationId = message.correlationId;
}
if (message.eventType !== null) {
details.eventType = message.eventType;
}
if (message.payload !== null && typeof message.payload === "object") {
details.payload = message.payload as Record<string, unknown>;
}
if (message.error !== null) {
details.error = message.error;
}
if (message.deliveredAt !== null) {
details.deliveredAt = message.deliveredAt;
}
return details;
}
/**
* Map Prisma FederationEventSubscription to SubscriptionDetails
*/
private mapToSubscriptionDetails(subscription: {
id: string;
workspaceId: string;
connectionId: string;
eventType: string;
metadata: unknown;
isActive: boolean;
createdAt: Date;
updatedAt: Date;
}): SubscriptionDetails {
return {
id: subscription.id,
workspaceId: subscription.workspaceId,
connectionId: subscription.connectionId,
eventType: subscription.eventType,
metadata:
typeof subscription.metadata === "object" && subscription.metadata !== null
? (subscription.metadata as Record<string, unknown>)
: {},
isActive: subscription.isActive,
createdAt: subscription.createdAt,
updatedAt: subscription.updatedAt,
};
}
}

457
apps/api/src/federation/federation-agent.service.spec.ts Normal file
View File

@@ -0,0 +1,457 @@
/**
* Tests for Federation Agent Service
*/
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { HttpService } from "@nestjs/axios";
import { ConfigService } from "@nestjs/config";
import { FederationAgentService } from "./federation-agent.service";
import { CommandService } from "./command.service";
import { PrismaService } from "../prisma/prisma.service";
import { FederationConnectionStatus } from "@prisma/client";
import { of, throwError } from "rxjs";
import type {
SpawnAgentCommandPayload,
AgentStatusCommandPayload,
KillAgentCommandPayload,
SpawnAgentResponseData,
AgentStatusResponseData,
KillAgentResponseData,
} from "./types/federation-agent.types";
describe("FederationAgentService", () => {
let service: FederationAgentService;
let commandService: ReturnType<typeof vi.mocked<CommandService>>;
let prisma: ReturnType<typeof vi.mocked<PrismaService>>;
let httpService: ReturnType<typeof vi.mocked<HttpService>>;
let configService: ReturnType<typeof vi.mocked<ConfigService>>;
const mockWorkspaceId = "workspace-1";
const mockConnectionId = "connection-1";
const mockAgentId = "agent-123";
const mockTaskId = "task-456";
const mockOrchestratorUrl = "http://localhost:3001";
beforeEach(async () => {
const mockCommandService = {
sendCommand: vi.fn(),
};
const mockPrisma = {
federationConnection: {
findUnique: vi.fn(),
findFirst: vi.fn(),
},
};
const mockHttpService = {
post: vi.fn(),
get: vi.fn(),
};
const mockConfigService = {
get: vi.fn((key: string) => {
if (key === "orchestrator.url") {
return mockOrchestratorUrl;
}
return undefined;
}),
};
const module: TestingModule = await Test.createTestingModule({
providers: [
FederationAgentService,
{ provide: CommandService, useValue: mockCommandService },
{ provide: PrismaService, useValue: mockPrisma },
{ provide: HttpService, useValue: mockHttpService },
{ provide: ConfigService, useValue: mockConfigService },
],
}).compile();
service = module.get<FederationAgentService>(FederationAgentService);
commandService = module.get(CommandService);
prisma = module.get(PrismaService);
httpService = module.get(HttpService);
configService = module.get(ConfigService);
});
it("should be defined", () => {
expect(service).toBeDefined();
});
describe("spawnAgentOnRemote", () => {
const spawnPayload: SpawnAgentCommandPayload = {
taskId: mockTaskId,
agentType: "worker",
context: {
repository: "git.example.com/org/repo",
branch: "main",
workItems: ["item-1"],
},
};
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: "remote-instance-1",
remoteUrl: "https://remote.example.com",
status: FederationConnectionStatus.ACTIVE,
};
it("should spawn agent on remote instance", async () => {
prisma.federationConnection.findUnique.mockResolvedValue(mockConnection as never);
const mockCommandResponse = {
id: "msg-1",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: "COMMAND" as never,
messageId: "msg-uuid",
commandType: "agent.spawn",
payload: spawnPayload as never,
response: {
agentId: mockAgentId,
status: "spawning",
spawnedAt: "2026-02-03T14:30:00Z",
} as never,
status: "DELIVERED" as never,
createdAt: new Date(),
updatedAt: new Date(),
};
commandService.sendCommand.mockResolvedValue(mockCommandResponse as never);
const result = await service.spawnAgentOnRemote(
mockWorkspaceId,
mockConnectionId,
spawnPayload
);
expect(prisma.federationConnection.findUnique).toHaveBeenCalledWith({
where: { id: mockConnectionId, workspaceId: mockWorkspaceId },
});
expect(commandService.sendCommand).toHaveBeenCalledWith(
mockWorkspaceId,
mockConnectionId,
"agent.spawn",
spawnPayload
);
expect(result).toEqual(mockCommandResponse);
});
it("should throw error if connection not found", async () => {
prisma.federationConnection.findUnique.mockResolvedValue(null);
await expect(
service.spawnAgentOnRemote(mockWorkspaceId, mockConnectionId, spawnPayload)
).rejects.toThrow("Connection not found");
expect(commandService.sendCommand).not.toHaveBeenCalled();
});
it("should throw error if connection not active", async () => {
const inactiveConnection = {
...mockConnection,
status: FederationConnectionStatus.DISCONNECTED,
};
prisma.federationConnection.findUnique.mockResolvedValue(inactiveConnection as never);
await expect(
service.spawnAgentOnRemote(mockWorkspaceId, mockConnectionId, spawnPayload)
).rejects.toThrow("Connection is not active");
expect(commandService.sendCommand).not.toHaveBeenCalled();
});
});
describe("getAgentStatus", () => {
const statusPayload: AgentStatusCommandPayload = {
agentId: mockAgentId,
};
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: "remote-instance-1",
remoteUrl: "https://remote.example.com",
status: FederationConnectionStatus.ACTIVE,
};
it("should get agent status from remote instance", async () => {
prisma.federationConnection.findUnique.mockResolvedValue(mockConnection as never);
const mockCommandResponse = {
id: "msg-2",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: "COMMAND" as never,
messageId: "msg-uuid-2",
commandType: "agent.status",
payload: statusPayload as never,
response: {
agentId: mockAgentId,
taskId: mockTaskId,
status: "running",
spawnedAt: "2026-02-03T14:30:00Z",
startedAt: "2026-02-03T14:30:05Z",
} as never,
status: "DELIVERED" as never,
createdAt: new Date(),
updatedAt: new Date(),
};
commandService.sendCommand.mockResolvedValue(mockCommandResponse as never);
const result = await service.getAgentStatus(mockWorkspaceId, mockConnectionId, mockAgentId);
expect(commandService.sendCommand).toHaveBeenCalledWith(
mockWorkspaceId,
mockConnectionId,
"agent.status",
statusPayload
);
expect(result).toEqual(mockCommandResponse);
});
});
describe("killAgentOnRemote", () => {
const killPayload: KillAgentCommandPayload = {
agentId: mockAgentId,
};
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: "remote-instance-1",
remoteUrl: "https://remote.example.com",
status: FederationConnectionStatus.ACTIVE,
};
it("should kill agent on remote instance", async () => {
prisma.federationConnection.findUnique.mockResolvedValue(mockConnection as never);
const mockCommandResponse = {
id: "msg-3",
workspaceId: mockWorkspaceId,
connectionId: mockConnectionId,
messageType: "COMMAND" as never,
messageId: "msg-uuid-3",
commandType: "agent.kill",
payload: killPayload as never,
response: {
agentId: mockAgentId,
status: "killed",
killedAt: "2026-02-03T14:35:00Z",
} as never,
status: "DELIVERED" as never,
createdAt: new Date(),
updatedAt: new Date(),
};
commandService.sendCommand.mockResolvedValue(mockCommandResponse as never);
const result = await service.killAgentOnRemote(
mockWorkspaceId,
mockConnectionId,
mockAgentId
);
expect(commandService.sendCommand).toHaveBeenCalledWith(
mockWorkspaceId,
mockConnectionId,
"agent.kill",
killPayload
);
expect(result).toEqual(mockCommandResponse);
});
});
describe("handleAgentCommand", () => {
const mockConnection = {
id: mockConnectionId,
workspaceId: mockWorkspaceId,
remoteInstanceId: "remote-instance-1",
remoteUrl: "https://remote.example.com",
status: FederationConnectionStatus.ACTIVE,
};
it("should handle agent.spawn command", async () => {
const spawnPayload: SpawnAgentCommandPayload = {
taskId: mockTaskId,
agentType: "worker",
context: {
repository: "git.example.com/org/repo",
branch: "main",
workItems: ["item-1"],
},
};
prisma.federationConnection.findFirst.mockResolvedValue(mockConnection as never);
const mockOrchestratorResponse = {
agentId: mockAgentId,
status: "spawning",
};
httpService.post.mockReturnValue(
of({
data: mockOrchestratorResponse,
status: 200,
statusText: "OK",
headers: {},
config: {} as never,
}) as never
);
const result = await service.handleAgentCommand(
"remote-instance-1",
"agent.spawn",
spawnPayload
);
expect(httpService.post).toHaveBeenCalledWith(
`${mockOrchestratorUrl}/agents/spawn`,
expect.objectContaining({
taskId: mockTaskId,
agentType: "worker",
})
);
expect(result.success).toBe(true);
expect(result.data).toEqual({
agentId: mockAgentId,
status: "spawning",
spawnedAt: expect.any(String),
});
});
it("should handle agent.status command", async () => {
const statusPayload: AgentStatusCommandPayload = {
agentId: mockAgentId,
};
prisma.federationConnection.findFirst.mockResolvedValue(mockConnection as never);
const mockOrchestratorResponse = {
agentId: mockAgentId,
taskId: mockTaskId,
status: "running",
spawnedAt: "2026-02-03T14:30:00Z",
startedAt: "2026-02-03T14:30:05Z",
};
httpService.get.mockReturnValue(
of({
data: mockOrchestratorResponse,
status: 200,
statusText: "OK",
headers: {},
config: {} as never,
}) as never
);
const result = await service.handleAgentCommand(
"remote-instance-1",
"agent.status",
statusPayload
);
expect(httpService.get).toHaveBeenCalledWith(
`${mockOrchestratorUrl}/agents/${mockAgentId}/status`
);
expect(result.success).toBe(true);
expect(result.data).toEqual(mockOrchestratorResponse);
});
it("should handle agent.kill command", async () => {
const killPayload: KillAgentCommandPayload = {
agentId: mockAgentId,
};
prisma.federationConnection.findFirst.mockResolvedValue(mockConnection as never);
const mockOrchestratorResponse = {
message: `Agent ${mockAgentId} killed successfully`,
};
httpService.post.mockReturnValue(
of({
data: mockOrchestratorResponse,
status: 200,
statusText: "OK",
headers: {},
config: {} as never,
}) as never
);
const result = await service.handleAgentCommand(
"remote-instance-1",
"agent.kill",
killPayload
);
expect(httpService.post).toHaveBeenCalledWith(
`${mockOrchestratorUrl}/agents/${mockAgentId}/kill`,
{}
);
expect(result.success).toBe(true);
expect(result.data).toEqual({
agentId: mockAgentId,
status: "killed",
killedAt: expect.any(String),
});
});
it("should return error for unknown command type", async () => {
prisma.federationConnection.findFirst.mockResolvedValue(mockConnection as never);
const result = await service.handleAgentCommand("remote-instance-1", "agent.unknown", {});
expect(result.success).toBe(false);
expect(result.error).toContain("Unknown agent command type: agent.unknown");
});
it("should throw error if connection not found", async () => {
prisma.federationConnection.findFirst.mockResolvedValue(null);
await expect(
service.handleAgentCommand("remote-instance-1", "agent.spawn", {})
).rejects.toThrow("No connection found for remote instance");
});
it("should handle orchestrator errors", async () => {
const spawnPayload: SpawnAgentCommandPayload = {
taskId: mockTaskId,
agentType: "worker",
context: {
repository: "git.example.com/org/repo",
branch: "main",
workItems: ["item-1"],
},
};
prisma.federationConnection.findFirst.mockResolvedValue(mockConnection as never);
httpService.post.mockReturnValue(
throwError(() => new Error("Orchestrator connection failed")) as never
);
const result = await service.handleAgentCommand(
"remote-instance-1",
"agent.spawn",
spawnPayload
);
expect(result.success).toBe(false);
expect(result.error).toContain("Orchestrator connection failed");
});
});
});

338
apps/api/src/federation/federation-agent.service.ts Normal file
View File

@@ -0,0 +1,338 @@
/**
* Federation Agent Service
*
* Handles spawning and managing agents on remote federated instances.
*/
import { Injectable, Logger } from "@nestjs/common";
import { HttpService } from "@nestjs/axios";
import { ConfigService } from "@nestjs/config";
import { firstValueFrom } from "rxjs";
import { PrismaService } from "../prisma/prisma.service";
import { CommandService } from "./command.service";
import { FederationConnectionStatus } from "@prisma/client";
import type { CommandMessageDetails } from "./types/message.types";
import type {
SpawnAgentCommandPayload,
AgentStatusCommandPayload,
KillAgentCommandPayload,
SpawnAgentResponseData,
AgentStatusResponseData,
KillAgentResponseData,
} from "./types/federation-agent.types";
/**
* Agent command response structure
*/
export interface AgentCommandResponse {
/** Whether the command was successful */
success: boolean;
/** Response data if successful */
data?:
| SpawnAgentResponseData
| AgentStatusResponseData
| KillAgentResponseData
| Record<string, unknown>;
/** Error message if failed */
error?: string;
}
@Injectable()
export class FederationAgentService {
private readonly logger = new Logger(FederationAgentService.name);
private readonly orchestratorUrl: string;
constructor(
private readonly prisma: PrismaService,
private readonly commandService: CommandService,
private readonly httpService: HttpService,
private readonly configService: ConfigService
) {
this.orchestratorUrl =
this.configService.get<string>("orchestrator.url") ?? "http://localhost:3001";
this.logger.log(
`FederationAgentService initialized with orchestrator URL: ${this.orchestratorUrl}`
);
}
/**
* Spawn an agent on a remote federated instance
* @param workspaceId Workspace ID
* @param connectionId Federation connection ID
* @param payload Agent spawn command payload
* @returns Command message details
*/
async spawnAgentOnRemote(
workspaceId: string,
connectionId: string,
payload: SpawnAgentCommandPayload
): Promise<CommandMessageDetails> {
this.logger.log(
`Spawning agent on remote instance via connection ${connectionId} for task ${payload.taskId}`
);
// Validate connection exists and is active
const connection = await this.prisma.federationConnection.findUnique({
where: { id: connectionId, workspaceId },
});
if (!connection) {
throw new Error("Connection not found");
}
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Send command via federation
const result = await this.commandService.sendCommand(
workspaceId,
connectionId,
"agent.spawn",
payload as unknown as Record<string, unknown>
);
this.logger.log(`Agent spawn command sent successfully: ${result.messageId}`);
return result;
}
/**
* Get agent status from remote instance
* @param workspaceId Workspace ID
* @param connectionId Federation connection ID
* @param agentId Agent ID
* @returns Command message details
*/
async getAgentStatus(
workspaceId: string,
connectionId: string,
agentId: string
): Promise<CommandMessageDetails> {
this.logger.log(`Getting agent status for ${agentId} via connection ${connectionId}`);
// Validate connection exists and is active
const connection = await this.prisma.federationConnection.findUnique({
where: { id: connectionId, workspaceId },
});
if (!connection) {
throw new Error("Connection not found");
}
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Send status command
const payload: AgentStatusCommandPayload = { agentId };
const result = await this.commandService.sendCommand(
workspaceId,
connectionId,
"agent.status",
payload as unknown as Record<string, unknown>
);
this.logger.log(`Agent status command sent successfully: ${result.messageId}`);
return result;
}
/**
* Kill an agent on remote instance
* @param workspaceId Workspace ID
* @param connectionId Federation connection ID
* @param agentId Agent ID
* @returns Command message details
*/
async killAgentOnRemote(
workspaceId: string,
connectionId: string,
agentId: string
): Promise<CommandMessageDetails> {
this.logger.log(`Killing agent ${agentId} via connection ${connectionId}`);
// Validate connection exists and is active
const connection = await this.prisma.federationConnection.findUnique({
where: { id: connectionId, workspaceId },
});
if (!connection) {
throw new Error("Connection not found");
}
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Send kill command
const payload: KillAgentCommandPayload = { agentId };
const result = await this.commandService.sendCommand(
workspaceId,
connectionId,
"agent.kill",
payload as unknown as Record<string, unknown>
);
this.logger.log(`Agent kill command sent successfully: ${result.messageId}`);
return result;
}
/**
* Handle incoming agent command from remote instance
* @param remoteInstanceId Remote instance ID that sent the command
* @param commandType Command type (agent.spawn, agent.status, agent.kill)
* @param payload Command payload
* @returns Agent command response
*/
async handleAgentCommand(
remoteInstanceId: string,
commandType: string,
payload: Record<string, unknown>
): Promise<AgentCommandResponse> {
this.logger.log(`Handling agent command ${commandType} from ${remoteInstanceId}`);
// Verify connection exists for remote instance
const connection = await this.prisma.federationConnection.findFirst({
where: {
remoteInstanceId,
status: FederationConnectionStatus.ACTIVE,
},
});
if (!connection) {
throw new Error("No connection found for remote instance");
}
// Route command to appropriate handler
try {
switch (commandType) {
case "agent.spawn":
return await this.handleSpawnCommand(payload as unknown as SpawnAgentCommandPayload);
case "agent.status":
return await this.handleStatusCommand(payload as unknown as AgentStatusCommandPayload);
case "agent.kill":
return await this.handleKillCommand(payload as unknown as KillAgentCommandPayload);
default:
throw new Error(`Unknown agent command type: ${commandType}`);
}
} catch (error) {
this.logger.error(`Error handling agent command: ${String(error)}`);
return {
success: false,
error: error instanceof Error ? error.message : "Unknown error",
};
}
}
/**
* Handle agent spawn command by calling local orchestrator
* @param payload Spawn command payload
* @returns Spawn response
*/
private async handleSpawnCommand(
payload: SpawnAgentCommandPayload
): Promise<AgentCommandResponse> {
this.logger.log(`Processing spawn command for task ${payload.taskId}`);
try {
const orchestratorPayload = {
taskId: payload.taskId,
agentType: payload.agentType,
context: payload.context,
options: payload.options,
};
const response = await firstValueFrom(
this.httpService.post<{ agentId: string; status: string }>(
`${this.orchestratorUrl}/agents/spawn`,
orchestratorPayload
)
);
const spawnedAt = new Date().toISOString();
const responseData: SpawnAgentResponseData = {
agentId: response.data.agentId,
status: response.data.status as "spawning",
spawnedAt,
};
this.logger.log(`Agent spawned successfully: ${responseData.agentId}`);
return {
success: true,
data: responseData,
};
} catch (error) {
this.logger.error(`Failed to spawn agent: ${String(error)}`);
throw error;
}
}
/**
* Handle agent status command by calling local orchestrator
* @param payload Status command payload
* @returns Status response
*/
private async handleStatusCommand(
payload: AgentStatusCommandPayload
): Promise<AgentCommandResponse> {
this.logger.log(`Processing status command for agent ${payload.agentId}`);
try {
const response = await firstValueFrom(
this.httpService.get(`${this.orchestratorUrl}/agents/${payload.agentId}/status`)
);
const responseData: AgentStatusResponseData = response.data as AgentStatusResponseData;
this.logger.log(`Agent status retrieved: ${responseData.status}`);
return {
success: true,
data: responseData,
};
} catch (error) {
this.logger.error(`Failed to get agent status: ${String(error)}`);
throw error;
}
}
/**
* Handle agent kill command by calling local orchestrator
* @param payload Kill command payload
* @returns Kill response
*/
private async handleKillCommand(payload: KillAgentCommandPayload): Promise<AgentCommandResponse> {
this.logger.log(`Processing kill command for agent ${payload.agentId}`);
try {
await firstValueFrom(
this.httpService.post(`${this.orchestratorUrl}/agents/${payload.agentId}/kill`, {})
);
const killedAt = new Date().toISOString();
const responseData: KillAgentResponseData = {
agentId: payload.agentId,
status: "killed",
killedAt,
};
this.logger.log(`Agent killed successfully: ${payload.agentId}`);
return {
success: true,
data: responseData,
};
} catch (error) {
this.logger.error(`Failed to kill agent: ${String(error)}`);
throw error;
}
}
}

8
apps/api/src/federation/federation-auth.controller.spec.ts
View File

@@ -240,9 +240,9 @@ describe("FederationAuthController", () => {
subject: "user-subject-123",
};
mockOIDCService.validateToken.mockReturnValue(mockValidation);
mockOIDCService.validateToken.mockResolvedValue(mockValidation);
const result = controller.validateToken(dto);
const result = await controller.validateToken(dto);
expect(result).toEqual(mockValidation);
expect(mockOIDCService.validateToken).toHaveBeenCalledWith(dto.token, dto.instanceId);
@@ -259,9 +259,9 @@ describe("FederationAuthController", () => {
error: "Token has expired",
};
mockOIDCService.validateToken.mockReturnValue(mockValidation);
mockOIDCService.validateToken.mockResolvedValue(mockValidation);
const result = controller.validateToken(dto);
const result = await controller.validateToken(dto);
expect(result.valid).toBe(false);
expect(result.error).toBeDefined();

9
apps/api/src/federation/federation.controller.spec.ts
View File

@@ -8,6 +8,7 @@ import { FederationController } from "./federation.controller";
import { FederationService } from "./federation.service";
import { FederationAuditService } from "./audit.service";
import { ConnectionService } from "./connection.service";
import { FederationAgentService } from "./federation-agent.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { AdminGuard } from "../auth/guards/admin.guard";
import { FederationConnectionStatus } from "@prisma/client";
@@ -88,6 +89,14 @@ describe("FederationController", () => {
handleIncomingConnectionRequest: vi.fn(),
},
},
{
provide: FederationAgentService,
useValue: {
spawnAgentOnRemote: vi.fn(),
getAgentStatus: vi.fn(),
killAgentOnRemote: vi.fn(),
},
},
],
})
.overrideGuard(AuthGuard)

122
apps/api/src/federation/federation.service.spec.ts
View File

@@ -228,4 +228,126 @@ describe("FederationService", () => {
expect(result).toHaveProperty("instanceId");
});
});
describe("updateInstanceConfiguration", () => {
it("should update instance name", async () => {
// Arrange
const updatedInstance = { ...mockInstance, name: "Updated Instance" };
vi.spyOn(service, "getInstanceIdentity").mockResolvedValue({
...mockInstance,
privateKey: mockDecryptedPrivateKey,
});
vi.spyOn(prismaService.instance, "update").mockResolvedValue(updatedInstance);
// Act
const result = await service.updateInstanceConfiguration({ name: "Updated Instance" });
// Assert
expect(prismaService.instance.update).toHaveBeenCalledWith({
where: { id: mockInstance.id },
data: { name: "Updated Instance" },
});
expect(result.name).toBe("Updated Instance");
expect(result).not.toHaveProperty("privateKey");
});
it("should update instance capabilities", async () => {
// Arrange
const newCapabilities = {
supportsQuery: true,
supportsCommand: false,
supportsEvent: true,
supportsAgentSpawn: false,
protocolVersion: "1.0",
};
const updatedInstance = { ...mockInstance, capabilities: newCapabilities };
vi.spyOn(service, "getInstanceIdentity").mockResolvedValue({
...mockInstance,
privateKey: mockDecryptedPrivateKey,
});
vi.spyOn(prismaService.instance, "update").mockResolvedValue(updatedInstance);
// Act
const result = await service.updateInstanceConfiguration({ capabilities: newCapabilities });
// Assert
expect(prismaService.instance.update).toHaveBeenCalledWith({
where: { id: mockInstance.id },
data: { capabilities: newCapabilities },
});
expect(result.capabilities).toEqual(newCapabilities);
});
it("should update instance metadata", async () => {
// Arrange
const newMetadata = { description: "Test description", region: "us-west-2" };
const updatedInstance = { ...mockInstance, metadata: newMetadata };
vi.spyOn(service, "getInstanceIdentity").mockResolvedValue({
...mockInstance,
privateKey: mockDecryptedPrivateKey,
});
vi.spyOn(prismaService.instance, "update").mockResolvedValue(updatedInstance);
// Act
const result = await service.updateInstanceConfiguration({ metadata: newMetadata });
// Assert
expect(prismaService.instance.update).toHaveBeenCalledWith({
where: { id: mockInstance.id },
data: { metadata: newMetadata },
});
expect(result.metadata).toEqual(newMetadata);
});
it("should update multiple fields at once", async () => {
// Arrange
const updates = {
name: "Updated Instance",
capabilities: {
supportsQuery: false,
supportsCommand: false,
supportsEvent: false,
supportsAgentSpawn: false,
protocolVersion: "1.0",
},
metadata: { description: "Updated" },
};
const updatedInstance = { ...mockInstance, ...updates };
vi.spyOn(service, "getInstanceIdentity").mockResolvedValue({
...mockInstance,
privateKey: mockDecryptedPrivateKey,
});
vi.spyOn(prismaService.instance, "update").mockResolvedValue(updatedInstance);
// Act
const result = await service.updateInstanceConfiguration(updates);
// Assert
expect(prismaService.instance.update).toHaveBeenCalledWith({
where: { id: mockInstance.id },
data: updates,
});
expect(result.name).toBe("Updated Instance");
expect(result.capabilities).toEqual(updates.capabilities);
expect(result.metadata).toEqual(updates.metadata);
});
it("should not expose private key in response", async () => {
// Arrange
const updatedInstance = { ...mockInstance, name: "Updated" };
vi.spyOn(service, "getInstanceIdentity").mockResolvedValue({
...mockInstance,
privateKey: mockDecryptedPrivateKey,
});
vi.spyOn(prismaService.instance, "update").mockResolvedValue(updatedInstance);
// Act
const result = await service.updateInstanceConfiguration({ name: "Updated" });
// Assert - SECURITY: Verify private key is NOT in response
expect(result).not.toHaveProperty("privateKey");
expect(result).toHaveProperty("publicKey");
expect(result).toHaveProperty("instanceId");
});
});
});

62
apps/api/src/federation/federation.service.ts
View File

@@ -104,6 +104,46 @@ export class FederationService {
return publicIdentity;
}
/**
* Update instance configuration
* Allows updating name, capabilities, and metadata
* Returns public identity only (no private key exposure)
*/
async updateInstanceConfiguration(updates: {
name?: string;
capabilities?: FederationCapabilities;
metadata?: Record<string, unknown>;
}): Promise<PublicInstanceIdentity> {
const instance = await this.getInstanceIdentity();
// Build update data object
const data: Prisma.InstanceUpdateInput = {};
if (updates.name !== undefined) {
data.name = updates.name;
}
if (updates.capabilities !== undefined) {
data.capabilities = updates.capabilities as Prisma.JsonObject;
}
if (updates.metadata !== undefined) {
data.metadata = updates.metadata as Prisma.JsonObject;
}
const updatedInstance = await this.prisma.instance.update({
where: { id: instance.id },
data,
});
this.logger.log(`Instance configuration updated: ${JSON.stringify(updates)}`);
// Return public identity only (security fix)
const identity = this.mapToInstanceIdentity(updatedInstance);
const { privateKey: _privateKey, ...publicIdentity } = identity;
return publicIdentity;
}
/**
* Create a new instance identity
*/
@@ -145,6 +185,28 @@ export class FederationService {
return instance;
}
/**
* Get a federation connection by remote instance ID
* Returns the first active or pending connection
*/
async getConnectionByRemoteInstanceId(
remoteInstanceId: string
): Promise<{ remotePublicKey: string } | null> {
const connection = await this.prisma.federationConnection.findFirst({
where: {
remoteInstanceId,
status: {
in: ["ACTIVE", "PENDING"],
},
},
select: {
remotePublicKey: true,
},
});
return connection;
}
/**
* Generate a unique instance ID
*/

319
apps/api/src/federation/identity-linking.controller.spec.ts Normal file
View File

@@ -0,0 +1,319 @@
/**
* Identity Linking Controller Tests
*
* Integration tests for identity linking API endpoints.
*/
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { ExecutionContext } from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { IdentityLinkingController } from "./identity-linking.controller";
import { IdentityLinkingService } from "./identity-linking.service";
import { IdentityResolutionService } from "./identity-resolution.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import type { FederatedIdentity } from "./types/oidc.types";
import type {
CreateIdentityMappingDto,
UpdateIdentityMappingDto,
VerifyIdentityDto,
ResolveIdentityDto,
BulkResolveIdentityDto,
} from "./dto/identity-linking.dto";
describe("IdentityLinkingController", () => {
let controller: IdentityLinkingController;
let identityLinkingService: IdentityLinkingService;
let identityResolutionService: IdentityResolutionService;
const mockIdentity: FederatedIdentity = {
id: "identity-id",
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcSubject: "oidc-subject",
email: "user@example.com",
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
};
const mockUser = {
id: "local-user-id",
email: "user@example.com",
name: "Test User",
};
beforeEach(async () => {
const mockIdentityLinkingService = {
verifyIdentity: vi.fn(),
createIdentityMapping: vi.fn(),
updateIdentityMapping: vi.fn(),
validateIdentityMapping: vi.fn(),
listUserIdentities: vi.fn(),
revokeIdentityMapping: vi.fn(),
};
const mockIdentityResolutionService = {
resolveIdentity: vi.fn(),
reverseResolveIdentity: vi.fn(),
bulkResolveIdentities: vi.fn(),
};
const mockAuthGuard = {
canActivate: (context: ExecutionContext) => {
const request = context.switchToHttp().getRequest();
request.user = mockUser;
return true;
},
};
const module: TestingModule = await Test.createTestingModule({
controllers: [IdentityLinkingController],
providers: [
{ provide: IdentityLinkingService, useValue: mockIdentityLinkingService },
{ provide: IdentityResolutionService, useValue: mockIdentityResolutionService },
{ provide: Reflector, useValue: { getAllAndOverride: vi.fn(() => []) } },
],
})
.overrideGuard(AuthGuard)
.useValue(mockAuthGuard)
.compile();
controller = module.get<IdentityLinkingController>(IdentityLinkingController);
identityLinkingService = module.get(IdentityLinkingService);
identityResolutionService = module.get(IdentityResolutionService);
});
afterEach(() => {
vi.clearAllMocks();
});
describe("POST /identity/verify", () => {
it("should verify identity with valid request", async () => {
const dto: VerifyIdentityDto = {
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcToken: "valid-token",
timestamp: Date.now(),
signature: "valid-signature",
};
identityLinkingService.verifyIdentity.mockResolvedValue({
verified: true,
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
email: "user@example.com",
});
const result = await controller.verifyIdentity(dto);
expect(result.verified).toBe(true);
expect(result.localUserId).toBe("local-user-id");
expect(identityLinkingService.verifyIdentity).toHaveBeenCalledWith(dto);
});
it("should return verification failure", async () => {
const dto: VerifyIdentityDto = {
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcToken: "invalid-token",
timestamp: Date.now(),
signature: "invalid-signature",
};
identityLinkingService.verifyIdentity.mockResolvedValue({
verified: false,
error: "Invalid signature",
});
const result = await controller.verifyIdentity(dto);
expect(result.verified).toBe(false);
expect(result.error).toBe("Invalid signature");
});
});
describe("POST /identity/resolve", () => {
it("should resolve remote user to local user", async () => {
const dto: ResolveIdentityDto = {
remoteInstanceId: "remote-instance-id",
remoteUserId: "remote-user-id",
};
identityResolutionService.resolveIdentity.mockResolvedValue({
found: true,
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
email: "user@example.com",
});
const result = await controller.resolveIdentity(dto);
expect(result.found).toBe(true);
expect(result.localUserId).toBe("local-user-id");
expect(identityResolutionService.resolveIdentity).toHaveBeenCalledWith(
"remote-instance-id",
"remote-user-id"
);
});
it("should return not found when mapping does not exist", async () => {
const dto: ResolveIdentityDto = {
remoteInstanceId: "remote-instance-id",
remoteUserId: "unknown-user-id",
};
identityResolutionService.resolveIdentity.mockResolvedValue({
found: false,
remoteUserId: "unknown-user-id",
remoteInstanceId: "remote-instance-id",
});
const result = await controller.resolveIdentity(dto);
expect(result.found).toBe(false);
expect(result.localUserId).toBeUndefined();
});
});
describe("POST /identity/bulk-resolve", () => {
it("should resolve multiple remote users", async () => {
const dto: BulkResolveIdentityDto = {
remoteInstanceId: "remote-instance-id",
remoteUserIds: ["remote-user-1", "remote-user-2", "unknown-user"],
};
identityResolutionService.bulkResolveIdentities.mockResolvedValue({
mappings: {
"remote-user-1": "local-user-1",
"remote-user-2": "local-user-2",
},
notFound: ["unknown-user"],
});
const result = await controller.bulkResolveIdentity(dto);
expect(result.mappings).toEqual({
"remote-user-1": "local-user-1",
"remote-user-2": "local-user-2",
});
expect(result.notFound).toEqual(["unknown-user"]);
});
});
describe("GET /identity/me", () => {
it("should return current user's federated identities", async () => {
identityLinkingService.listUserIdentities.mockResolvedValue([mockIdentity]);
const result = await controller.getCurrentUserIdentities(mockUser);
expect(result).toHaveLength(1);
expect(result[0]).toEqual(mockIdentity);
expect(identityLinkingService.listUserIdentities).toHaveBeenCalledWith("local-user-id");
});
it("should return empty array if no identities", async () => {
identityLinkingService.listUserIdentities.mockResolvedValue([]);
const result = await controller.getCurrentUserIdentities(mockUser);
expect(result).toEqual([]);
});
});
describe("POST /identity/link", () => {
it("should create identity mapping", async () => {
const dto: CreateIdentityMappingDto = {
remoteInstanceId: "remote-instance-id",
remoteUserId: "remote-user-id",
oidcSubject: "oidc-subject",
email: "user@example.com",
metadata: { source: "manual" },
};
identityLinkingService.createIdentityMapping.mockResolvedValue(mockIdentity);
const result = await controller.createIdentityMapping(mockUser, dto);
expect(result).toEqual(mockIdentity);
expect(identityLinkingService.createIdentityMapping).toHaveBeenCalledWith(
"local-user-id",
dto
);
});
});
describe("PATCH /identity/:remoteInstanceId", () => {
it("should update identity mapping", async () => {
const remoteInstanceId = "remote-instance-id";
const dto: UpdateIdentityMappingDto = {
metadata: { updated: true },
};
const updatedIdentity = { ...mockIdentity, metadata: { updated: true } };
identityLinkingService.updateIdentityMapping.mockResolvedValue(updatedIdentity);
const result = await controller.updateIdentityMapping(mockUser, remoteInstanceId, dto);
expect(result.metadata).toEqual({ updated: true });
expect(identityLinkingService.updateIdentityMapping).toHaveBeenCalledWith(
"local-user-id",
remoteInstanceId,
dto
);
});
});
describe("DELETE /identity/:remoteInstanceId", () => {
it("should revoke identity mapping", async () => {
const remoteInstanceId = "remote-instance-id";
identityLinkingService.revokeIdentityMapping.mockResolvedValue(undefined);
const result = await controller.revokeIdentityMapping(mockUser, remoteInstanceId);
expect(result).toEqual({ success: true });
expect(identityLinkingService.revokeIdentityMapping).toHaveBeenCalledWith(
"local-user-id",
remoteInstanceId
);
});
});
describe("GET /identity/:remoteInstanceId/validate", () => {
it("should validate existing identity mapping", async () => {
const remoteInstanceId = "remote-instance-id";
identityLinkingService.validateIdentityMapping.mockResolvedValue({
valid: true,
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
});
const result = await controller.validateIdentityMapping(mockUser, remoteInstanceId);
expect(result.valid).toBe(true);
expect(result.localUserId).toBe("local-user-id");
});
it("should return invalid if mapping not found", async () => {
const remoteInstanceId = "unknown-instance-id";
identityLinkingService.validateIdentityMapping.mockResolvedValue({
valid: false,
error: "Identity mapping not found",
});
const result = await controller.validateIdentityMapping(mockUser, remoteInstanceId);
expect(result.valid).toBe(false);
expect(result.error).toContain("not found");
});
});
});

151
apps/api/src/federation/identity-linking.controller.ts Normal file
View File

@@ -0,0 +1,151 @@
/**
* Identity Linking Controller
*
* API endpoints for cross-instance identity verification and management.
*/
import { Controller, Post, Get, Patch, Delete, Body, Param, UseGuards } from "@nestjs/common";
import { AuthGuard } from "../auth/guards/auth.guard";
import { IdentityLinkingService } from "./identity-linking.service";
import { IdentityResolutionService } from "./identity-resolution.service";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
import type {
VerifyIdentityDto,
ResolveIdentityDto,
BulkResolveIdentityDto,
CreateIdentityMappingDto,
UpdateIdentityMappingDto,
} from "./dto/identity-linking.dto";
import type {
IdentityVerificationResponse,
IdentityResolutionResponse,
BulkIdentityResolutionResponse,
IdentityMappingValidation,
} from "./types/identity-linking.types";
import type { FederatedIdentity } from "./types/oidc.types";
/**
* User object from authentication
*/
interface AuthenticatedUser {
id: string;
email: string;
name: string;
}
@Controller("federation/identity")
export class IdentityLinkingController {
constructor(
private readonly identityLinkingService: IdentityLinkingService,
private readonly identityResolutionService: IdentityResolutionService
) {}
/**
* POST /api/v1/federation/identity/verify
*
* Verify a user's identity from a remote instance.
* Validates signature and OIDC token.
*/
@Post("verify")
async verifyIdentity(@Body() dto: VerifyIdentityDto): Promise<IdentityVerificationResponse> {
return this.identityLinkingService.verifyIdentity(dto);
}
/**
* POST /api/v1/federation/identity/resolve
*
* Resolve a remote user to a local user.
*/
@Post("resolve")
@UseGuards(AuthGuard)
async resolveIdentity(@Body() dto: ResolveIdentityDto): Promise<IdentityResolutionResponse> {
return this.identityResolutionService.resolveIdentity(dto.remoteInstanceId, dto.remoteUserId);
}
/**
* POST /api/v1/federation/identity/bulk-resolve
*
* Bulk resolve multiple remote users to local users.
*/
@Post("bulk-resolve")
@UseGuards(AuthGuard)
async bulkResolveIdentity(
@Body() dto: BulkResolveIdentityDto
): Promise<BulkIdentityResolutionResponse> {
return this.identityResolutionService.bulkResolveIdentities(
dto.remoteInstanceId,
dto.remoteUserIds
);
}
/**
* GET /api/v1/federation/identity/me
*
* Get the current user's federated identities.
*/
@Get("me")
@UseGuards(AuthGuard)
async getCurrentUserIdentities(
@CurrentUser() user: AuthenticatedUser
): Promise<FederatedIdentity[]> {
return this.identityLinkingService.listUserIdentities(user.id);
}
/**
* POST /api/v1/federation/identity/link
*
* Create a new identity mapping for the current user.
*/
@Post("link")
@UseGuards(AuthGuard)
async createIdentityMapping(
@CurrentUser() user: AuthenticatedUser,
@Body() dto: CreateIdentityMappingDto
): Promise<FederatedIdentity> {
return this.identityLinkingService.createIdentityMapping(user.id, dto);
}
/**
* PATCH /api/v1/federation/identity/:remoteInstanceId
*
* Update an existing identity mapping.
*/
@Patch(":remoteInstanceId")
@UseGuards(AuthGuard)
async updateIdentityMapping(
@CurrentUser() user: AuthenticatedUser,
@Param("remoteInstanceId") remoteInstanceId: string,
@Body() dto: UpdateIdentityMappingDto
): Promise<FederatedIdentity> {
return this.identityLinkingService.updateIdentityMapping(user.id, remoteInstanceId, dto);
}
/**
* DELETE /api/v1/federation/identity/:remoteInstanceId
*
* Revoke an identity mapping.
*/
@Delete(":remoteInstanceId")
@UseGuards(AuthGuard)
async revokeIdentityMapping(
@CurrentUser() user: AuthenticatedUser,
@Param("remoteInstanceId") remoteInstanceId: string
): Promise<{ success: boolean }> {
await this.identityLinkingService.revokeIdentityMapping(user.id, remoteInstanceId);
return { success: true };
}
/**
* GET /api/v1/federation/identity/:remoteInstanceId/validate
*
* Validate an identity mapping exists and is valid.
*/
@Get(":remoteInstanceId/validate")
@UseGuards(AuthGuard)
async validateIdentityMapping(
@CurrentUser() user: AuthenticatedUser,
@Param("remoteInstanceId") remoteInstanceId: string
): Promise<IdentityMappingValidation> {
return this.identityLinkingService.validateIdentityMapping(user.id, remoteInstanceId);
}
}

404
apps/api/src/federation/identity-linking.service.spec.ts Normal file
View File

@@ -0,0 +1,404 @@
/**
* Identity Linking Service Tests
*
* Tests for cross-instance identity verification and mapping.
*/
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { IdentityLinkingService } from "./identity-linking.service";
import { OIDCService } from "./oidc.service";
import { SignatureService } from "./signature.service";
import { FederationAuditService } from "./audit.service";
import { PrismaService } from "../prisma/prisma.service";
import type {
IdentityVerificationRequest,
CreateIdentityMappingDto,
UpdateIdentityMappingDto,
} from "./types/identity-linking.types";
import type { FederatedIdentity } from "./types/oidc.types";
describe("IdentityLinkingService", () => {
let service: IdentityLinkingService;
let oidcService: OIDCService;
let signatureService: SignatureService;
let auditService: FederationAuditService;
let prismaService: PrismaService;
const mockFederatedIdentity: FederatedIdentity = {
id: "identity-id",
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcSubject: "oidc-subject",
email: "user@example.com",
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
};
beforeEach(async () => {
const mockOIDCService = {
linkFederatedIdentity: vi.fn(),
getFederatedIdentity: vi.fn(),
getUserFederatedIdentities: vi.fn(),
revokeFederatedIdentity: vi.fn(),
validateToken: vi.fn(),
};
const mockSignatureService = {
verifyMessage: vi.fn(),
validateTimestamp: vi.fn(),
};
const mockAuditService = {
logIdentityVerification: vi.fn(),
logIdentityLinking: vi.fn(),
logIdentityRevocation: vi.fn(),
};
const mockPrismaService = {
federatedIdentity: {
findUnique: vi.fn(),
findFirst: vi.fn(),
update: vi.fn(),
},
};
const module: TestingModule = await Test.createTestingModule({
providers: [
IdentityLinkingService,
{ provide: OIDCService, useValue: mockOIDCService },
{ provide: SignatureService, useValue: mockSignatureService },
{ provide: FederationAuditService, useValue: mockAuditService },
{ provide: PrismaService, useValue: mockPrismaService },
],
}).compile();
service = module.get<IdentityLinkingService>(IdentityLinkingService);
oidcService = module.get(OIDCService);
signatureService = module.get(SignatureService);
auditService = module.get(FederationAuditService);
prismaService = module.get(PrismaService);
});
afterEach(() => {
vi.clearAllMocks();
});
describe("verifyIdentity", () => {
it("should verify identity with valid signature and token", async () => {
const request: IdentityVerificationRequest = {
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcToken: "valid-token",
timestamp: Date.now(),
signature: "valid-signature",
};
signatureService.validateTimestamp.mockReturnValue(true);
signatureService.verifyMessage.mockResolvedValue({ valid: true });
oidcService.validateToken.mockReturnValue({
valid: true,
userId: "remote-user-id",
instanceId: "remote-instance-id",
email: "user@example.com",
});
oidcService.getFederatedIdentity.mockResolvedValue(mockFederatedIdentity);
const result = await service.verifyIdentity(request);
expect(result.verified).toBe(true);
expect(result.localUserId).toBe("local-user-id");
expect(result.remoteUserId).toBe("remote-user-id");
expect(result.remoteInstanceId).toBe("remote-instance-id");
expect(signatureService.validateTimestamp).toHaveBeenCalledWith(request.timestamp);
expect(signatureService.verifyMessage).toHaveBeenCalled();
expect(oidcService.validateToken).toHaveBeenCalledWith("valid-token", "remote-instance-id");
expect(auditService.logIdentityVerification).toHaveBeenCalled();
});
it("should reject identity with invalid signature", async () => {
const request: IdentityVerificationRequest = {
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcToken: "valid-token",
timestamp: Date.now(),
signature: "invalid-signature",
};
signatureService.validateTimestamp.mockReturnValue(true);
signatureService.verifyMessage.mockResolvedValue({
valid: false,
error: "Invalid signature",
});
const result = await service.verifyIdentity(request);
expect(result.verified).toBe(false);
expect(result.error).toContain("Invalid signature");
expect(oidcService.validateToken).not.toHaveBeenCalled();
});
it("should reject identity with expired timestamp", async () => {
const request: IdentityVerificationRequest = {
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcToken: "valid-token",
timestamp: Date.now() - 10 * 60 * 1000, // 10 minutes ago
signature: "valid-signature",
};
signatureService.validateTimestamp.mockReturnValue(false);
const result = await service.verifyIdentity(request);
expect(result.verified).toBe(false);
expect(result.error).toContain("expired");
expect(signatureService.verifyMessage).not.toHaveBeenCalled();
});
it("should reject identity with invalid OIDC token", async () => {
const request: IdentityVerificationRequest = {
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcToken: "invalid-token",
timestamp: Date.now(),
signature: "valid-signature",
};
signatureService.validateTimestamp.mockReturnValue(true);
signatureService.verifyMessage.mockResolvedValue({ valid: true });
oidcService.validateToken.mockReturnValue({
valid: false,
error: "Invalid token",
});
const result = await service.verifyIdentity(request);
expect(result.verified).toBe(false);
expect(result.error).toContain("Invalid token");
});
it("should reject identity if mapping does not exist", async () => {
const request: IdentityVerificationRequest = {
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcToken: "valid-token",
timestamp: Date.now(),
signature: "valid-signature",
};
signatureService.validateTimestamp.mockReturnValue(true);
signatureService.verifyMessage.mockResolvedValue({ valid: true });
oidcService.validateToken.mockReturnValue({
valid: true,
userId: "remote-user-id",
instanceId: "remote-instance-id",
});
oidcService.getFederatedIdentity.mockResolvedValue(null);
const result = await service.verifyIdentity(request);
expect(result.verified).toBe(false);
expect(result.error).toContain("not found");
});
});
describe("resolveLocalIdentity", () => {
it("should resolve remote user to local user", async () => {
prismaService.federatedIdentity.findFirst.mockResolvedValue(mockFederatedIdentity as never);
const result = await service.resolveLocalIdentity("remote-instance-id", "remote-user-id");
expect(result).not.toBeNull();
expect(result?.localUserId).toBe("local-user-id");
expect(result?.remoteUserId).toBe("remote-user-id");
expect(result?.email).toBe("user@example.com");
});
it("should return null when mapping not found", async () => {
prismaService.federatedIdentity.findFirst.mockResolvedValue(null);
const result = await service.resolveLocalIdentity("remote-instance-id", "unknown-user-id");
expect(result).toBeNull();
});
});
describe("resolveRemoteIdentity", () => {
it("should resolve local user to remote user", async () => {
oidcService.getFederatedIdentity.mockResolvedValue(mockFederatedIdentity);
const result = await service.resolveRemoteIdentity("local-user-id", "remote-instance-id");
expect(result).not.toBeNull();
expect(result?.remoteUserId).toBe("remote-user-id");
expect(result?.localUserId).toBe("local-user-id");
});
it("should return null when mapping not found", async () => {
oidcService.getFederatedIdentity.mockResolvedValue(null);
const result = await service.resolveRemoteIdentity("unknown-user-id", "remote-instance-id");
expect(result).toBeNull();
});
});
describe("createIdentityMapping", () => {
it("should create identity mapping with valid data", async () => {
const dto: CreateIdentityMappingDto = {
remoteInstanceId: "remote-instance-id",
remoteUserId: "remote-user-id",
oidcSubject: "oidc-subject",
email: "user@example.com",
metadata: { source: "manual" },
};
oidcService.linkFederatedIdentity.mockResolvedValue(mockFederatedIdentity);
const result = await service.createIdentityMapping("local-user-id", dto);
expect(result).toEqual(mockFederatedIdentity);
expect(oidcService.linkFederatedIdentity).toHaveBeenCalledWith(
"local-user-id",
"remote-user-id",
"remote-instance-id",
"oidc-subject",
"user@example.com",
{ source: "manual" }
);
expect(auditService.logIdentityLinking).toHaveBeenCalled();
});
it("should validate OIDC token if provided", async () => {
const dto: CreateIdentityMappingDto = {
remoteInstanceId: "remote-instance-id",
remoteUserId: "remote-user-id",
oidcSubject: "oidc-subject",
email: "user@example.com",
oidcToken: "valid-token",
};
oidcService.validateToken.mockReturnValue({ valid: true });
oidcService.linkFederatedIdentity.mockResolvedValue(mockFederatedIdentity);
await service.createIdentityMapping("local-user-id", dto);
expect(oidcService.validateToken).toHaveBeenCalledWith("valid-token", "remote-instance-id");
});
it("should throw error if OIDC token is invalid", async () => {
const dto: CreateIdentityMappingDto = {
remoteInstanceId: "remote-instance-id",
remoteUserId: "remote-user-id",
oidcSubject: "oidc-subject",
email: "user@example.com",
oidcToken: "invalid-token",
};
oidcService.validateToken.mockReturnValue({
valid: false,
error: "Invalid token",
});
await expect(service.createIdentityMapping("local-user-id", dto)).rejects.toThrow(
"Invalid OIDC token"
);
});
});
describe("updateIdentityMapping", () => {
it("should update identity mapping metadata", async () => {
const dto: UpdateIdentityMappingDto = {
metadata: { updated: true },
};
const updatedIdentity = { ...mockFederatedIdentity, metadata: { updated: true } };
prismaService.federatedIdentity.findUnique.mockResolvedValue(mockFederatedIdentity as never);
prismaService.federatedIdentity.update.mockResolvedValue(updatedIdentity as never);
const result = await service.updateIdentityMapping(
"local-user-id",
"remote-instance-id",
dto
);
expect(result.metadata).toEqual({ updated: true });
expect(prismaService.federatedIdentity.update).toHaveBeenCalled();
});
it("should throw error if mapping not found", async () => {
const dto: UpdateIdentityMappingDto = {
metadata: { updated: true },
};
prismaService.federatedIdentity.findUnique.mockResolvedValue(null);
await expect(
service.updateIdentityMapping("unknown-user-id", "remote-instance-id", dto)
).rejects.toThrow("not found");
});
});
describe("validateIdentityMapping", () => {
it("should validate existing identity mapping", async () => {
oidcService.getFederatedIdentity.mockResolvedValue(mockFederatedIdentity);
const result = await service.validateIdentityMapping("local-user-id", "remote-instance-id");
expect(result.valid).toBe(true);
expect(result.localUserId).toBe("local-user-id");
expect(result.remoteUserId).toBe("remote-user-id");
});
it("should return invalid if mapping not found", async () => {
oidcService.getFederatedIdentity.mockResolvedValue(null);
const result = await service.validateIdentityMapping("unknown-user-id", "remote-instance-id");
expect(result.valid).toBe(false);
expect(result.error).toContain("not found");
});
});
describe("listUserIdentities", () => {
it("should list all federated identities for a user", async () => {
const identities = [mockFederatedIdentity];
oidcService.getUserFederatedIdentities.mockResolvedValue(identities);
const result = await service.listUserIdentities("local-user-id");
expect(result).toEqual(identities);
expect(oidcService.getUserFederatedIdentities).toHaveBeenCalledWith("local-user-id");
});
it("should return empty array if user has no federated identities", async () => {
oidcService.getUserFederatedIdentities.mockResolvedValue([]);
const result = await service.listUserIdentities("local-user-id");
expect(result).toEqual([]);
});
});
describe("revokeIdentityMapping", () => {
it("should revoke identity mapping", async () => {
oidcService.revokeFederatedIdentity.mockResolvedValue(undefined);
await service.revokeIdentityMapping("local-user-id", "remote-instance-id");
expect(oidcService.revokeFederatedIdentity).toHaveBeenCalledWith(
"local-user-id",
"remote-instance-id"
);
expect(auditService.logIdentityRevocation).toHaveBeenCalled();
});
});
});

323
apps/api/src/federation/identity-linking.service.ts Normal file
View File

@@ -0,0 +1,323 @@
/**
* Identity Linking Service
*
* Handles cross-instance user identity verification and mapping.
*/
import { Injectable, Logger, NotFoundException, UnauthorizedException } from "@nestjs/common";
import { Prisma } from "@prisma/client";
import { PrismaService } from "../prisma/prisma.service";
import { OIDCService } from "./oidc.service";
import { SignatureService } from "./signature.service";
import { FederationAuditService } from "./audit.service";
import type {
IdentityVerificationRequest,
IdentityVerificationResponse,
CreateIdentityMappingDto,
UpdateIdentityMappingDto,
IdentityMappingValidation,
} from "./types/identity-linking.types";
import type { FederatedIdentity } from "./types/oidc.types";
@Injectable()
export class IdentityLinkingService {
private readonly logger = new Logger(IdentityLinkingService.name);
constructor(
private readonly prisma: PrismaService,
private readonly oidcService: OIDCService,
private readonly signatureService: SignatureService,
private readonly auditService: FederationAuditService
) {}
/**
* Verify a user's identity from a remote instance
*
* Validates:
* 1. Timestamp is recent (not expired)
* 2. Signature is valid (signed by remote instance)
* 3. OIDC token is valid
* 4. Identity mapping exists
*/
async verifyIdentity(
request: IdentityVerificationRequest
): Promise<IdentityVerificationResponse> {
this.logger.log(`Verifying identity: ${request.localUserId} from ${request.remoteInstanceId}`);
// Validate timestamp (prevent replay attacks)
if (!this.signatureService.validateTimestamp(request.timestamp)) {
this.logger.warn(`Identity verification failed: Request timestamp expired`);
return {
verified: false,
error: "Request timestamp expired",
};
}
// Verify signature
const { signature, ...messageToVerify } = request;
const signatureValidation = await this.signatureService.verifyMessage(
messageToVerify,
signature,
request.remoteInstanceId
);
if (!signatureValidation.valid) {
const errorMessage = signatureValidation.error ?? "Invalid signature";
this.logger.warn(`Identity verification failed: ${errorMessage}`);
return {
verified: false,
error: errorMessage,
};
}
// Validate OIDC token
const tokenValidation = await this.oidcService.validateToken(
request.oidcToken,
request.remoteInstanceId
);
if (!tokenValidation.valid) {
const tokenError = tokenValidation.error ?? "Invalid OIDC token";
this.logger.warn(`Identity verification failed: ${tokenError}`);
return {
verified: false,
error: tokenError,
};
}
// Check if identity mapping exists
const identity = await this.oidcService.getFederatedIdentity(
request.localUserId,
request.remoteInstanceId
);
if (!identity) {
this.logger.warn(
`Identity verification failed: Mapping not found for ${request.localUserId}`
);
return {
verified: false,
error: "Identity mapping not found",
};
}
// Verify that the remote user ID matches
if (identity.remoteUserId !== request.remoteUserId) {
this.logger.warn(
`Identity verification failed: Remote user ID mismatch (expected ${identity.remoteUserId}, got ${request.remoteUserId})`
);
return {
verified: false,
error: "Remote user ID mismatch",
};
}
// Log successful verification
this.auditService.logIdentityVerification(request.localUserId, request.remoteInstanceId, true);
this.logger.log(`Identity verified successfully: ${request.localUserId}`);
return {
verified: true,
localUserId: identity.localUserId,
remoteUserId: identity.remoteUserId,
remoteInstanceId: identity.remoteInstanceId,
email: identity.email,
};
}
/**
* Resolve a remote user to a local user
*
* Looks up the identity mapping by remote instance and user ID.
*/
async resolveLocalIdentity(
remoteInstanceId: string,
remoteUserId: string
): Promise<FederatedIdentity | null> {
this.logger.debug(`Resolving local identity for ${remoteUserId}@${remoteInstanceId}`);
// Query by remoteInstanceId and remoteUserId
// Note: Prisma doesn't have a unique constraint for this pair,
// so we use findFirst
const identity = await this.prisma.federatedIdentity.findFirst({
where: {
remoteInstanceId,
remoteUserId,
},
});
if (!identity) {
this.logger.debug(`No local identity found for ${remoteUserId}@${remoteInstanceId}`);
return null;
}
return {
id: identity.id,
localUserId: identity.localUserId,
remoteUserId: identity.remoteUserId,
remoteInstanceId: identity.remoteInstanceId,
oidcSubject: identity.oidcSubject,
email: identity.email,
metadata: identity.metadata as Record<string, unknown>,
createdAt: identity.createdAt,
updatedAt: identity.updatedAt,
};
}
/**
* Resolve a local user to a remote identity
*
* Looks up the identity mapping by local user ID and remote instance.
*/
async resolveRemoteIdentity(
localUserId: string,
remoteInstanceId: string
): Promise<FederatedIdentity | null> {
this.logger.debug(`Resolving remote identity for ${localUserId}@${remoteInstanceId}`);
const identity = await this.oidcService.getFederatedIdentity(localUserId, remoteInstanceId);
if (!identity) {
this.logger.debug(`No remote identity found for ${localUserId}@${remoteInstanceId}`);
return null;
}
return identity;
}
/**
* Create a new identity mapping
*
* Optionally validates OIDC token if provided.
*/
async createIdentityMapping(
localUserId: string,
dto: CreateIdentityMappingDto
): Promise<FederatedIdentity> {
this.logger.log(
`Creating identity mapping: ${localUserId} -> ${dto.remoteUserId}@${dto.remoteInstanceId}`
);
// Validate OIDC token if provided
if (dto.oidcToken) {
const tokenValidation = await this.oidcService.validateToken(
dto.oidcToken,
dto.remoteInstanceId
);
if (!tokenValidation.valid) {
const validationError = tokenValidation.error ?? "Unknown validation error";
throw new UnauthorizedException(`Invalid OIDC token: ${validationError}`);
}
}
// Create identity mapping via OIDCService
const identity = await this.oidcService.linkFederatedIdentity(
localUserId,
dto.remoteUserId,
dto.remoteInstanceId,
dto.oidcSubject,
dto.email,
dto.metadata ?? {}
);
// Log identity linking
this.auditService.logIdentityLinking(localUserId, dto.remoteInstanceId, dto.remoteUserId);
return identity;
}
/**
* Update an existing identity mapping
*/
async updateIdentityMapping(
localUserId: string,
remoteInstanceId: string,
dto: UpdateIdentityMappingDto
): Promise<FederatedIdentity> {
this.logger.log(`Updating identity mapping: ${localUserId}@${remoteInstanceId}`);
// Verify mapping exists
const existing = await this.prisma.federatedIdentity.findUnique({
where: {
localUserId_remoteInstanceId: {
localUserId,
remoteInstanceId,
},
},
});
if (!existing) {
throw new NotFoundException("Identity mapping not found");
}
// Update metadata
const updated = await this.prisma.federatedIdentity.update({
where: {
localUserId_remoteInstanceId: {
localUserId,
remoteInstanceId,
},
},
data: {
metadata: (dto.metadata ?? existing.metadata) as Prisma.InputJsonValue,
},
});
return {
id: updated.id,
localUserId: updated.localUserId,
remoteUserId: updated.remoteUserId,
remoteInstanceId: updated.remoteInstanceId,
oidcSubject: updated.oidcSubject,
email: updated.email,
metadata: updated.metadata as Record<string, unknown>,
createdAt: updated.createdAt,
updatedAt: updated.updatedAt,
};
}
/**
* Validate an identity mapping exists and is valid
*/
async validateIdentityMapping(
localUserId: string,
remoteInstanceId: string
): Promise<IdentityMappingValidation> {
const identity = await this.oidcService.getFederatedIdentity(localUserId, remoteInstanceId);
if (!identity) {
return {
valid: false,
error: "Identity mapping not found",
};
}
return {
valid: true,
localUserId: identity.localUserId,
remoteUserId: identity.remoteUserId,
remoteInstanceId: identity.remoteInstanceId,
};
}
/**
* List all federated identities for a user
*/
async listUserIdentities(localUserId: string): Promise<FederatedIdentity[]> {
return this.oidcService.getUserFederatedIdentities(localUserId);
}
/**
* Revoke an identity mapping
*/
async revokeIdentityMapping(localUserId: string, remoteInstanceId: string): Promise<void> {
this.logger.log(`Revoking identity mapping: ${localUserId}@${remoteInstanceId}`);
await this.oidcService.revokeFederatedIdentity(localUserId, remoteInstanceId);
// Log revocation
this.auditService.logIdentityRevocation(localUserId, remoteInstanceId);
}
}

151
apps/api/src/federation/identity-resolution.service.spec.ts Normal file
View File

@@ -0,0 +1,151 @@
/**
* Identity Resolution Service Tests
*
* Tests for resolving identities between local and remote instances.
*/
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { IdentityResolutionService } from "./identity-resolution.service";
import { IdentityLinkingService } from "./identity-linking.service";
import type { FederatedIdentity } from "./types/oidc.types";
describe("IdentityResolutionService", () => {
let service: IdentityResolutionService;
let identityLinkingService: IdentityLinkingService;
const mockIdentity: FederatedIdentity = {
id: "identity-id",
localUserId: "local-user-id",
remoteUserId: "remote-user-id",
remoteInstanceId: "remote-instance-id",
oidcSubject: "oidc-subject",
email: "user@example.com",
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
};
beforeEach(async () => {
const mockIdentityLinkingService = {
resolveLocalIdentity: vi.fn(),
resolveRemoteIdentity: vi.fn(),
};
const module: TestingModule = await Test.createTestingModule({
providers: [
IdentityResolutionService,
{ provide: IdentityLinkingService, useValue: mockIdentityLinkingService },
],
}).compile();
service = module.get<IdentityResolutionService>(IdentityResolutionService);
identityLinkingService = module.get(IdentityLinkingService);
});
afterEach(() => {
vi.clearAllMocks();
});
describe("resolveIdentity", () => {
it("should resolve remote identity to local user", async () => {
identityLinkingService.resolveLocalIdentity.mockResolvedValue(mockIdentity);
const result = await service.resolveIdentity("remote-instance-id", "remote-user-id");
expect(result.found).toBe(true);
expect(result.localUserId).toBe("local-user-id");
expect(result.remoteUserId).toBe("remote-user-id");
expect(result.email).toBe("user@example.com");
expect(identityLinkingService.resolveLocalIdentity).toHaveBeenCalledWith(
"remote-instance-id",
"remote-user-id"
);
});
it("should return not found when mapping does not exist", async () => {
identityLinkingService.resolveLocalIdentity.mockResolvedValue(null);
const result = await service.resolveIdentity("remote-instance-id", "unknown-user-id");
expect(result.found).toBe(false);
expect(result.localUserId).toBeUndefined();
expect(result.remoteUserId).toBe("unknown-user-id");
});
});
describe("reverseResolveIdentity", () => {
it("should resolve local user to remote identity", async () => {
identityLinkingService.resolveRemoteIdentity.mockResolvedValue(mockIdentity);
const result = await service.reverseResolveIdentity("local-user-id", "remote-instance-id");
expect(result.found).toBe(true);
expect(result.remoteUserId).toBe("remote-user-id");
expect(result.localUserId).toBe("local-user-id");
expect(identityLinkingService.resolveRemoteIdentity).toHaveBeenCalledWith(
"local-user-id",
"remote-instance-id"
);
});
it("should return not found when mapping does not exist", async () => {
identityLinkingService.resolveRemoteIdentity.mockResolvedValue(null);
const result = await service.reverseResolveIdentity("unknown-user-id", "remote-instance-id");
expect(result.found).toBe(false);
expect(result.remoteUserId).toBeUndefined();
expect(result.localUserId).toBe("unknown-user-id");
});
});
describe("bulkResolveIdentities", () => {
it("should resolve multiple remote users to local users", async () => {
const mockIdentity2: FederatedIdentity = {
...mockIdentity,
id: "identity-id-2",
localUserId: "local-user-id-2",
remoteUserId: "remote-user-id-2",
};
identityLinkingService.resolveLocalIdentity
.mockResolvedValueOnce(mockIdentity)
.mockResolvedValueOnce(mockIdentity2)
.mockResolvedValueOnce(null);
const result = await service.bulkResolveIdentities("remote-instance-id", [
"remote-user-id",
"remote-user-id-2",
"unknown-user-id",
]);
expect(result.mappings["remote-user-id"]).toBe("local-user-id");
expect(result.mappings["remote-user-id-2"]).toBe("local-user-id-2");
expect(result.notFound).toEqual(["unknown-user-id"]);
expect(identityLinkingService.resolveLocalIdentity).toHaveBeenCalledTimes(3);
});
it("should handle empty array", async () => {
const result = await service.bulkResolveIdentities("remote-instance-id", []);
expect(result.mappings).toEqual({});
expect(result.notFound).toEqual([]);
expect(identityLinkingService.resolveLocalIdentity).not.toHaveBeenCalled();
});
it("should handle all not found", async () => {
identityLinkingService.resolveLocalIdentity
.mockResolvedValueOnce(null)
.mockResolvedValueOnce(null);
const result = await service.bulkResolveIdentities("remote-instance-id", [
"unknown-1",
"unknown-2",
]);
expect(result.mappings).toEqual({});
expect(result.notFound).toEqual(["unknown-1", "unknown-2"]);
});
});
});

137
apps/api/src/federation/identity-resolution.service.ts Normal file
View File

@@ -0,0 +1,137 @@
/**
* Identity Resolution Service
*
* Handles identity resolution (lookup) between local and remote instances.
* Optimized for read-heavy operations.
*/
import { Injectable, Logger } from "@nestjs/common";
import { IdentityLinkingService } from "./identity-linking.service";
import type {
IdentityResolutionResponse,
BulkIdentityResolutionResponse,
} from "./types/identity-linking.types";
@Injectable()
export class IdentityResolutionService {
private readonly logger = new Logger(IdentityResolutionService.name);
constructor(private readonly identityLinkingService: IdentityLinkingService) {}
/**
* Resolve a remote user to a local user
*
* Looks up the identity mapping by remote instance and user ID.
*/
async resolveIdentity(
remoteInstanceId: string,
remoteUserId: string
): Promise<IdentityResolutionResponse> {
this.logger.debug(`Resolving identity: ${remoteUserId}@${remoteInstanceId}`);
const identity = await this.identityLinkingService.resolveLocalIdentity(
remoteInstanceId,
remoteUserId
);
if (!identity) {
return {
found: false,
remoteUserId,
remoteInstanceId,
};
}
return {
found: true,
localUserId: identity.localUserId,
remoteUserId: identity.remoteUserId,
remoteInstanceId: identity.remoteInstanceId,
email: identity.email,
metadata: identity.metadata,
};
}
/**
* Reverse resolve a local user to a remote identity
*
* Looks up the identity mapping by local user ID and remote instance.
*/
async reverseResolveIdentity(
localUserId: string,
remoteInstanceId: string
): Promise<IdentityResolutionResponse> {
this.logger.debug(`Reverse resolving identity: ${localUserId}@${remoteInstanceId}`);
const identity = await this.identityLinkingService.resolveRemoteIdentity(
localUserId,
remoteInstanceId
);
if (!identity) {
return {
found: false,
localUserId,
remoteInstanceId,
};
}
return {
found: true,
localUserId: identity.localUserId,
remoteUserId: identity.remoteUserId,
remoteInstanceId: identity.remoteInstanceId,
email: identity.email,
metadata: identity.metadata,
};
}
/**
* Bulk resolve multiple remote users to local users
*
* Efficient batch operation for resolving many identities at once.
* Useful for aggregated dashboard views and multi-user operations.
*/
async bulkResolveIdentities(
remoteInstanceId: string,
remoteUserIds: string[]
): Promise<BulkIdentityResolutionResponse> {
this.logger.debug(
`Bulk resolving ${remoteUserIds.length.toString()} identities for ${remoteInstanceId}`
);
if (remoteUserIds.length === 0) {
return {
mappings: {},
notFound: [],
};
}
const mappings: Record<string, string> = {};
const notFound: string[] = [];
// Resolve each identity
// TODO: Optimize with a single database query using IN clause
for (const remoteUserId of remoteUserIds) {
const identity = await this.identityLinkingService.resolveLocalIdentity(
remoteInstanceId,
remoteUserId
);
if (identity) {
mappings[remoteUserId] = identity.localUserId;
} else {
notFound.push(remoteUserId);
}
}
this.logger.debug(
`Bulk resolution complete: ${Object.keys(mappings).length.toString()} found, ${notFound.length.toString()} not found`
);
return {
mappings,
notFound,
};
}
}

9
apps/api/src/federation/index.ts
View File

@@ -5,6 +5,15 @@
export * from "./federation.module";
export * from "./federation.service";
export * from "./federation.controller";
export * from "./identity-linking.service";
export * from "./identity-resolution.service";
export * from "./identity-linking.controller";
export * from "./crypto.service";
export * from "./audit.service";
export * from "./query.service";
export * from "./query.controller";
export * from "./command.service";
export * from "./command.controller";
export * from "./types/instance.types";
export * from "./types/identity-linking.types";
export * from "./types/message.types";

205
apps/api/src/federation/oidc.service.spec.ts
View File

@@ -14,6 +14,28 @@ import type {
FederatedTokenValidation,
OIDCTokenClaims,
} from "./types/oidc.types";
import * as jose from "jose";
/**
* Helper function to create test JWTs for testing
*/
async function createTestJWT(
claims: OIDCTokenClaims,
secret: string = "test-secret-key-for-jwt-signing"
): Promise<string> {
const secretKey = new TextEncoder().encode(secret);
const jwt = await new jose.SignJWT(claims as Record<string, unknown>)
.setProtectedHeader({ alg: "HS256" })
.setIssuedAt(claims.iat)
.setExpirationTime(claims.exp)
.setSubject(claims.sub)
.setIssuer(claims.iss)
.setAudience(claims.aud)
.sign(secretKey);
return jwt;
}
describe("OIDCService", () => {
let service: OIDCService;
@@ -288,90 +310,137 @@ describe("OIDCService", () => {
});
});
describe("validateToken", () => {
it("should validate a valid OIDC token", () => {
const token = "valid-oidc-token";
describe("validateToken - Real JWT Validation", () => {
it("should reject malformed token (not a JWT)", async () => {
const token = "not-a-jwt-token";
const instanceId = "remote-instance-123";
// Mock token validation (simplified - real implementation would decode JWT)
const mockClaims: OIDCTokenClaims = {
sub: "user-subject-123",
const result = await service.validateToken(token, instanceId);
expect(result.valid).toBe(false);
expect(result.error).toContain("Malformed token");
});
it("should reject token with invalid format (missing parts)", async () => {
const token = "header.payload"; // Missing signature
const instanceId = "remote-instance-123";
const result = await service.validateToken(token, instanceId);
expect(result.valid).toBe(false);
expect(result.error).toContain("Malformed token");
});
it("should reject expired token", async () => {
// Create an expired JWT (exp in the past)
const expiredToken = await createTestJWT({
sub: "user-123",
iss: "https://auth.example.com",
aud: "mosaic-client-id",
exp: Math.floor(Date.now() / 1000) - 3600, // Expired 1 hour ago
iat: Math.floor(Date.now() / 1000) - 7200,
email: "user@example.com",
});
const result = await service.validateToken(expiredToken, "remote-instance-123");
expect(result.valid).toBe(false);
expect(result.error).toContain("expired");
});
it("should reject token with invalid signature", async () => {
// Create a JWT with a different key than what the service will validate
const invalidToken = await createTestJWT(
{
sub: "user-123",
iss: "https://auth.example.com",
aud: "mosaic-client-id",
exp: Math.floor(Date.now() / 1000) + 3600,
iat: Math.floor(Date.now() / 1000),
email: "user@example.com",
},
"wrong-secret-key"
);
const result = await service.validateToken(invalidToken, "remote-instance-123");
expect(result.valid).toBe(false);
expect(result.error).toContain("signature");
});
it("should reject token with wrong issuer", async () => {
const token = await createTestJWT({
sub: "user-123",
iss: "https://wrong-issuer.com", // Wrong issuer
aud: "mosaic-client-id",
exp: Math.floor(Date.now() / 1000) + 3600,
iat: Math.floor(Date.now() / 1000),
email: "user@example.com",
});
const result = await service.validateToken(token, "remote-instance-123");
expect(result.valid).toBe(false);
expect(result.error).toContain("issuer");
});
it("should reject token with wrong audience", async () => {
const token = await createTestJWT({
sub: "user-123",
iss: "https://auth.example.com",
aud: "wrong-audience", // Wrong audience
exp: Math.floor(Date.now() / 1000) + 3600,
iat: Math.floor(Date.now() / 1000),
email: "user@example.com",
});
const result = await service.validateToken(token, "remote-instance-123");
expect(result.valid).toBe(false);
expect(result.error).toContain("audience");
});
it("should validate a valid JWT token with correct signature and claims", async () => {
const validToken = await createTestJWT({
sub: "user-123",
iss: "https://auth.example.com",
aud: "mosaic-client-id",
exp: Math.floor(Date.now() / 1000) + 3600,
iat: Math.floor(Date.now() / 1000),
email: "user@example.com",
email_verified: true,
};
name: "Test User",
});
const expectedResult: FederatedTokenValidation = {
valid: true,
userId: "user-subject-123",
instanceId,
email: "user@example.com",
subject: "user-subject-123",
};
// For now, we'll mock the validation
// Real implementation would use jose or jsonwebtoken to decode and verify
vi.spyOn(service, "validateToken").mockReturnValue(expectedResult);
const result = service.validateToken(token, instanceId);
const result = await service.validateToken(validToken, "remote-instance-123");
expect(result.valid).toBe(true);
expect(result.userId).toBe("user-subject-123");
expect(result.userId).toBe("user-123");
expect(result.subject).toBe("user-123");
expect(result.email).toBe("user@example.com");
expect(result.instanceId).toBe("remote-instance-123");
expect(result.error).toBeUndefined();
});
it("should reject expired token", () => {
const token = "expired-token";
const instanceId = "remote-instance-123";
it("should extract all user info from valid token", async () => {
const validToken = await createTestJWT({
sub: "user-456",
iss: "https://auth.example.com",
aud: "mosaic-client-id",
exp: Math.floor(Date.now() / 1000) + 3600,
iat: Math.floor(Date.now() / 1000),
email: "test@example.com",
email_verified: true,
name: "Test User",
preferred_username: "testuser",
});
const expectedResult: FederatedTokenValidation = {
valid: false,
error: "Token has expired",
};
const result = await service.validateToken(validToken, "remote-instance-123");
vi.spyOn(service, "validateToken").mockReturnValue(expectedResult);
const result = service.validateToken(token, instanceId);
expect(result.valid).toBe(false);
expect(result.error).toBeDefined();
});
it("should reject token with invalid signature", () => {
const token = "invalid-signature-token";
const instanceId = "remote-instance-123";
const expectedResult: FederatedTokenValidation = {
valid: false,
error: "Invalid token signature",
};
vi.spyOn(service, "validateToken").mockReturnValue(expectedResult);
const result = service.validateToken(token, instanceId);
expect(result.valid).toBe(false);
expect(result.error).toBe("Invalid token signature");
});
it("should reject malformed token", () => {
const token = "not-a-jwt";
const instanceId = "remote-instance-123";
const expectedResult: FederatedTokenValidation = {
valid: false,
error: "Malformed token",
};
vi.spyOn(service, "validateToken").mockReturnValue(expectedResult);
const result = service.validateToken(token, instanceId);
expect(result.valid).toBe(false);
expect(result.error).toBe("Malformed token");
expect(result.valid).toBe(true);
expect(result.userId).toBe("user-456");
expect(result.email).toBe("test@example.com");
expect(result.subject).toBe("user-456");
});
});

117
apps/api/src/federation/oidc.service.ts
View File

@@ -9,6 +9,7 @@ import { ConfigService } from "@nestjs/config";
import { PrismaService } from "../prisma/prisma.service";
import type { FederatedIdentity, FederatedTokenValidation } from "./types/oidc.types";
import type { Prisma } from "@prisma/client";
import * as jose from "jose";
@Injectable()
export class OIDCService {
@@ -100,34 +101,112 @@ export class OIDCService {
/**
* Validate an OIDC token from a federated instance
*
* NOTE: This is a simplified implementation for the initial version.
* In production, this should:
* Verifies JWT signature and validates all standard claims.
*
* Current implementation uses a test secret for validation.
* Production implementation should:
* 1. Fetch OIDC discovery metadata from the issuer
* 2. Retrieve and cache JWKS (JSON Web Key Set)
* 3. Verify JWT signature using the public key
* 4. Validate claims (iss, aud, exp, etc.)
* 5. Handle token refresh if needed
*
* For now, we provide the interface and basic structure.
* Full JWT validation will be implemented when needed.
* 3. Verify JWT signature using the public key from JWKS
* 4. Handle key rotation and JWKS refresh
*/
validateToken(_token: string, _instanceId: string): FederatedTokenValidation {
async validateToken(token: string, instanceId: string): Promise<FederatedTokenValidation> {
try {
// TODO: Implement full JWT validation
// For now, this is a placeholder that should be implemented
// when federation OIDC is actively used
// Validate token format
if (!token || typeof token !== "string") {
return {
valid: false,
error: "Malformed token: token must be a non-empty string",
};
}
this.logger.warn("Token validation not fully implemented - returning mock validation");
// Check if token looks like a JWT (three parts separated by dots)
const parts = token.split(".");
if (parts.length !== 3) {
return {
valid: false,
error: "Malformed token: JWT must have three parts (header.payload.signature)",
};
}
// This is a placeholder response
// Real implementation would decode and verify the JWT
return {
valid: false,
error: "Token validation not yet implemented",
// Get validation secret from config (for testing/development)
// In production, this should fetch JWKS from the remote instance
const secret =
this.config.get<string>("OIDC_VALIDATION_SECRET") ?? "test-secret-key-for-jwt-signing";
const secretKey = new TextEncoder().encode(secret);
// Verify and decode JWT
const { payload } = await jose.jwtVerify(token, secretKey, {
issuer: "https://auth.example.com", // TODO: Fetch from remote instance config
audience: "mosaic-client-id", // TODO: Get from config
});
// Extract claims
const sub = payload.sub;
const email = payload.email as string | undefined;
if (!sub) {
return {
valid: false,
error: "Token missing required 'sub' claim",
};
}
// Return validation result
const result: FederatedTokenValidation = {
valid: true,
userId: sub,
subject: sub,
instanceId,
};
// Only include email if present (exactOptionalPropertyTypes compliance)
if (email) {
result.email = email;
}
return result;
} catch (error) {
// Handle specific JWT errors
if (error instanceof jose.errors.JWTExpired) {
return {
valid: false,
error: "Token has expired",
};
}
if (error instanceof jose.errors.JWTClaimValidationFailed) {
const claimError = error.message;
// Check specific claim failures
if (claimError.includes("iss") || claimError.includes("issuer")) {
return {
valid: false,
error: "Invalid token issuer",
};
}
if (claimError.includes("aud") || claimError.includes("audience")) {
return {
valid: false,
error: "Invalid token audience",
};
}
return {
valid: false,
error: `Claim validation failed: ${claimError}`,
};
}
if (error instanceof jose.errors.JWSSignatureVerificationFailed) {
return {
valid: false,
error: "Invalid token signature",
};
}
// Generic error handling
this.logger.error(
`Token validation error: ${error instanceof Error ? error.message : "Unknown error"}`
`Token validation error: ${error instanceof Error ? error.message : "Unknown error"}`,
error instanceof Error ? error.stack : undefined
);
return {

238
apps/api/src/federation/query.controller.spec.ts Normal file
View File

@@ -0,0 +1,238 @@
/**
* Query Controller Tests
*
* Tests for federated query API endpoints.
*/
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { FederationMessageType, FederationMessageStatus } from "@prisma/client";
import { QueryController } from "./query.controller";
import { QueryService } from "./query.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import type { AuthenticatedRequest } from "../common/types/user.types";
import type { SendQueryDto, IncomingQueryDto } from "./dto/query.dto";
describe("QueryController", () => {
let controller: QueryController;
let queryService: QueryService;
const mockQueryService = {
sendQuery: vi.fn(),
handleIncomingQuery: vi.fn(),
getQueryMessages: vi.fn(),
getQueryMessage: vi.fn(),
};
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [QueryController],
providers: [{ provide: QueryService, useValue: mockQueryService }],
})
.overrideGuard(AuthGuard)
.useValue({ canActivate: () => true })
.compile();
controller = module.get<QueryController>(QueryController);
queryService = module.get<QueryService>(QueryService);
vi.clearAllMocks();
});
describe("sendQuery", () => {
it("should send query to remote instance", async () => {
const req = {
user: {
id: "user-1",
workspaceId: "workspace-1",
},
} as AuthenticatedRequest;
const dto: SendQueryDto = {
connectionId: "connection-1",
query: "SELECT * FROM tasks",
context: { userId: "user-1" },
};
const mockResult = {
id: "msg-1",
workspaceId: "workspace-1",
connectionId: "connection-1",
messageType: FederationMessageType.QUERY,
messageId: "unique-msg-1",
query: dto.query,
status: FederationMessageStatus.PENDING,
createdAt: new Date(),
updatedAt: new Date(),
};
mockQueryService.sendQuery.mockResolvedValue(mockResult);
const result = await controller.sendQuery(req, dto);
expect(result).toBeDefined();
expect(result.messageType).toBe(FederationMessageType.QUERY);
expect(mockQueryService.sendQuery).toHaveBeenCalledWith(
"workspace-1",
dto.connectionId,
dto.query,
dto.context
);
});
it("should throw error if user not authenticated", async () => {
const req = {} as AuthenticatedRequest;
const dto: SendQueryDto = {
connectionId: "connection-1",
query: "SELECT * FROM tasks",
};
await expect(controller.sendQuery(req, dto)).rejects.toThrow(
"Workspace ID not found in request"
);
});
});
describe("handleIncomingQuery", () => {
it("should process incoming query", async () => {
const dto: IncomingQueryDto = {
messageId: "msg-1",
instanceId: "remote-instance-1",
query: "SELECT * FROM tasks",
timestamp: Date.now(),
signature: "valid-signature",
};
const mockResponse = {
messageId: "response-1",
correlationId: dto.messageId,
instanceId: "local-instance-1",
success: true,
data: { tasks: [] },
timestamp: Date.now(),
signature: "response-signature",
};
mockQueryService.handleIncomingQuery.mockResolvedValue(mockResponse);
const result = await controller.handleIncomingQuery(dto);
expect(result).toBeDefined();
expect(result.correlationId).toBe(dto.messageId);
expect(mockQueryService.handleIncomingQuery).toHaveBeenCalledWith(dto);
});
it("should return error response for invalid query", async () => {
const dto: IncomingQueryDto = {
messageId: "msg-1",
instanceId: "remote-instance-1",
query: "SELECT * FROM tasks",
timestamp: Date.now(),
signature: "invalid-signature",
};
mockQueryService.handleIncomingQuery.mockRejectedValue(new Error("Invalid signature"));
await expect(controller.handleIncomingQuery(dto)).rejects.toThrow("Invalid signature");
});
});
describe("getQueries", () => {
it("should return query messages for workspace", async () => {
const req = {
user: {
id: "user-1",
workspaceId: "workspace-1",
},
} as AuthenticatedRequest;
const mockMessages = [
{
id: "msg-1",
workspaceId: "workspace-1",
connectionId: "connection-1",
messageType: FederationMessageType.QUERY,
messageId: "unique-msg-1",
query: "SELECT * FROM tasks",
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockQueryService.getQueryMessages.mockResolvedValue(mockMessages);
const result = await controller.getQueries(req, undefined);
expect(result).toHaveLength(1);
expect(mockQueryService.getQueryMessages).toHaveBeenCalledWith("workspace-1", undefined);
});
it("should filter by status when provided", async () => {
const req = {
user: {
id: "user-1",
workspaceId: "workspace-1",
},
} as AuthenticatedRequest;
const status = FederationMessageStatus.PENDING;
mockQueryService.getQueryMessages.mockResolvedValue([]);
await controller.getQueries(req, status);
expect(mockQueryService.getQueryMessages).toHaveBeenCalledWith("workspace-1", status);
});
it("should throw error if user not authenticated", async () => {
const req = {} as AuthenticatedRequest;
await expect(controller.getQueries(req, undefined)).rejects.toThrow(
"Workspace ID not found in request"
);
});
});
describe("getQuery", () => {
it("should return query message by ID", async () => {
const req = {
user: {
id: "user-1",
workspaceId: "workspace-1",
},
} as AuthenticatedRequest;
const messageId = "msg-1";
const mockMessage = {
id: messageId,
workspaceId: "workspace-1",
connectionId: "connection-1",
messageType: FederationMessageType.QUERY,
messageId: "unique-msg-1",
query: "SELECT * FROM tasks",
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
};
mockQueryService.getQueryMessage.mockResolvedValue(mockMessage);
const result = await controller.getQuery(req, messageId);
expect(result).toBeDefined();
expect(result.id).toBe(messageId);
expect(mockQueryService.getQueryMessage).toHaveBeenCalledWith("workspace-1", messageId);
});
it("should throw error if user not authenticated", async () => {
const req = {} as AuthenticatedRequest;
await expect(controller.getQuery(req, "msg-1")).rejects.toThrow(
"Workspace ID not found in request"
);
});
});
});

91
apps/api/src/federation/query.controller.ts Normal file
View File

@@ -0,0 +1,91 @@
/**
* Query Controller
*
* API endpoints for federated query messages.
*/
import { Controller, Post, Get, Body, Param, Query, UseGuards, Req, Logger } from "@nestjs/common";
import { QueryService } from "./query.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { SendQueryDto, IncomingQueryDto } from "./dto/query.dto";
import type { AuthenticatedRequest } from "../common/types/user.types";
import type { QueryMessageDetails, QueryResponse } from "./types/message.types";
import type { FederationMessageStatus } from "@prisma/client";
@Controller("api/v1/federation")
export class QueryController {
private readonly logger = new Logger(QueryController.name);
constructor(private readonly queryService: QueryService) {}
/**
* Send a query to a remote instance
* Requires authentication
*/
@Post("query")
@UseGuards(AuthGuard)
async sendQuery(
@Req() req: AuthenticatedRequest,
@Body() dto: SendQueryDto
): Promise<QueryMessageDetails> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
this.logger.log(
`User ${req.user.id} sending query to connection ${dto.connectionId} in workspace ${req.user.workspaceId}`
);
return this.queryService.sendQuery(
req.user.workspaceId,
dto.connectionId,
dto.query,
dto.context
);
}
/**
* Handle incoming query from remote instance
* Public endpoint - no authentication required (signature-based verification)
*/
@Post("incoming/query")
async handleIncomingQuery(@Body() dto: IncomingQueryDto): Promise<QueryResponse> {
this.logger.log(`Received query from ${dto.instanceId}: ${dto.messageId}`);
return this.queryService.handleIncomingQuery(dto);
}
/**
* Get all query messages for the workspace
* Requires authentication
*/
@Get("queries")
@UseGuards(AuthGuard)
async getQueries(
@Req() req: AuthenticatedRequest,
@Query("status") status?: FederationMessageStatus
): Promise<QueryMessageDetails[]> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
return this.queryService.getQueryMessages(req.user.workspaceId, status);
}
/**
* Get a single query message
* Requires authentication
*/
@Get("queries/:id")
@UseGuards(AuthGuard)
async getQuery(
@Req() req: AuthenticatedRequest,
@Param("id") messageId: string
): Promise<QueryMessageDetails> {
if (!req.user?.workspaceId) {
throw new Error("Workspace ID not found in request");
}
return this.queryService.getQueryMessage(req.user.workspaceId, messageId);
}
}

493
apps/api/src/federation/query.service.spec.ts Normal file
View File

@@ -0,0 +1,493 @@
/**
* Query Service Tests
*
* Tests for federated query message handling.
*/
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { ConfigService } from "@nestjs/config";
import {
FederationConnectionStatus,
FederationMessageType,
FederationMessageStatus,
} from "@prisma/client";
import { QueryService } from "./query.service";
import { PrismaService } from "../prisma/prisma.service";
import { FederationService } from "./federation.service";
import { SignatureService } from "./signature.service";
import { HttpService } from "@nestjs/axios";
import { of, throwError } from "rxjs";
import type { AxiosResponse } from "axios";
describe("QueryService", () => {
let service: QueryService;
let prisma: PrismaService;
let federationService: FederationService;
let signatureService: SignatureService;
let httpService: HttpService;
const mockPrisma = {
federationConnection: {
findUnique: vi.fn(),
findFirst: vi.fn(),
},
federationMessage: {
create: vi.fn(),
findMany: vi.fn(),
findUnique: vi.fn(),
findFirst: vi.fn(),
update: vi.fn(),
},
};
const mockFederationService = {
getInstanceIdentity: vi.fn(),
getPublicIdentity: vi.fn(),
};
const mockSignatureService = {
signMessage: vi.fn(),
verifyMessage: vi.fn(),
validateTimestamp: vi.fn(),
};
const mockHttpService = {
post: vi.fn(),
};
const mockConfig = {
get: vi.fn(),
};
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
QueryService,
{ provide: PrismaService, useValue: mockPrisma },
{ provide: FederationService, useValue: mockFederationService },
{ provide: SignatureService, useValue: mockSignatureService },
{ provide: HttpService, useValue: mockHttpService },
{ provide: ConfigService, useValue: mockConfig },
],
}).compile();
service = module.get<QueryService>(QueryService);
prisma = module.get<PrismaService>(PrismaService);
federationService = module.get<FederationService>(FederationService);
signatureService = module.get<SignatureService>(SignatureService);
httpService = module.get<HttpService>(HttpService);
vi.clearAllMocks();
});
describe("sendQuery", () => {
it("should send query to remote instance with signed message", async () => {
const workspaceId = "workspace-1";
const connectionId = "connection-1";
const query = "SELECT * FROM tasks";
const context = { userId: "user-1" };
const mockConnection = {
id: connectionId,
workspaceId,
remoteInstanceId: "remote-instance-1",
remoteUrl: "https://remote.example.com",
remotePublicKey: "mock-public-key",
status: FederationConnectionStatus.ACTIVE,
};
const mockIdentity = {
id: "identity-1",
instanceId: "local-instance-1",
name: "Local Instance",
url: "https://local.example.com",
publicKey: "local-public-key",
privateKey: "local-private-key",
};
const mockMessage = {
id: "message-1",
workspaceId,
connectionId,
messageType: FederationMessageType.QUERY,
messageId: expect.any(String),
correlationId: null,
query,
response: null,
status: FederationMessageStatus.PENDING,
error: null,
signature: "mock-signature",
createdAt: new Date(),
updatedAt: new Date(),
deliveredAt: null,
};
const mockResponse: AxiosResponse = {
data: { success: true },
status: 200,
statusText: "OK",
headers: {},
config: { headers: {} as never },
};
mockPrisma.federationConnection.findUnique.mockResolvedValue(mockConnection);
mockFederationService.getInstanceIdentity.mockResolvedValue(mockIdentity);
mockSignatureService.signMessage.mockResolvedValue("mock-signature");
mockPrisma.federationMessage.create.mockResolvedValue(mockMessage);
mockHttpService.post.mockReturnValue(of(mockResponse));
const result = await service.sendQuery(workspaceId, connectionId, query, context);
expect(result).toBeDefined();
expect(result.messageType).toBe(FederationMessageType.QUERY);
expect(result.query).toBe(query);
expect(mockPrisma.federationConnection.findUnique).toHaveBeenCalledWith({
where: { id: connectionId, workspaceId },
});
expect(mockPrisma.federationMessage.create).toHaveBeenCalled();
expect(mockHttpService.post).toHaveBeenCalledWith(
`${mockConnection.remoteUrl}/api/v1/federation/incoming/query`,
expect.objectContaining({
messageId: expect.any(String),
instanceId: mockIdentity.instanceId,
query,
context,
timestamp: expect.any(Number),
signature: "mock-signature",
})
);
});
it("should throw error if connection not found", async () => {
mockPrisma.federationConnection.findUnique.mockResolvedValue(null);
await expect(
service.sendQuery("workspace-1", "connection-1", "SELECT * FROM tasks")
).rejects.toThrow("Connection not found");
});
it("should throw error if connection not active", async () => {
const mockConnection = {
id: "connection-1",
workspaceId: "workspace-1",
status: FederationConnectionStatus.PENDING,
};
mockPrisma.federationConnection.findUnique.mockResolvedValue(mockConnection);
await expect(
service.sendQuery("workspace-1", "connection-1", "SELECT * FROM tasks")
).rejects.toThrow("Connection is not active");
});
it("should handle network errors gracefully", async () => {
const mockConnection = {
id: "connection-1",
workspaceId: "workspace-1",
remoteInstanceId: "remote-instance-1",
remoteUrl: "https://remote.example.com",
status: FederationConnectionStatus.ACTIVE,
};
const mockIdentity = {
instanceId: "local-instance-1",
};
mockPrisma.federationConnection.findUnique.mockResolvedValue(mockConnection);
mockFederationService.getInstanceIdentity.mockResolvedValue(mockIdentity);
mockSignatureService.signMessage.mockResolvedValue("mock-signature");
mockPrisma.federationMessage.create.mockResolvedValue({
id: "message-1",
messageId: "msg-1",
});
mockHttpService.post.mockReturnValue(throwError(() => new Error("Network error")));
await expect(
service.sendQuery("workspace-1", "connection-1", "SELECT * FROM tasks")
).rejects.toThrow("Failed to send query");
});
});
describe("handleIncomingQuery", () => {
it("should process valid incoming query", async () => {
const queryMessage = {
messageId: "msg-1",
instanceId: "remote-instance-1",
query: "SELECT * FROM tasks",
context: {},
timestamp: Date.now(),
signature: "valid-signature",
};
const mockConnection = {
id: "connection-1",
workspaceId: "workspace-1",
remoteInstanceId: "remote-instance-1",
status: FederationConnectionStatus.ACTIVE,
};
const mockIdentity = {
instanceId: "local-instance-1",
};
mockPrisma.federationConnection.findFirst.mockResolvedValue(mockConnection);
mockSignatureService.validateTimestamp.mockReturnValue(true);
mockSignatureService.verifyMessage.mockResolvedValue({ valid: true });
mockFederationService.getInstanceIdentity.mockResolvedValue(mockIdentity);
mockSignatureService.signMessage.mockResolvedValue("response-signature");
const result = await service.handleIncomingQuery(queryMessage);
expect(result).toBeDefined();
expect(result.messageId).toBeDefined();
expect(result.correlationId).toBe(queryMessage.messageId);
expect(result.instanceId).toBe(mockIdentity.instanceId);
expect(result.signature).toBe("response-signature");
});
it("should reject query with invalid signature", async () => {
const queryMessage = {
messageId: "msg-1",
instanceId: "remote-instance-1",
query: "SELECT * FROM tasks",
timestamp: Date.now(),
signature: "invalid-signature",
};
const mockConnection = {
id: "connection-1",
workspaceId: "workspace-1",
remoteInstanceId: "remote-instance-1",
status: FederationConnectionStatus.ACTIVE,
};
mockPrisma.federationConnection.findFirst.mockResolvedValue(mockConnection);
mockSignatureService.validateTimestamp.mockReturnValue(true);
mockSignatureService.verifyMessage.mockResolvedValue({
valid: false,
error: "Invalid signature",
});
await expect(service.handleIncomingQuery(queryMessage)).rejects.toThrow("Invalid signature");
});
it("should reject query with expired timestamp", async () => {
const queryMessage = {
messageId: "msg-1",
instanceId: "remote-instance-1",
query: "SELECT * FROM tasks",
timestamp: Date.now() - 10 * 60 * 1000, // 10 minutes ago
signature: "valid-signature",
};
const mockConnection = {
id: "connection-1",
workspaceId: "workspace-1",
remoteInstanceId: "remote-instance-1",
status: FederationConnectionStatus.ACTIVE,
};
mockPrisma.federationConnection.findFirst.mockResolvedValue(mockConnection);
mockSignatureService.validateTimestamp.mockReturnValue(false);
await expect(service.handleIncomingQuery(queryMessage)).rejects.toThrow(
"Query timestamp is outside acceptable range"
);
});
it("should reject query from inactive connection", async () => {
const queryMessage = {
messageId: "msg-1",
instanceId: "remote-instance-1",
query: "SELECT * FROM tasks",
timestamp: Date.now(),
signature: "valid-signature",
};
const mockConnection = {
id: "connection-1",
workspaceId: "workspace-1",
remoteInstanceId: "remote-instance-1",
status: FederationConnectionStatus.PENDING,
};
mockPrisma.federationConnection.findFirst.mockResolvedValue(mockConnection);
mockSignatureService.validateTimestamp.mockReturnValue(true);
await expect(service.handleIncomingQuery(queryMessage)).rejects.toThrow(
"Connection is not active"
);
});
it("should reject query from unknown instance", async () => {
const queryMessage = {
messageId: "msg-1",
instanceId: "unknown-instance",
query: "SELECT * FROM tasks",
timestamp: Date.now(),
signature: "valid-signature",
};
mockPrisma.federationConnection.findFirst.mockResolvedValue(null);
mockSignatureService.validateTimestamp.mockReturnValue(true);
await expect(service.handleIncomingQuery(queryMessage)).rejects.toThrow(
"No connection found for remote instance"
);
});
});
describe("getQueryMessages", () => {
it("should return query messages for workspace", async () => {
const workspaceId = "workspace-1";
const mockMessages = [
{
id: "msg-1",
workspaceId,
connectionId: "connection-1",
messageType: FederationMessageType.QUERY,
messageId: "unique-msg-1",
query: "SELECT * FROM tasks",
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockPrisma.federationMessage.findMany.mockResolvedValue(mockMessages);
const result = await service.getQueryMessages(workspaceId);
expect(result).toHaveLength(1);
expect(result[0].id).toBe("msg-1");
expect(mockPrisma.federationMessage.findMany).toHaveBeenCalledWith({
where: {
workspaceId,
messageType: FederationMessageType.QUERY,
},
orderBy: { createdAt: "desc" },
});
});
it("should filter by status when provided", async () => {
const workspaceId = "workspace-1";
const status = FederationMessageStatus.PENDING;
mockPrisma.federationMessage.findMany.mockResolvedValue([]);
await service.getQueryMessages(workspaceId, status);
expect(mockPrisma.federationMessage.findMany).toHaveBeenCalledWith({
where: {
workspaceId,
messageType: FederationMessageType.QUERY,
status,
},
orderBy: { createdAt: "desc" },
});
});
});
describe("getQueryMessage", () => {
it("should return query message by ID", async () => {
const workspaceId = "workspace-1";
const messageId = "msg-1";
const mockMessage = {
id: "msg-1",
workspaceId,
messageType: FederationMessageType.QUERY,
messageId: "unique-msg-1",
query: "SELECT * FROM tasks",
status: FederationMessageStatus.DELIVERED,
createdAt: new Date(),
updatedAt: new Date(),
};
mockPrisma.federationMessage.findUnique.mockResolvedValue(mockMessage);
const result = await service.getQueryMessage(workspaceId, messageId);
expect(result).toBeDefined();
expect(result.id).toBe(messageId);
expect(mockPrisma.federationMessage.findUnique).toHaveBeenCalledWith({
where: { id: messageId, workspaceId },
});
});
it("should throw error if message not found", async () => {
mockPrisma.federationMessage.findUnique.mockResolvedValue(null);
await expect(service.getQueryMessage("workspace-1", "msg-1")).rejects.toThrow(
"Query message not found"
);
});
});
describe("processQueryResponse", () => {
it("should update message with response", async () => {
const response = {
messageId: "response-1",
correlationId: "original-msg-1",
instanceId: "remote-instance-1",
success: true,
data: { tasks: [] },
timestamp: Date.now(),
signature: "valid-signature",
};
const mockMessage = {
id: "msg-1",
messageId: "original-msg-1",
workspaceId: "workspace-1",
status: FederationMessageStatus.PENDING,
};
mockPrisma.federationMessage.findFirst.mockResolvedValue(mockMessage);
mockSignatureService.validateTimestamp.mockReturnValue(true);
mockSignatureService.verifyMessage.mockResolvedValue({ valid: true });
mockPrisma.federationMessage.update.mockResolvedValue({
...mockMessage,
status: FederationMessageStatus.DELIVERED,
response: response.data,
});
await service.processQueryResponse(response);
expect(mockPrisma.federationMessage.update).toHaveBeenCalledWith({
where: { id: mockMessage.id },
data: {
status: FederationMessageStatus.DELIVERED,
response: response.data,
deliveredAt: expect.any(Date),
},
});
});
it("should reject response with invalid signature", async () => {
const response = {
messageId: "response-1",
correlationId: "original-msg-1",
instanceId: "remote-instance-1",
success: true,
timestamp: Date.now(),
signature: "invalid-signature",
};
const mockMessage = {
id: "msg-1",
messageId: "original-msg-1",
workspaceId: "workspace-1",
};
mockPrisma.federationMessage.findFirst.mockResolvedValue(mockMessage);
mockSignatureService.validateTimestamp.mockReturnValue(true);
mockSignatureService.verifyMessage.mockResolvedValue({
valid: false,
error: "Invalid signature",
});
await expect(service.processQueryResponse(response)).rejects.toThrow("Invalid signature");
});
});
});

360
apps/api/src/federation/query.service.ts Normal file
View File

@@ -0,0 +1,360 @@
/**
* Query Service
*
* Handles federated query messages.
*/
import { Injectable, Logger } from "@nestjs/common";
import { HttpService } from "@nestjs/axios";
import { randomUUID } from "crypto";
import { firstValueFrom } from "rxjs";
import { PrismaService } from "../prisma/prisma.service";
import { FederationService } from "./federation.service";
import { SignatureService } from "./signature.service";
import {
FederationConnectionStatus,
FederationMessageType,
FederationMessageStatus,
} from "@prisma/client";
import type { QueryMessage, QueryResponse, QueryMessageDetails } from "./types/message.types";
@Injectable()
export class QueryService {
private readonly logger = new Logger(QueryService.name);
constructor(
private readonly prisma: PrismaService,
private readonly federationService: FederationService,
private readonly signatureService: SignatureService,
private readonly httpService: HttpService
) {}
/**
* Send a query to a remote instance
*/
async sendQuery(
workspaceId: string,
connectionId: string,
query: string,
context?: Record<string, unknown>
): Promise<QueryMessageDetails> {
// Validate connection exists and is active
const connection = await this.prisma.federationConnection.findUnique({
where: { id: connectionId, workspaceId },
});
if (!connection) {
throw new Error("Connection not found");
}
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Get local instance identity
const identity = await this.federationService.getInstanceIdentity();
// Create query message
const messageId = randomUUID();
const timestamp = Date.now();
const queryPayload: Record<string, unknown> = {
messageId,
instanceId: identity.instanceId,
query,
timestamp,
};
if (context) {
queryPayload.context = context;
}
// Sign the query
const signature = await this.signatureService.signMessage(queryPayload);
const signedQuery = {
messageId,
instanceId: identity.instanceId,
query,
...(context ? { context } : {}),
timestamp,
signature,
} as QueryMessage;
// Store message in database
const message = await this.prisma.federationMessage.create({
data: {
workspaceId,
connectionId,
messageType: FederationMessageType.QUERY,
messageId,
query,
status: FederationMessageStatus.PENDING,
signature,
},
});
// Send query to remote instance
try {
const remoteUrl = `${connection.remoteUrl}/api/v1/federation/incoming/query`;
await firstValueFrom(this.httpService.post(remoteUrl, signedQuery));
this.logger.log(`Query sent to ${connection.remoteUrl}: ${messageId}`);
} catch (error) {
this.logger.error(`Failed to send query to ${connection.remoteUrl}`, error);
// Update message status to failed
await this.prisma.federationMessage.update({
where: { id: message.id },
data: {
status: FederationMessageStatus.FAILED,
error: error instanceof Error ? error.message : "Unknown error",
},
});
throw new Error("Failed to send query");
}
return this.mapToQueryMessageDetails(message);
}
/**
* Handle incoming query from remote instance
*/
async handleIncomingQuery(queryMessage: QueryMessage): Promise<QueryResponse> {
this.logger.log(`Received query from ${queryMessage.instanceId}: ${queryMessage.messageId}`);
// Validate timestamp
if (!this.signatureService.validateTimestamp(queryMessage.timestamp)) {
throw new Error("Query timestamp is outside acceptable range");
}
// Find connection for remote instance
const connection = await this.prisma.federationConnection.findFirst({
where: {
remoteInstanceId: queryMessage.instanceId,
status: FederationConnectionStatus.ACTIVE,
},
});
if (!connection) {
throw new Error("No connection found for remote instance");
}
// Validate connection is active
if (connection.status !== FederationConnectionStatus.ACTIVE) {
throw new Error("Connection is not active");
}
// Verify signature
const { signature, ...messageToVerify } = queryMessage;
const verificationResult = await this.signatureService.verifyMessage(
messageToVerify,
signature,
queryMessage.instanceId
);
if (!verificationResult.valid) {
throw new Error(verificationResult.error ?? "Invalid signature");
}
// Process query (placeholder - would delegate to actual query processor)
let responseData: unknown;
let success = true;
let errorMessage: string | undefined;
try {
// TODO: Implement actual query processing
// For now, return a placeholder response
responseData = { message: "Query received and processed" };
} catch (error) {
success = false;
errorMessage = error instanceof Error ? error.message : "Query processing failed";
this.logger.error(`Query processing failed: ${errorMessage}`);
}
// Get local instance identity
const identity = await this.federationService.getInstanceIdentity();
// Create response
const responseMessageId = randomUUID();
const responseTimestamp = Date.now();
const responsePayload: Record<string, unknown> = {
messageId: responseMessageId,
correlationId: queryMessage.messageId,
instanceId: identity.instanceId,
success,
timestamp: responseTimestamp,
};
if (responseData !== undefined) {
responsePayload.data = responseData;
}
if (errorMessage !== undefined) {
responsePayload.error = errorMessage;
}
// Sign the response
const responseSignature = await this.signatureService.signMessage(responsePayload);
const response = {
messageId: responseMessageId,
correlationId: queryMessage.messageId,
instanceId: identity.instanceId,
success,
...(responseData !== undefined ? { data: responseData } : {}),
...(errorMessage !== undefined ? { error: errorMessage } : {}),
timestamp: responseTimestamp,
signature: responseSignature,
} as QueryResponse;
return response;
}
/**
* Get all query messages for a workspace
*/
async getQueryMessages(
workspaceId: string,
status?: FederationMessageStatus
): Promise<QueryMessageDetails[]> {
const where: Record<string, unknown> = {
workspaceId,
messageType: FederationMessageType.QUERY,
};
if (status) {
where.status = status;
}
const messages = await this.prisma.federationMessage.findMany({
where,
orderBy: { createdAt: "desc" },
});
return messages.map((msg) => this.mapToQueryMessageDetails(msg));
}
/**
* Get a single query message
*/
async getQueryMessage(workspaceId: string, messageId: string): Promise<QueryMessageDetails> {
const message = await this.prisma.federationMessage.findUnique({
where: { id: messageId, workspaceId },
});
if (!message) {
throw new Error("Query message not found");
}
return this.mapToQueryMessageDetails(message);
}
/**
* Process a query response from remote instance
*/
async processQueryResponse(response: QueryResponse): Promise<void> {
this.logger.log(`Received response for query: ${response.correlationId}`);
// Validate timestamp
if (!this.signatureService.validateTimestamp(response.timestamp)) {
throw new Error("Response timestamp is outside acceptable range");
}
// Find original query message
const message = await this.prisma.federationMessage.findFirst({
where: {
messageId: response.correlationId,
messageType: FederationMessageType.QUERY,
},
});
if (!message) {
throw new Error("Original query message not found");
}
// Verify signature
const { signature, ...responseToVerify } = response;
const verificationResult = await this.signatureService.verifyMessage(
responseToVerify,
signature,
response.instanceId
);
if (!verificationResult.valid) {
throw new Error(verificationResult.error ?? "Invalid signature");
}
// Update message with response
const updateData: Record<string, unknown> = {
status: response.success ? FederationMessageStatus.DELIVERED : FederationMessageStatus.FAILED,
deliveredAt: new Date(),
};
if (response.data !== undefined) {
updateData.response = response.data;
}
if (response.error !== undefined) {
updateData.error = response.error;
}
await this.prisma.federationMessage.update({
where: { id: message.id },
data: updateData,
});
this.logger.log(`Query response processed: ${response.correlationId}`);
}
/**
* Map Prisma FederationMessage to QueryMessageDetails
*/
private mapToQueryMessageDetails(message: {
id: string;
workspaceId: string;
connectionId: string;
messageType: FederationMessageType;
messageId: string;
correlationId: string | null;
query: string | null;
response: unknown;
status: FederationMessageStatus;
error: string | null;
createdAt: Date;
updatedAt: Date;
deliveredAt: Date | null;
}): QueryMessageDetails {
const details: QueryMessageDetails = {
id: message.id,
workspaceId: message.workspaceId,
connectionId: message.connectionId,
messageType: message.messageType,
messageId: message.messageId,
response: message.response,
status: message.status,
createdAt: message.createdAt,
updatedAt: message.updatedAt,
};
if (message.correlationId !== null) {
details.correlationId = message.correlationId;
}
if (message.query !== null) {
details.query = message.query;
}
if (message.error !== null) {
details.error = message.error;
}
if (message.deliveredAt !== null) {
details.deliveredAt = message.deliveredAt;
}
return details;
}
}

34
apps/api/src/federation/signature.service.ts
View File

@@ -116,6 +116,40 @@ export class SignatureService {
return this.sign(message, identity.privateKey);
}
/**
* Verify a message signature using a remote instance's public key
* Fetches the public key from the connection record
*/
async verifyMessage(
message: SignableMessage,
signature: string,
remoteInstanceId: string
): Promise<SignatureValidationResult> {
try {
// Fetch remote instance public key from connection record
// For now, we'll fetch from any connection with this instance
// In production, this should be cached or fetched from instance identity endpoint
const connection =
await this.federationService.getConnectionByRemoteInstanceId(remoteInstanceId);
if (!connection) {
return {
valid: false,
error: "Remote instance not connected",
};
}
// Verify signature using remote public key
return this.verify(message, signature, connection.remotePublicKey);
} catch (error) {
this.logger.error("Failed to verify message", error);
return {
valid: false,
error: error instanceof Error ? error.message : "Verification failed",
};
}
}
/**
* Verify a connection request signature
*/

149
apps/api/src/federation/types/federation-agent.types.ts Normal file
View File

@@ -0,0 +1,149 @@
/**
* Federation Agent Command Types
*
* Types for agent spawn commands sent via federation COMMAND messages.
*/
/**
* Agent type options for spawning
*/
export type FederationAgentType = "worker" | "reviewer" | "tester";
/**
* Agent status returned from remote instance
*/
export type FederationAgentStatus = "spawning" | "running" | "completed" | "failed" | "killed";
/**
* Context for agent execution
*/
export interface FederationAgentContext {
/** Git repository URL or path */
repository: string;
/** Git branch to work on */
branch: string;
/** Work items for the agent to complete */
workItems: string[];
/** Optional skills to load */
skills?: string[];
/** Optional instructions */
instructions?: string;
}
/**
* Options for spawning an agent
*/
export interface FederationAgentOptions {
/** Enable Docker sandbox isolation */
sandbox?: boolean;
/** Timeout in milliseconds */
timeout?: number;
/** Maximum retry attempts */
maxRetries?: number;
}
/**
* Payload for agent.spawn command
*/
export interface SpawnAgentCommandPayload {
/** Unique task identifier */
taskId: string;
/** Type of agent to spawn */
agentType: FederationAgentType;
/** Context for task execution */
context: FederationAgentContext;
/** Optional configuration */
options?: FederationAgentOptions;
}
/**
* Payload for agent.status command
*/
export interface AgentStatusCommandPayload {
/** Unique agent identifier */
agentId: string;
}
/**
* Payload for agent.kill command
*/
export interface KillAgentCommandPayload {
/** Unique agent identifier */
agentId: string;
}
/**
* Response data for agent.spawn command
*/
export interface SpawnAgentResponseData {
/** Unique agent identifier */
agentId: string;
/** Current agent status */
status: FederationAgentStatus;
/** Timestamp when agent was spawned */
spawnedAt: string;
}
/**
* Response data for agent.status command
*/
export interface AgentStatusResponseData {
/** Unique agent identifier */
agentId: string;
/** Task identifier */
taskId: string;
/** Current agent status */
status: FederationAgentStatus;
/** Timestamp when agent was spawned */
spawnedAt: string;
/** Timestamp when agent started (if running/completed) */
startedAt?: string;
/** Timestamp when agent completed (if completed/failed/killed) */
completedAt?: string;
/** Error message (if failed) */
error?: string;
/** Agent progress data */
progress?: Record<string, unknown>;
}
/**
* Response data for agent.kill command
*/
export interface KillAgentResponseData {
/** Unique agent identifier */
agentId: string;
/** Status after kill operation */
status: FederationAgentStatus;
/** Timestamp when agent was killed */
killedAt: string;
}
/**
* Details about a federated agent
*/
export interface FederatedAgentDetails {
/** Agent ID */
agentId: string;
/** Task ID */
taskId: string;
/** Remote instance ID where agent is running */
remoteInstanceId: string;
/** Connection ID used to spawn the agent */
connectionId: string;
/** Agent type */
agentType: FederationAgentType;
/** Current status */
status: FederationAgentStatus;
/** Spawn timestamp */
spawnedAt: Date;
/** Start timestamp */
startedAt?: Date;
/** Completion timestamp */
completedAt?: Date;
/** Error message if failed */
error?: string;
/** Context used to spawn agent */
context: FederationAgentContext;
/** Options used to spawn agent */
options?: FederationAgentOptions;
}

141
apps/api/src/federation/types/identity-linking.types.ts Normal file
View File

@@ -0,0 +1,141 @@
/**
* Federation Identity Linking Types
*
* Types for cross-instance user identity verification and resolution.
*/
/**
* Request to verify a user's identity from a remote instance
*/
export interface IdentityVerificationRequest {
/** Local user ID on this instance */
localUserId: string;
/** Remote user ID on the originating instance */
remoteUserId: string;
/** Remote instance federation ID */
remoteInstanceId: string;
/** OIDC token for authentication */
oidcToken: string;
/** Request timestamp (Unix milliseconds) */
timestamp: number;
/** Request signature (signed by remote instance private key) */
signature: string;
}
/**
* Response from identity verification
*/
export interface IdentityVerificationResponse {
/** Whether the identity was verified successfully */
verified: boolean;
/** Local user ID (if verified) */
localUserId?: string;
/** Remote user ID (if verified) */
remoteUserId?: string;
/** Remote instance ID (if verified) */
remoteInstanceId?: string;
/** User's email (if verified) */
email?: string;
/** Error message if verification failed */
error?: string;
}
/**
* Request to resolve a remote user to a local user
*/
export interface IdentityResolutionRequest {
/** Remote instance federation ID */
remoteInstanceId: string;
/** Remote user ID to resolve */
remoteUserId: string;
}
/**
* Response from identity resolution
*/
export interface IdentityResolutionResponse {
/** Whether a mapping was found */
found: boolean;
/** Local user ID (if found) */
localUserId?: string;
/** Remote user ID */
remoteUserId?: string;
/** Remote instance ID */
remoteInstanceId?: string;
/** User's email (if found) */
email?: string;
/** Additional metadata */
metadata?: Record<string, unknown>;
}
/**
* Request to reverse resolve a local user to a remote identity
*/
export interface ReverseIdentityResolutionRequest {
/** Local user ID to resolve */
localUserId: string;
/** Remote instance federation ID */
remoteInstanceId: string;
}
/**
* Request for bulk identity resolution
*/
export interface BulkIdentityResolutionRequest {
/** Remote instance federation ID */
remoteInstanceId: string;
/** Array of remote user IDs to resolve */
remoteUserIds: string[];
}
/**
* Response for bulk identity resolution
*/
export interface BulkIdentityResolutionResponse {
/** Map of remoteUserId -> localUserId */
mappings: Record<string, string>;
/** Remote user IDs that could not be resolved */
notFound: string[];
}
/**
* DTO for creating identity mapping
*/
export interface CreateIdentityMappingDto {
/** Remote instance ID */
remoteInstanceId: string;
/** Remote user ID */
remoteUserId: string;
/** OIDC subject identifier */
oidcSubject: string;
/** User's email */
email: string;
/** Optional metadata */
metadata?: Record<string, unknown>;
/** Optional: OIDC token for validation */
oidcToken?: string;
}
/**
* DTO for updating identity mapping
*/
export interface UpdateIdentityMappingDto {
/** Updated metadata */
metadata?: Record<string, unknown>;
}
/**
* Identity mapping validation result
*/
export interface IdentityMappingValidation {
/** Whether the mapping is valid */
valid: boolean;
/** Local user ID (if valid) */
localUserId?: string;
/** Remote user ID (if valid) */
remoteUserId?: string;
/** Remote instance ID (if valid) */
remoteInstanceId?: string;
/** Error message if invalid */
error?: string;
}

3
apps/api/src/federation/types/index.ts
View File

@@ -7,3 +7,6 @@
export * from "./instance.types";
export * from "./connection.types";
export * from "./oidc.types";
export * from "./identity-linking.types";
export * from "./message.types";
export * from "./federation-agent.types";

247
apps/api/src/federation/types/message.types.ts Normal file
View File

@@ -0,0 +1,247 @@
/**
* Message Protocol Types
*
* Types for federation message protocol (QUERY, COMMAND, EVENT).
*/
import type { FederationMessageType, FederationMessageStatus } from "@prisma/client";
/**
* Query message payload (sent to remote instance)
*/
export interface QueryMessage {
/** Unique message identifier for deduplication */
messageId: string;
/** Sending instance's federation ID */
instanceId: string;
/** Query string to execute */
query: string;
/** Optional context for query execution */
context?: Record<string, unknown>;
/** Request timestamp (Unix milliseconds) */
timestamp: number;
/** RSA signature of the query payload */
signature: string;
}
/**
* Query response payload
*/
export interface QueryResponse {
/** Unique message identifier for this response */
messageId: string;
/** Original query messageId (for correlation) */
correlationId: string;
/** Responding instance's federation ID */
instanceId: string;
/** Whether the query was successful */
success: boolean;
/** Query result data */
data?: unknown;
/** Error message (if success=false) */
error?: string;
/** Response timestamp (Unix milliseconds) */
timestamp: number;
/** RSA signature of the response payload */
signature: string;
}
/**
* Query message details response
*/
export interface QueryMessageDetails {
/** Message ID */
id: string;
/** Workspace ID */
workspaceId: string;
/** Connection ID */
connectionId: string;
/** Message type */
messageType: FederationMessageType;
/** Unique message identifier */
messageId: string;
/** Correlation ID (for responses) */
correlationId?: string;
/** Query string */
query?: string;
/** Response data */
response?: unknown;
/** Message status */
status: FederationMessageStatus;
/** Error message */
error?: string;
/** Creation timestamp */
createdAt: Date;
/** Last update timestamp */
updatedAt: Date;
/** Delivery timestamp */
deliveredAt?: Date;
}
/**
* Command message payload (sent to remote instance)
*/
export interface CommandMessage {
/** Unique message identifier for deduplication */
messageId: string;
/** Sending instance's federation ID */
instanceId: string;
/** Command type to execute */
commandType: string;
/** Command-specific payload */
payload: Record<string, unknown>;
/** Request timestamp (Unix milliseconds) */
timestamp: number;
/** RSA signature of the command payload */
signature: string;
}
/**
* Command response payload
*/
export interface CommandResponse {
/** Unique message identifier for this response */
messageId: string;
/** Original command messageId (for correlation) */
correlationId: string;
/** Responding instance's federation ID */
instanceId: string;
/** Whether the command was successful */
success: boolean;
/** Command result data */
data?: unknown;
/** Error message (if success=false) */
error?: string;
/** Response timestamp (Unix milliseconds) */
timestamp: number;
/** RSA signature of the response payload */
signature: string;
}
/**
* Command message details response
*/
export interface CommandMessageDetails {
/** Message ID */
id: string;
/** Workspace ID */
workspaceId: string;
/** Connection ID */
connectionId: string;
/** Message type */
messageType: FederationMessageType;
/** Unique message identifier */
messageId: string;
/** Correlation ID (for responses) */
correlationId?: string;
/** Command type */
commandType?: string;
/** Command payload */
payload?: Record<string, unknown>;
/** Response data */
response?: unknown;
/** Message status */
status: FederationMessageStatus;
/** Error message */
error?: string;
/** Creation timestamp */
createdAt: Date;
/** Last update timestamp */
updatedAt: Date;
/** Delivery timestamp */
deliveredAt?: Date;
}
/**
* Event message payload (sent to remote instance)
*/
export interface EventMessage {
/** Unique message identifier for deduplication */
messageId: string;
/** Sending instance's federation ID */
instanceId: string;
/** Event type (e.g., "task.created", "user.updated") */
eventType: string;
/** Event-specific payload */
payload: Record<string, unknown>;
/** Request timestamp (Unix milliseconds) */
timestamp: number;
/** RSA signature of the event payload */
signature: string;
}
/**
* Event acknowledgment payload
*/
export interface EventAck {
/** Unique message identifier for this acknowledgment */
messageId: string;
/** Original event messageId (for correlation) */
correlationId: string;
/** Acknowledging instance's federation ID */
instanceId: string;
/** Whether the event was received successfully */
received: boolean;
/** Error message (if received=false) */
error?: string;
/** Acknowledgment timestamp (Unix milliseconds) */
timestamp: number;
/** RSA signature of the acknowledgment payload */
signature: string;
}
/**
* Event message details response
*/
export interface EventMessageDetails {
/** Message ID */
id: string;
/** Workspace ID */
workspaceId: string;
/** Connection ID */
connectionId: string;
/** Message type */
messageType: FederationMessageType;
/** Unique message identifier */
messageId: string;
/** Correlation ID (for acknowledgments) */
correlationId?: string;
/** Event type */
eventType?: string;
/** Event payload */
payload?: Record<string, unknown>;
/** Response data */
response?: unknown;
/** Message status */
status: FederationMessageStatus;
/** Error message */
error?: string;
/** Creation timestamp */
createdAt: Date;
/** Last update timestamp */
updatedAt: Date;
/** Delivery timestamp */
deliveredAt?: Date;
}
/**
* Event subscription details
*/
export interface SubscriptionDetails {
/** Subscription ID */
id: string;
/** Workspace ID */
workspaceId: string;
/** Connection ID */
connectionId: string;
/** Event type subscribed to */
eventType: string;
/** Additional metadata */
metadata: Record<string, unknown>;
/** Whether subscription is active */
isActive: boolean;
/** Creation timestamp */
createdAt: Date;
/** Last update timestamp */
updatedAt: Date;
}

8
apps/api/src/herald/herald.service.spec.ts
View File

@@ -375,9 +375,7 @@ describe("HeraldService", () => {
mockDiscord.sendThreadMessage.mockRejectedValue(discordError);
// Act & Assert
await expect(service.broadcastJobEvent(jobId, event)).rejects.toThrow(
"Rate limit exceeded"
);
await expect(service.broadcastJobEvent(jobId, event)).rejects.toThrow("Rate limit exceeded");
});
it("should propagate errors when fetching job events fails", async () => {
@@ -405,9 +403,7 @@ describe("HeraldService", () => {
mockDiscord.isConnected.mockReturnValue(true);
// Act & Assert
await expect(service.broadcastJobEvent(jobId, event)).rejects.toThrow(
"Query timeout"
);
await expect(service.broadcastJobEvent(jobId, event)).rejects.toThrow("Query timeout");
});
it("should include job context in error messages", async () => {

6
apps/api/src/knowledge/graph.controller.spec.ts
View File

@@ -146,9 +146,9 @@ describe("KnowledgeGraphController", () => {
it("should throw error if entry not found", async () => {
mockGraphService.getEntryGraphBySlug.mockRejectedValue(new Error("Entry not found"));
await expect(
controller.getEntryGraph("workspace-1", "non-existent", {})
).rejects.toThrow("Entry not found");
await expect(controller.getEntryGraph("workspace-1", "non-existent", {})).rejects.toThrow(
"Entry not found"
);
});
});
});

192
apps/api/src/knowledge/services/cache.service.spec.ts
View File

@@ -1,17 +1,17 @@
import { describe, it, expect, beforeEach, afterEach } from 'vitest';
import { Test, TestingModule } from '@nestjs/testing';
import { KnowledgeCacheService } from './cache.service';
import { describe, it, expect, beforeEach, afterEach } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { KnowledgeCacheService } from "./cache.service";
// Integration tests - require running Valkey instance
// Skip in unit test runs, enable with: INTEGRATION_TESTS=true pnpm test
describe.skipIf(!process.env.INTEGRATION_TESTS)('KnowledgeCacheService', () => {
describe.skipIf(!process.env.INTEGRATION_TESTS)("KnowledgeCacheService", () => {
let service: KnowledgeCacheService;
beforeEach(async () => {
// Set environment variables for testing
process.env.KNOWLEDGE_CACHE_ENABLED = 'true';
process.env.KNOWLEDGE_CACHE_TTL = '300';
process.env.VALKEY_URL = 'redis://localhost:6379';
process.env.KNOWLEDGE_CACHE_ENABLED = "true";
process.env.KNOWLEDGE_CACHE_TTL = "300";
process.env.VALKEY_URL = "redis://localhost:6379";
const module: TestingModule = await Test.createTestingModule({
providers: [KnowledgeCacheService],
@@ -27,35 +27,35 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)('KnowledgeCacheService', () => {
}
});
describe('Cache Enabled/Disabled', () => {
it('should be enabled by default', () => {
describe("Cache Enabled/Disabled", () => {
it("should be enabled by default", () => {
expect(service.isEnabled()).toBe(true);
});
it('should be disabled when KNOWLEDGE_CACHE_ENABLED=false', async () => {
process.env.KNOWLEDGE_CACHE_ENABLED = 'false';
it("should be disabled when KNOWLEDGE_CACHE_ENABLED=false", async () => {
process.env.KNOWLEDGE_CACHE_ENABLED = "false";
const module = await Test.createTestingModule({
providers: [KnowledgeCacheService],
}).compile();
const disabledService = module.get<KnowledgeCacheService>(KnowledgeCacheService);
expect(disabledService.isEnabled()).toBe(false);
});
});
describe('Entry Caching', () => {
const workspaceId = 'test-workspace-id';
const slug = 'test-entry';
describe("Entry Caching", () => {
const workspaceId = "test-workspace-id";
const slug = "test-entry";
const entryData = {
id: 'entry-id',
id: "entry-id",
workspaceId,
slug,
title: 'Test Entry',
content: 'Test content',
title: "Test Entry",
content: "Test content",
tags: [],
};
it('should return null on cache miss', async () => {
it("should return null on cache miss", async () => {
if (!service.isEnabled()) {
return; // Skip if cache is disabled
}
@@ -65,206 +65,206 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)('KnowledgeCacheService', () => {
expect(result).toBeNull();
});
it('should cache and retrieve entry data', async () => {
it("should cache and retrieve entry data", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
// Set cache
await service.setEntry(workspaceId, slug, entryData);
// Get from cache
const result = await service.getEntry(workspaceId, slug);
expect(result).toEqual(entryData);
});
it('should invalidate entry cache', async () => {
it("should invalidate entry cache", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
// Set cache
await service.setEntry(workspaceId, slug, entryData);
// Verify it's cached
let result = await service.getEntry(workspaceId, slug);
expect(result).toEqual(entryData);
// Invalidate
await service.invalidateEntry(workspaceId, slug);
// Verify it's gone
result = await service.getEntry(workspaceId, slug);
expect(result).toBeNull();
});
});
describe('Search Caching', () => {
const workspaceId = 'test-workspace-id';
const query = 'test search';
const filters = { status: 'PUBLISHED', page: 1, limit: 20 };
describe("Search Caching", () => {
const workspaceId = "test-workspace-id";
const query = "test search";
const filters = { status: "PUBLISHED", page: 1, limit: 20 };
const searchResults = {
data: [],
pagination: { page: 1, limit: 20, total: 0, totalPages: 0 },
query,
};
it('should cache and retrieve search results', async () => {
it("should cache and retrieve search results", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
// Set cache
await service.setSearch(workspaceId, query, filters, searchResults);
// Get from cache
const result = await service.getSearch(workspaceId, query, filters);
expect(result).toEqual(searchResults);
});
it('should differentiate search results by filters', async () => {
it("should differentiate search results by filters", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
const filters1 = { page: 1, limit: 20 };
const filters2 = { page: 2, limit: 20 };
const results1 = { ...searchResults, pagination: { ...searchResults.pagination, page: 1 } };
const results2 = { ...searchResults, pagination: { ...searchResults.pagination, page: 2 } };
await service.setSearch(workspaceId, query, filters1, results1);
await service.setSearch(workspaceId, query, filters2, results2);
const result1 = await service.getSearch(workspaceId, query, filters1);
const result2 = await service.getSearch(workspaceId, query, filters2);
expect(result1.pagination.page).toBe(1);
expect(result2.pagination.page).toBe(2);
});
it('should invalidate all search caches for workspace', async () => {
it("should invalidate all search caches for workspace", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
// Set multiple search caches
await service.setSearch(workspaceId, 'query1', {}, searchResults);
await service.setSearch(workspaceId, 'query2', {}, searchResults);
await service.setSearch(workspaceId, "query1", {}, searchResults);
await service.setSearch(workspaceId, "query2", {}, searchResults);
// Invalidate all
await service.invalidateSearches(workspaceId);
// Verify both are gone
const result1 = await service.getSearch(workspaceId, 'query1', {});
const result2 = await service.getSearch(workspaceId, 'query2', {});
const result1 = await service.getSearch(workspaceId, "query1", {});
const result2 = await service.getSearch(workspaceId, "query2", {});
expect(result1).toBeNull();
expect(result2).toBeNull();
});
});
describe('Graph Caching', () => {
const workspaceId = 'test-workspace-id';
const entryId = 'entry-id';
describe("Graph Caching", () => {
const workspaceId = "test-workspace-id";
const entryId = "entry-id";
const maxDepth = 2;
const graphData = {
centerNode: { id: entryId, slug: 'test', title: 'Test', tags: [], depth: 0 },
centerNode: { id: entryId, slug: "test", title: "Test", tags: [], depth: 0 },
nodes: [],
edges: [],
stats: { totalNodes: 1, totalEdges: 0, maxDepth },
};
it('should cache and retrieve graph data', async () => {
it("should cache and retrieve graph data", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
// Set cache
await service.setGraph(workspaceId, entryId, maxDepth, graphData);
// Get from cache
const result = await service.getGraph(workspaceId, entryId, maxDepth);
expect(result).toEqual(graphData);
});
it('should differentiate graphs by maxDepth', async () => {
it("should differentiate graphs by maxDepth", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
const graph1 = { ...graphData, stats: { ...graphData.stats, maxDepth: 1 } };
const graph2 = { ...graphData, stats: { ...graphData.stats, maxDepth: 2 } };
await service.setGraph(workspaceId, entryId, 1, graph1);
await service.setGraph(workspaceId, entryId, 2, graph2);
const result1 = await service.getGraph(workspaceId, entryId, 1);
const result2 = await service.getGraph(workspaceId, entryId, 2);
expect(result1.stats.maxDepth).toBe(1);
expect(result2.stats.maxDepth).toBe(2);
});
it('should invalidate all graph caches for workspace', async () => {
it("should invalidate all graph caches for workspace", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
// Set cache
await service.setGraph(workspaceId, entryId, maxDepth, graphData);
// Invalidate
await service.invalidateGraphs(workspaceId);
// Verify it's gone
const result = await service.getGraph(workspaceId, entryId, maxDepth);
expect(result).toBeNull();
});
});
describe('Cache Statistics', () => {
it('should track hits and misses', async () => {
describe("Cache Statistics", () => {
it("should track hits and misses", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
const workspaceId = 'test-workspace-id';
const slug = 'test-entry';
const entryData = { id: '1', slug, title: 'Test' };
const workspaceId = "test-workspace-id";
const slug = "test-entry";
const entryData = { id: "1", slug, title: "Test" };
// Reset stats
service.resetStats();
// Miss
await service.getEntry(workspaceId, slug);
let stats = service.getStats();
expect(stats.misses).toBe(1);
expect(stats.hits).toBe(0);
// Set
await service.setEntry(workspaceId, slug, entryData);
stats = service.getStats();
expect(stats.sets).toBe(1);
// Hit
await service.getEntry(workspaceId, slug);
stats = service.getStats();
@@ -272,21 +272,21 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)('KnowledgeCacheService', () => {
expect(stats.hitRate).toBeCloseTo(0.5); // 1 hit, 1 miss = 50%
});
it('should reset statistics', async () => {
it("should reset statistics", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
const workspaceId = 'test-workspace-id';
const slug = 'test-entry';
const workspaceId = "test-workspace-id";
const slug = "test-entry";
await service.getEntry(workspaceId, slug); // miss
service.resetStats();
const stats = service.getStats();
expect(stats.hits).toBe(0);
expect(stats.misses).toBe(0);
expect(stats.sets).toBe(0);
@@ -295,29 +295,29 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)('KnowledgeCacheService', () => {
});
});
describe('Clear Workspace Cache', () => {
it('should clear all caches for a workspace', async () => {
describe("Clear Workspace Cache", () => {
it("should clear all caches for a workspace", async () => {
if (!service.isEnabled()) {
return;
}
await service.onModuleInit();
const workspaceId = 'test-workspace-id';
const workspaceId = "test-workspace-id";
// Set various caches
await service.setEntry(workspaceId, 'entry1', { id: '1' });
await service.setSearch(workspaceId, 'query', {}, { data: [] });
await service.setGraph(workspaceId, 'entry-id', 1, { nodes: [] });
await service.setEntry(workspaceId, "entry1", { id: "1" });
await service.setSearch(workspaceId, "query", {}, { data: [] });
await service.setGraph(workspaceId, "entry-id", 1, { nodes: [] });
// Clear all
await service.clearWorkspaceCache(workspaceId);
// Verify all are gone
const entry = await service.getEntry(workspaceId, 'entry1');
const search = await service.getSearch(workspaceId, 'query', {});
const graph = await service.getGraph(workspaceId, 'entry-id', 1);
const entry = await service.getEntry(workspaceId, "entry1");
const search = await service.getSearch(workspaceId, "query", {});
const graph = await service.getGraph(workspaceId, "entry-id", 1);
expect(entry).toBeNull();
expect(search).toBeNull();
expect(graph).toBeNull();

8
apps/api/src/knowledge/services/graph.service.spec.ts
View File

@@ -271,9 +271,7 @@ describe("GraphService", () => {
});
it("should filter by status", async () => {
const entries = [
{ ...mockEntry, id: "entry-1", status: "PUBLISHED", tags: [] },
];
const entries = [{ ...mockEntry, id: "entry-1", status: "PUBLISHED", tags: [] }];
mockPrismaService.knowledgeEntry.findMany.mockResolvedValue(entries);
mockPrismaService.knowledgeLink.findMany.mockResolvedValue([]);
@@ -351,9 +349,7 @@ describe("GraphService", () => {
{ id: "entry-1", slug: "entry-1", title: "Entry 1", link_count: "5" },
{ id: "entry-2", slug: "entry-2", title: "Entry 2", link_count: "3" },
]);
mockPrismaService.knowledgeEntry.findMany.mockResolvedValue([
{ id: "orphan-1" },
]);
mockPrismaService.knowledgeEntry.findMany.mockResolvedValue([{ id: "orphan-1" }]);
const result = await service.getGraphStats("workspace-1");

21
apps/api/src/knowledge/services/import-export.service.spec.ts
View File

@@ -170,9 +170,9 @@ This is the content of the entry.`;
path: "",
};
await expect(
service.importEntries(workspaceId, userId, file)
).rejects.toThrow(BadRequestException);
await expect(service.importEntries(workspaceId, userId, file)).rejects.toThrow(
BadRequestException
);
});
it("should handle import errors gracefully", async () => {
@@ -195,9 +195,7 @@ Content`;
path: "",
};
mockKnowledgeService.create.mockRejectedValue(
new Error("Database error")
);
mockKnowledgeService.create.mockRejectedValue(new Error("Database error"));
const result = await service.importEntries(workspaceId, userId, file);
@@ -240,10 +238,7 @@ title: Empty Entry
it("should export entries as markdown format", async () => {
mockPrismaService.knowledgeEntry.findMany.mockResolvedValue([mockEntry]);
const result = await service.exportEntries(
workspaceId,
ExportFormat.MARKDOWN
);
const result = await service.exportEntries(workspaceId, ExportFormat.MARKDOWN);
expect(result.filename).toMatch(/knowledge-export-\d{4}-\d{2}-\d{2}\.zip/);
expect(result.stream).toBeDefined();
@@ -289,9 +284,9 @@ title: Empty Entry
it("should throw error when no entries found", async () => {
mockPrismaService.knowledgeEntry.findMany.mockResolvedValue([]);
await expect(
service.exportEntries(workspaceId, ExportFormat.MARKDOWN)
).rejects.toThrow(BadRequestException);
await expect(service.exportEntries(workspaceId, ExportFormat.MARKDOWN)).rejects.toThrow(
BadRequestException
);
});
});
});

151
apps/api/src/knowledge/services/link-resolution.service.spec.ts
View File

@@ -88,27 +88,20 @@ describe("LinkResolutionService", () => {
describe("resolveLink", () => {
describe("Exact title match", () => {
it("should resolve link by exact title match", async () => {
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(
mockEntries[0]
);
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(mockEntries[0]);
const result = await service.resolveLink(
workspaceId,
"TypeScript Guide"
);
const result = await service.resolveLink(workspaceId, "TypeScript Guide");
expect(result).toBe("entry-1");
expect(mockPrismaService.knowledgeEntry.findFirst).toHaveBeenCalledWith(
{
where: {
workspaceId,
title: "TypeScript Guide",
},
select: {
id: true,
},
}
);
expect(mockPrismaService.knowledgeEntry.findFirst).toHaveBeenCalledWith({
where: {
workspaceId,
title: "TypeScript Guide",
},
select: {
id: true,
},
});
});
it("should be case-sensitive for exact title match", async () => {
@@ -116,10 +109,7 @@ describe("LinkResolutionService", () => {
mockPrismaService.knowledgeEntry.findUnique.mockResolvedValueOnce(null);
mockPrismaService.knowledgeEntry.findMany.mockResolvedValueOnce([]);
const result = await service.resolveLink(
workspaceId,
"typescript guide"
);
const result = await service.resolveLink(workspaceId, "typescript guide");
expect(result).toBeNull();
});
@@ -128,41 +118,29 @@ describe("LinkResolutionService", () => {
describe("Slug match", () => {
it("should resolve link by slug", async () => {
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(null);
mockPrismaService.knowledgeEntry.findUnique.mockResolvedValueOnce(
mockEntries[0]
);
mockPrismaService.knowledgeEntry.findUnique.mockResolvedValueOnce(mockEntries[0]);
const result = await service.resolveLink(
workspaceId,
"typescript-guide"
);
const result = await service.resolveLink(workspaceId, "typescript-guide");
expect(result).toBe("entry-1");
expect(mockPrismaService.knowledgeEntry.findUnique).toHaveBeenCalledWith(
{
where: {
workspaceId_slug: {
workspaceId,
slug: "typescript-guide",
},
expect(mockPrismaService.knowledgeEntry.findUnique).toHaveBeenCalledWith({
where: {
workspaceId_slug: {
workspaceId,
slug: "typescript-guide",
},
select: {
id: true,
},
}
);
},
select: {
id: true,
},
});
});
it("should prioritize exact title match over slug match", async () => {
// If exact title matches, slug should not be checked
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(
mockEntries[0]
);
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(mockEntries[0]);
const result = await service.resolveLink(
workspaceId,
"TypeScript Guide"
);
const result = await service.resolveLink(workspaceId, "TypeScript Guide");
expect(result).toBe("entry-1");
expect(mockPrismaService.knowledgeEntry.findUnique).not.toHaveBeenCalled();
@@ -173,14 +151,9 @@ describe("LinkResolutionService", () => {
it("should resolve link by case-insensitive fuzzy match", async () => {
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(null);
mockPrismaService.knowledgeEntry.findUnique.mockResolvedValueOnce(null);
mockPrismaService.knowledgeEntry.findMany.mockResolvedValueOnce([
mockEntries[0],
]);
mockPrismaService.knowledgeEntry.findMany.mockResolvedValueOnce([mockEntries[0]]);
const result = await service.resolveLink(
workspaceId,
"typescript guide"
);
const result = await service.resolveLink(workspaceId, "typescript guide");
expect(result).toBe("entry-1");
expect(mockPrismaService.knowledgeEntry.findMany).toHaveBeenCalledWith({
@@ -216,10 +189,7 @@ describe("LinkResolutionService", () => {
mockPrismaService.knowledgeEntry.findUnique.mockResolvedValueOnce(null);
mockPrismaService.knowledgeEntry.findMany.mockResolvedValueOnce([]);
const result = await service.resolveLink(
workspaceId,
"Non-existent Entry"
);
const result = await service.resolveLink(workspaceId, "Non-existent Entry");
expect(result).toBeNull();
});
@@ -266,14 +236,9 @@ describe("LinkResolutionService", () => {
});
it("should trim whitespace from target before resolving", async () => {
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(
mockEntries[0]
);
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(mockEntries[0]);
const result = await service.resolveLink(
workspaceId,
" TypeScript Guide "
);
const result = await service.resolveLink(workspaceId, " TypeScript Guide ");
expect(result).toBe("entry-1");
expect(mockPrismaService.knowledgeEntry.findFirst).toHaveBeenCalledWith(
@@ -291,23 +256,19 @@ describe("LinkResolutionService", () => {
it("should resolve multiple links in batch", async () => {
// First link: "TypeScript Guide" -> exact title match
// Second link: "react-hooks" -> slug match
mockPrismaService.knowledgeEntry.findFirst.mockImplementation(
async ({ where }: any) => {
if (where.title === "TypeScript Guide") {
return mockEntries[0];
}
return null;
mockPrismaService.knowledgeEntry.findFirst.mockImplementation(async ({ where }: any) => {
if (where.title === "TypeScript Guide") {
return mockEntries[0];
}
);
return null;
});
mockPrismaService.knowledgeEntry.findUnique.mockImplementation(
async ({ where }: any) => {
if (where.workspaceId_slug?.slug === "react-hooks") {
return mockEntries[1];
}
return null;
mockPrismaService.knowledgeEntry.findUnique.mockImplementation(async ({ where }: any) => {
if (where.workspaceId_slug?.slug === "react-hooks") {
return mockEntries[1];
}
);
return null;
});
mockPrismaService.knowledgeEntry.findMany.mockResolvedValue([]);
@@ -344,9 +305,7 @@ describe("LinkResolutionService", () => {
});
it("should deduplicate targets", async () => {
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(
mockEntries[0]
);
mockPrismaService.knowledgeEntry.findFirst.mockResolvedValueOnce(mockEntries[0]);
const result = await service.resolveLinks(workspaceId, [
"TypeScript Guide",
@@ -357,9 +316,7 @@ describe("LinkResolutionService", () => {
"TypeScript Guide": "entry-1",
});
// Should only be called once for the deduplicated target
expect(mockPrismaService.knowledgeEntry.findFirst).toHaveBeenCalledTimes(
1
);
expect(mockPrismaService.knowledgeEntry.findFirst).toHaveBeenCalledTimes(1);
});
});
@@ -370,10 +327,7 @@ describe("LinkResolutionService", () => {
{ id: "entry-3", title: "React Hooks Advanced" },
]);
const result = await service.getAmbiguousMatches(
workspaceId,
"react hooks"
);
const result = await service.getAmbiguousMatches(workspaceId, "react hooks");
expect(result).toHaveLength(2);
expect(result).toEqual([
@@ -385,10 +339,7 @@ describe("LinkResolutionService", () => {
it("should return empty array when no matches found", async () => {
mockPrismaService.knowledgeEntry.findMany.mockResolvedValueOnce([]);
const result = await service.getAmbiguousMatches(
workspaceId,
"Non-existent"
);
const result = await service.getAmbiguousMatches(workspaceId, "Non-existent");
expect(result).toEqual([]);
});
@@ -398,10 +349,7 @@ describe("LinkResolutionService", () => {
{ id: "entry-1", title: "TypeScript Guide" },
]);
const result = await service.getAmbiguousMatches(
workspaceId,
"typescript guide"
);
const result = await service.getAmbiguousMatches(workspaceId, "typescript guide");
expect(result).toHaveLength(1);
});
@@ -409,8 +357,7 @@ describe("LinkResolutionService", () => {
describe("resolveLinksFromContent", () => {
it("should parse and resolve wiki links from content", async () => {
const content =
"Check out [[TypeScript Guide]] and [[React Hooks]] for more info.";
const content = "Check out [[TypeScript Guide]] and [[React Hooks]] for more info.";
// Mock resolveLink for each target
mockPrismaService.knowledgeEntry.findFirst
@@ -522,9 +469,7 @@ describe("LinkResolutionService", () => {
},
];
mockPrismaService.knowledgeLink.findMany.mockResolvedValueOnce(
mockBacklinks
);
mockPrismaService.knowledgeLink.findMany.mockResolvedValueOnce(mockBacklinks);
const result = await service.getBacklinks(targetEntryId);

45
apps/api/src/knowledge/services/semantic-search.integration.spec.ts
View File

@@ -26,7 +26,7 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
// Initialize services
prisma = new PrismaClient();
const prismaService = prisma as unknown as PrismaService;
// Mock cache service for testing
cacheService = {
getSearch: async () => null,
@@ -37,11 +37,7 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
} as unknown as KnowledgeCacheService;
embeddingService = new EmbeddingService(prismaService);
searchService = new SearchService(
prismaService,
cacheService,
embeddingService
);
searchService = new SearchService(prismaService, cacheService, embeddingService);
// Create test workspace and user
const workspace = await prisma.workspace.create({
@@ -84,10 +80,7 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
const title = "Introduction to PostgreSQL";
const content = "PostgreSQL is a powerful open-source database.";
const prepared = embeddingService.prepareContentForEmbedding(
title,
content
);
const prepared = embeddingService.prepareContentForEmbedding(title, content);
// Title should appear twice for weighting
expect(prepared).toContain(title);
@@ -122,10 +115,7 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
it("should skip semantic search if OpenAI not configured", async () => {
if (!embeddingService.isConfigured()) {
await expect(
searchService.semanticSearch(
"database performance",
testWorkspaceId
)
searchService.semanticSearch("database performance", testWorkspaceId)
).rejects.toThrow();
} else {
// If configured, this is expected to work (tested below)
@@ -156,10 +146,7 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
entry.title,
entry.content
);
await embeddingService.generateAndStoreEmbedding(
created.id,
preparedContent
);
await embeddingService.generateAndStoreEmbedding(created.id, preparedContent);
}
// Wait a bit for embeddings to be stored
@@ -175,9 +162,7 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
expect(results.data.length).toBeGreaterThan(0);
// PostgreSQL entry should rank high for "relational database"
const postgresEntry = results.data.find(
(r) => r.slug === "postgresql-intro"
);
const postgresEntry = results.data.find((r) => r.slug === "postgresql-intro");
expect(postgresEntry).toBeDefined();
expect(postgresEntry!.rank).toBeGreaterThan(0);
},
@@ -187,18 +172,13 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
it.skipIf(!process.env["OPENAI_API_KEY"])(
"should perform hybrid search combining vector and keyword",
async () => {
const results = await searchService.hybridSearch(
"indexing",
testWorkspaceId
);
const results = await searchService.hybridSearch("indexing", testWorkspaceId);
// Should return results
expect(results.data.length).toBeGreaterThan(0);
// Should find the indexing entry
const indexingEntry = results.data.find(
(r) => r.slug === "database-indexing"
);
const indexingEntry = results.data.find((r) => r.slug === "database-indexing");
expect(indexingEntry).toBeDefined();
},
30000
@@ -230,15 +210,10 @@ describe.skipIf(!process.env.INTEGRATION_TESTS)("Semantic Search Integration", (
// Batch generate embeddings
const entriesForEmbedding = entries.map((e) => ({
id: e.id,
content: embeddingService.prepareContentForEmbedding(
e.title,
e.content
),
content: embeddingService.prepareContentForEmbedding(e.title, e.content),
}));
const successCount = await embeddingService.batchGenerateEmbeddings(
entriesForEmbedding
);
const successCount = await embeddingService.batchGenerateEmbeddings(entriesForEmbedding);
expect(successCount).toBe(3);

32
apps/api/src/knowledge/tags.controller.spec.ts
View File

@@ -48,10 +48,7 @@ describe("TagsController", () => {
const result = await controller.create(createDto, workspaceId);
expect(result).toEqual(mockTag);
expect(mockTagsService.create).toHaveBeenCalledWith(
workspaceId,
createDto
);
expect(mockTagsService.create).toHaveBeenCalledWith(workspaceId, createDto);
});
it("should pass undefined workspaceId to service (validation handled by guards)", async () => {
@@ -108,10 +105,7 @@ describe("TagsController", () => {
const result = await controller.findOne("architecture", workspaceId);
expect(result).toEqual(mockTagWithCount);
expect(mockTagsService.findOne).toHaveBeenCalledWith(
"architecture",
workspaceId
);
expect(mockTagsService.findOne).toHaveBeenCalledWith("architecture", workspaceId);
});
it("should pass undefined workspaceId to service (validation handled by guards)", async () => {
@@ -138,18 +132,10 @@ describe("TagsController", () => {
mockTagsService.update.mockResolvedValue(updatedTag);
const result = await controller.update(
"architecture",
updateDto,
workspaceId
);
const result = await controller.update("architecture", updateDto, workspaceId);
expect(result).toEqual(updatedTag);
expect(mockTagsService.update).toHaveBeenCalledWith(
"architecture",
workspaceId,
updateDto
);
expect(mockTagsService.update).toHaveBeenCalledWith("architecture", workspaceId, updateDto);
});
it("should pass undefined workspaceId to service (validation handled by guards)", async () => {
@@ -171,10 +157,7 @@ describe("TagsController", () => {
await controller.remove("architecture", workspaceId);
expect(mockTagsService.remove).toHaveBeenCalledWith(
"architecture",
workspaceId
);
expect(mockTagsService.remove).toHaveBeenCalledWith("architecture", workspaceId);
});
it("should pass undefined workspaceId to service (validation handled by guards)", async () => {
@@ -206,10 +189,7 @@ describe("TagsController", () => {
const result = await controller.getEntries("architecture", workspaceId);
expect(result).toEqual(mockEntries);
expect(mockTagsService.getEntriesWithTag).toHaveBeenCalledWith(
"architecture",
workspaceId
);
expect(mockTagsService.getEntriesWithTag).toHaveBeenCalledWith("architecture", workspaceId);
});
it("should pass undefined workspaceId to service (validation handled by guards)", async () => {

54
apps/api/src/knowledge/tags.service.spec.ts
View File

@@ -2,11 +2,7 @@ import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { TagsService } from "./tags.service";
import { PrismaService } from "../prisma/prisma.service";
import {
NotFoundException,
ConflictException,
BadRequestException,
} from "@nestjs/common";
import { NotFoundException, ConflictException, BadRequestException } from "@nestjs/common";
import type { CreateTagDto, UpdateTagDto } from "./dto";
describe("TagsService", () => {
@@ -113,9 +109,7 @@ describe("TagsService", () => {
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(mockTag);
await expect(service.create(workspaceId, createDto)).rejects.toThrow(
ConflictException
);
await expect(service.create(workspaceId, createDto)).rejects.toThrow(ConflictException);
});
it("should throw BadRequestException for invalid slug format", async () => {
@@ -124,9 +118,7 @@ describe("TagsService", () => {
slug: "Invalid_Slug!",
};
await expect(service.create(workspaceId, createDto)).rejects.toThrow(
BadRequestException
);
await expect(service.create(workspaceId, createDto)).rejects.toThrow(BadRequestException);
});
it("should generate slug from name with spaces and special chars", async () => {
@@ -135,12 +127,10 @@ describe("TagsService", () => {
};
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(null);
mockPrismaService.knowledgeTag.create.mockImplementation(
async ({ data }: any) => ({
...mockTag,
slug: data.slug,
})
);
mockPrismaService.knowledgeTag.create.mockImplementation(async ({ data }: any) => ({
...mockTag,
slug: data.slug,
}));
const result = await service.create(workspaceId, createDto);
@@ -183,9 +173,7 @@ describe("TagsService", () => {
describe("findOne", () => {
it("should return a tag by slug", async () => {
const mockTagWithCount = { ...mockTag, _count: { entries: 5 } };
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(
mockTagWithCount
);
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(mockTagWithCount);
const result = await service.findOne("architecture", workspaceId);
@@ -208,9 +196,7 @@ describe("TagsService", () => {
it("should throw NotFoundException if tag not found", async () => {
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(null);
await expect(
service.findOne("nonexistent", workspaceId)
).rejects.toThrow(NotFoundException);
await expect(service.findOne("nonexistent", workspaceId)).rejects.toThrow(NotFoundException);
});
});
@@ -245,9 +231,9 @@ describe("TagsService", () => {
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(null);
await expect(
service.update("nonexistent", workspaceId, updateDto)
).rejects.toThrow(NotFoundException);
await expect(service.update("nonexistent", workspaceId, updateDto)).rejects.toThrow(
NotFoundException
);
});
it("should throw ConflictException if new slug conflicts", async () => {
@@ -263,9 +249,9 @@ describe("TagsService", () => {
slug: "design",
} as any);
await expect(
service.update("architecture", workspaceId, updateDto)
).rejects.toThrow(ConflictException);
await expect(service.update("architecture", workspaceId, updateDto)).rejects.toThrow(
ConflictException
);
});
});
@@ -292,9 +278,7 @@ describe("TagsService", () => {
it("should throw NotFoundException if tag not found", async () => {
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(null);
await expect(
service.remove("nonexistent", workspaceId)
).rejects.toThrow(NotFoundException);
await expect(service.remove("nonexistent", workspaceId)).rejects.toThrow(NotFoundException);
});
});
@@ -398,9 +382,9 @@ describe("TagsService", () => {
mockPrismaService.knowledgeTag.findUnique.mockResolvedValue(null);
await expect(
service.findOrCreateTags(workspaceId, slugs, false)
).rejects.toThrow(NotFoundException);
await expect(service.findOrCreateTags(workspaceId, slugs, false)).rejects.toThrow(
NotFoundException
);
});
});
});

56
apps/api/src/knowledge/utils/README.md
View File

@@ -17,9 +17,9 @@ The `wiki-link-parser.ts` utility provides parsing of wiki-style `[[links]]` fro
### Usage
```typescript
import { parseWikiLinks } from './utils/wiki-link-parser';
import { parseWikiLinks } from "./utils/wiki-link-parser";
const content = 'See [[Main Page]] and [[Getting Started|start here]].';
const content = "See [[Main Page]] and [[Getting Started|start here]].";
const links = parseWikiLinks(content);
// Result:
@@ -44,32 +44,41 @@ const links = parseWikiLinks(content);
### Supported Link Formats
#### Basic Link (by title)
```markdown
[[Page Name]]
```
Links to a page by its title. Display text will be "Page Name".
#### Link with Display Text
```markdown
[[Page Name|custom display]]
```
Links to "Page Name" but displays "custom display".
#### Link by Slug
```markdown
[[page-slug-name]]
```
Links to a page by its URL slug (kebab-case).
### Edge Cases
#### Nested Brackets
```markdown
[[Page [with] brackets]] ✓ Parsed correctly
[[Page [with] brackets]] ✓ Parsed correctly
```
Single brackets inside link text are allowed.
#### Code Blocks (Not Parsed)
```markdown
Use `[[WikiLink]]` syntax for linking.
@@ -77,36 +86,41 @@ Use `[[WikiLink]]` syntax for linking.
const link = "[[not parsed]]";
\`\`\`
```
Links inside inline code or fenced code blocks are ignored.
#### Escaped Brackets
```markdown
\[[not a link]] but [[real link]] works
```
Escaped brackets are not parsed as links.
#### Empty or Invalid Links
```markdown
[[]] ✗ Empty link (ignored)
[[ ]] ✗ Whitespace only (ignored)
[[ Target ]] ✓ Trimmed to "Target"
[[]] ✗ Whitespace only (ignored)
[[Target]] ✓ Trimmed to "Target"
```
### Return Type
```typescript
interface WikiLink {
raw: string; // Full matched text: "[[Page Name]]"
target: string; // Target page: "Page Name"
raw: string; // Full matched text: "[[Page Name]]"
target: string; // Target page: "Page Name"
displayText: string; // Display text: "Page Name" or custom
start: number; // Start position in content
end: number; // End position in content
start: number; // Start position in content
end: number; // End position in content
}
```
### Testing
Comprehensive test suite (100% coverage) includes:
- Basic parsing (single, multiple, consecutive links)
- Display text variations
- Edge cases (brackets, escapes, empty links)
@@ -116,6 +130,7 @@ Comprehensive test suite (100% coverage) includes:
- Malformed input handling
Run tests:
```bash
pnpm test --filter=@mosaic/api -- wiki-link-parser.spec.ts
```
@@ -130,6 +145,7 @@ This parser is designed to work with the Knowledge Module's linking system:
4. **Link Rendering**: Replace `[[links]]` with HTML anchors
See related issues:
- #59 - Wiki-link parser (this implementation)
- Future: Link resolution and storage
- Future: Backlink display and navigation
@@ -151,33 +167,38 @@ The `markdown.ts` utility provides secure markdown rendering with GFM (GitHub Fl
### Usage
```typescript
import { renderMarkdown, markdownToPlainText } from './utils/markdown';
import { renderMarkdown, markdownToPlainText } from "./utils/markdown";
// Render markdown to HTML (async)
const html = await renderMarkdown('# Hello **World**');
const html = await renderMarkdown("# Hello **World**");
// Result: <h1 id="hello-world">Hello <strong>World</strong></h1>
// Extract plain text (for search indexing)
const plainText = await markdownToPlainText('# Hello **World**');
const plainText = await markdownToPlainText("# Hello **World**");
// Result: "Hello World"
```
### Supported Markdown Features
#### Basic Formatting
- **Bold**: `**text**` or `__text__`
- *Italic*: `*text*` or `_text_`
- _Italic_: `*text*` or `_text_`
- ~~Strikethrough~~: `~~text~~`
- `Inline code`: `` `code` ``
#### Headers
```markdown
# H1
## H2
### H3
```
#### Lists
```markdown
- Unordered list
- Nested item
@@ -187,19 +208,22 @@ const plainText = await markdownToPlainText('# Hello **World**');
```
#### Task Lists
```markdown
- [ ] Unchecked task
- [x] Completed task
```
#### Tables
```markdown
| Header 1 | Header 2 |
|----------|----------|
| -------- | -------- |
| Cell 1 | Cell 2 |
```
#### Code Blocks
````markdown
```typescript
const greeting: string = "Hello";
@@ -208,12 +232,14 @@ console.log(greeting);
````
#### Links and Images
```markdown
[Link text](https://example.com)
![Alt text](https://example.com/image.png)
```
#### Blockquotes
```markdown
> This is a quote
> Multi-line quote
@@ -233,6 +259,7 @@ The renderer implements multiple layers of security:
### Testing
Comprehensive test suite covers:
- Basic markdown rendering
- GFM features (tables, task lists, strikethrough)
- Code syntax highlighting
@@ -240,6 +267,7 @@ Comprehensive test suite covers:
- Edge cases (unicode, long content, nested structures)
Run tests:
```bash
pnpm test --filter=@mosaic/api -- markdown.spec.ts
```

19
apps/api/src/knowledge/utils/markdown.spec.ts
View File

@@ -1,9 +1,5 @@
import { describe, it, expect } from "vitest";
import {
renderMarkdown,
renderMarkdownSync,
markdownToPlainText,
} from "./markdown";
import { renderMarkdown, renderMarkdownSync, markdownToPlainText } from "./markdown";
describe("Markdown Rendering", () => {
describe("renderMarkdown", () => {
@@ -77,7 +73,7 @@ describe("Markdown Rendering", () => {
const html = await renderMarkdown(markdown);
expect(html).toContain('<input');
expect(html).toContain("<input");
expect(html).toContain('type="checkbox"');
expect(html).toContain('disabled="disabled"'); // Should be disabled for safety
});
@@ -145,16 +141,17 @@ plain text code
const markdown = "![Alt text](https://example.com/image.png)";
const html = await renderMarkdown(markdown);
expect(html).toContain('<img');
expect(html).toContain("<img");
expect(html).toContain('src="https://example.com/image.png"');
expect(html).toContain('alt="Alt text"');
});
it("should allow data URIs for images", async () => {
const markdown = "![Image](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==)";
const markdown =
"![Image](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==)";
const html = await renderMarkdown(markdown);
expect(html).toContain('<img');
expect(html).toContain("<img");
expect(html).toContain('src="data:image/png;base64');
});
});
@@ -164,7 +161,7 @@ plain text code
const markdown = "# My Header Title";
const html = await renderMarkdown(markdown);
expect(html).toContain('<h1');
expect(html).toContain("<h1");
expect(html).toContain('id="');
});
@@ -282,7 +279,7 @@ plain text code
});
it("should strip all HTML tags", async () => {
const markdown = '[Link](https://example.com)\n\n![Image](image.png)';
const markdown = "[Link](https://example.com)\n\n![Image](image.png)";
const plainText = await markdownToPlainText(markdown);
expect(plainText).not.toContain("<a");

4
apps/api/src/knowledge/utils/wiki-link-parser.spec.ts
View File

@@ -333,9 +333,7 @@ const link = "[[Not A Link]]";
expect(links[0].start).toBe(5);
expect(links[0].end).toBe(23);
expect(content.substring(links[0].start, links[0].end)).toBe(
"[[Target|Display]]"
);
expect(content.substring(links[0].start, links[0].end)).toBe("[[Target|Display]]");
});
it("should track positions in multiline content", () => {

31
apps/api/src/layouts/__tests__/layouts.service.spec.ts
View File

@@ -114,9 +114,9 @@ describe("LayoutsService", () => {
.mockResolvedValueOnce(null) // No default
.mockResolvedValueOnce(null); // No layouts
await expect(
service.findDefault(mockWorkspaceId, mockUserId)
).rejects.toThrow(NotFoundException);
await expect(service.findDefault(mockWorkspaceId, mockUserId)).rejects.toThrow(
NotFoundException
);
});
});
@@ -139,9 +139,9 @@ describe("LayoutsService", () => {
it("should throw NotFoundException if layout not found", async () => {
prisma.userLayout.findUnique.mockResolvedValue(null);
await expect(
service.findOne("invalid-id", mockWorkspaceId, mockUserId)
).rejects.toThrow(NotFoundException);
await expect(service.findOne("invalid-id", mockWorkspaceId, mockUserId)).rejects.toThrow(
NotFoundException
);
});
});
@@ -221,12 +221,7 @@ describe("LayoutsService", () => {
})
);
const result = await service.update(
"layout-1",
mockWorkspaceId,
mockUserId,
updateDto
);
const result = await service.update("layout-1", mockWorkspaceId, mockUserId, updateDto);
expect(result).toBeDefined();
expect(mockFindUnique).toHaveBeenCalled();
@@ -244,9 +239,9 @@ describe("LayoutsService", () => {
})
);
await expect(
service.update("invalid-id", mockWorkspaceId, mockUserId, {})
).rejects.toThrow(NotFoundException);
await expect(service.update("invalid-id", mockWorkspaceId, mockUserId, {})).rejects.toThrow(
NotFoundException
);
});
});
@@ -269,9 +264,9 @@ describe("LayoutsService", () => {
it("should throw NotFoundException if layout not found", async () => {
prisma.userLayout.findUnique.mockResolvedValue(null);
await expect(
service.remove("invalid-id", mockWorkspaceId, mockUserId)
).rejects.toThrow(NotFoundException);
await expect(service.remove("invalid-id", mockWorkspaceId, mockUserId)).rejects.toThrow(
NotFoundException
);
});
});
});

26
apps/api/src/ollama/ollama.controller.spec.ts
View File

@@ -48,11 +48,7 @@ describe("OllamaController", () => {
});
expect(result).toEqual(mockResponse);
expect(mockOllamaService.generate).toHaveBeenCalledWith(
"Hello",
undefined,
undefined
);
expect(mockOllamaService.generate).toHaveBeenCalledWith("Hello", undefined, undefined);
});
it("should generate with options and custom model", async () => {
@@ -84,9 +80,7 @@ describe("OllamaController", () => {
describe("chat", () => {
it("should complete chat conversation", async () => {
const messages: ChatMessage[] = [
{ role: "user", content: "Hello!" },
];
const messages: ChatMessage[] = [{ role: "user", content: "Hello!" }];
const mockResponse = {
model: "llama3.2",
@@ -104,11 +98,7 @@ describe("OllamaController", () => {
});
expect(result).toEqual(mockResponse);
expect(mockOllamaService.chat).toHaveBeenCalledWith(
messages,
undefined,
undefined
);
expect(mockOllamaService.chat).toHaveBeenCalledWith(messages, undefined, undefined);
});
it("should chat with options and custom model", async () => {
@@ -158,10 +148,7 @@ describe("OllamaController", () => {
});
expect(result).toEqual(mockResponse);
expect(mockOllamaService.embed).toHaveBeenCalledWith(
"Sample text",
undefined
);
expect(mockOllamaService.embed).toHaveBeenCalledWith("Sample text", undefined);
});
it("should embed with custom model", async () => {
@@ -177,10 +164,7 @@ describe("OllamaController", () => {
});
expect(result).toEqual(mockResponse);
expect(mockOllamaService.embed).toHaveBeenCalledWith(
"Test",
"nomic-embed-text"
);
expect(mockOllamaService.embed).toHaveBeenCalledWith("Test", "nomic-embed-text");
});
});

27
apps/api/src/ollama/ollama.service.spec.ts
View File

@@ -2,11 +2,7 @@ import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { OllamaService } from "./ollama.service";
import { HttpException, HttpStatus } from "@nestjs/common";
import type {
GenerateOptionsDto,
ChatMessage,
ChatOptionsDto,
} from "./dto";
import type { GenerateOptionsDto, ChatMessage, ChatOptionsDto } from "./dto";
describe("OllamaService", () => {
let service: OllamaService;
@@ -133,9 +129,7 @@ describe("OllamaService", () => {
mockFetch.mockRejectedValue(new Error("Network error"));
await expect(service.generate("Hello")).rejects.toThrow(HttpException);
await expect(service.generate("Hello")).rejects.toThrow(
"Failed to connect to Ollama"
);
await expect(service.generate("Hello")).rejects.toThrow("Failed to connect to Ollama");
});
it("should throw HttpException on non-ok response", async () => {
@@ -163,12 +157,9 @@ describe("OllamaService", () => {
],
}).compile();
const shortTimeoutService =
shortTimeoutModule.get<OllamaService>(OllamaService);
const shortTimeoutService = shortTimeoutModule.get<OllamaService>(OllamaService);
await expect(shortTimeoutService.generate("Hello")).rejects.toThrow(
HttpException
);
await expect(shortTimeoutService.generate("Hello")).rejects.toThrow(HttpException);
});
});
@@ -210,9 +201,7 @@ describe("OllamaService", () => {
});
it("should chat with custom options", async () => {
const messages: ChatMessage[] = [
{ role: "user", content: "Hello!" },
];
const messages: ChatMessage[] = [{ role: "user", content: "Hello!" }];
const options: ChatOptionsDto = {
temperature: 0.5,
@@ -251,9 +240,9 @@ describe("OllamaService", () => {
it("should throw HttpException on chat error", async () => {
mockFetch.mockRejectedValue(new Error("Connection refused"));
await expect(
service.chat([{ role: "user", content: "Hello" }])
).rejects.toThrow(HttpException);
await expect(service.chat([{ role: "user", content: "Hello" }])).rejects.toThrow(
HttpException
);
});
});

16
apps/api/src/prisma/prisma.service.spec.ts
View File

@@ -23,9 +23,7 @@ describe("PrismaService", () => {
describe("onModuleInit", () => {
it("should connect to the database", async () => {
const connectSpy = vi
.spyOn(service, "$connect")
.mockResolvedValue(undefined);
const connectSpy = vi.spyOn(service, "$connect").mockResolvedValue(undefined);
await service.onModuleInit();
@@ -42,9 +40,7 @@ describe("PrismaService", () => {
describe("onModuleDestroy", () => {
it("should disconnect from the database", async () => {
const disconnectSpy = vi
.spyOn(service, "$disconnect")
.mockResolvedValue(undefined);
const disconnectSpy = vi.spyOn(service, "$disconnect").mockResolvedValue(undefined);
await service.onModuleDestroy();
@@ -62,9 +58,7 @@ describe("PrismaService", () => {
});
it("should return false when database is not accessible", async () => {
vi
.spyOn(service, "$queryRaw")
.mockRejectedValue(new Error("Database error"));
vi.spyOn(service, "$queryRaw").mockRejectedValue(new Error("Database error"));
const result = await service.isHealthy();
@@ -100,9 +94,7 @@ describe("PrismaService", () => {
});
it("should return connected false when query fails", async () => {
vi
.spyOn(service, "$queryRaw")
.mockRejectedValue(new Error("Query failed"));
vi.spyOn(service, "$queryRaw").mockRejectedValue(new Error("Query failed"));
const result = await service.getConnectionInfo();

23
apps/api/src/projects/projects.controller.spec.ts
View File

@@ -62,11 +62,7 @@ describe("ProjectsController", () => {
const result = await controller.create(createDto, mockWorkspaceId, mockUser);
expect(result).toEqual(mockProject);
expect(service.create).toHaveBeenCalledWith(
mockWorkspaceId,
mockUserId,
createDto
);
expect(service.create).toHaveBeenCalledWith(mockWorkspaceId, mockUserId, createDto);
});
it("should pass undefined workspaceId to service (validation handled by guards)", async () => {
@@ -74,7 +70,9 @@ describe("ProjectsController", () => {
await controller.create({ name: "Test" }, undefined as any, mockUser);
expect(mockProjectsService.create).toHaveBeenCalledWith(undefined, mockUserId, { name: "Test" });
expect(mockProjectsService.create).toHaveBeenCalledWith(undefined, mockUserId, {
name: "Test",
});
});
});
@@ -149,7 +147,12 @@ describe("ProjectsController", () => {
await controller.update(mockProjectId, updateDto, undefined as any, mockUser);
expect(mockProjectsService.update).toHaveBeenCalledWith(mockProjectId, undefined, mockUserId, updateDto);
expect(mockProjectsService.update).toHaveBeenCalledWith(
mockProjectId,
undefined,
mockUserId,
updateDto
);
});
});
@@ -159,11 +162,7 @@ describe("ProjectsController", () => {
await controller.remove(mockProjectId, mockWorkspaceId, mockUser);
expect(service.remove).toHaveBeenCalledWith(
mockProjectId,
mockWorkspaceId,
mockUserId
);
expect(service.remove).toHaveBeenCalledWith(mockProjectId, mockWorkspaceId, mockUserId);
});
it("should pass undefined workspaceId to service (validation handled by guards)", async () => {

20
apps/api/src/stitcher/stitcher.security.spec.ts
View File

@@ -55,9 +55,7 @@ describe("StitcherController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
it("POST /stitcher/dispatch should require authentication", async () => {
@@ -67,9 +65,7 @@ describe("StitcherController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
});
@@ -96,9 +92,7 @@ describe("StitcherController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow("Invalid API key");
});
@@ -111,9 +105,7 @@ describe("StitcherController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow("No API key provided");
});
});
@@ -133,9 +125,7 @@ describe("StitcherController - Security", () => {
}),
};
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(
UnauthorizedException
);
await expect(guard.canActivate(mockContext as any)).rejects.toThrow(UnauthorizedException);
});
});
});

2
apps/api/src/tasks/dto/query-tasks.dto.spec.ts
View File

@@ -24,7 +24,7 @@ describe("QueryTasksDto", () => {
const errors = await validate(dto);
expect(errors.length).toBeGreaterThan(0);
expect(errors.some(e => e.property === "workspaceId")).toBe(true);
expect(errors.some((e) => e.property === "workspaceId")).toBe(true);
});
it("should accept valid status filter", async () => {

24
apps/api/src/tasks/tasks.controller.spec.ts
View File

@@ -106,18 +106,10 @@ describe("TasksController", () => {
mockTasksService.create.mockResolvedValue(mockTask);
const result = await controller.create(
createDto,
mockWorkspaceId,
mockRequest.user
);
const result = await controller.create(createDto, mockWorkspaceId, mockRequest.user);
expect(result).toEqual(mockTask);
expect(service.create).toHaveBeenCalledWith(
mockWorkspaceId,
mockUserId,
createDto
);
expect(service.create).toHaveBeenCalledWith(mockWorkspaceId, mockUserId, createDto);
});
});
@@ -247,11 +239,7 @@ describe("TasksController", () => {
await controller.remove(mockTaskId, mockWorkspaceId, mockRequest.user);
expect(service.remove).toHaveBeenCalledWith(
mockTaskId,
mockWorkspaceId,
mockUserId
);
expect(service.remove).toHaveBeenCalledWith(mockTaskId, mockWorkspaceId, mockUserId);
});
it("should throw error if workspaceId not found", async () => {
@@ -262,11 +250,7 @@ describe("TasksController", () => {
await controller.remove(mockTaskId, mockWorkspaceId, mockRequest.user);
expect(service.remove).toHaveBeenCalledWith(
mockTaskId,
mockWorkspaceId,
mockUserId
);
expect(service.remove).toHaveBeenCalledWith(mockTaskId, mockWorkspaceId, mockUserId);
});
});
});

52
apps/api/src/valkey/README.md
View File

@@ -69,8 +69,8 @@ docker compose up -d valkey
### 1. Inject the Service
```typescript
import { Injectable } from '@nestjs/common';
import { ValkeyService } from './valkey/valkey.service';
import { Injectable } from "@nestjs/common";
import { ValkeyService } from "./valkey/valkey.service";
@Injectable()
export class MyService {
@@ -82,11 +82,11 @@ export class MyService {
```typescript
const task = await this.valkeyService.enqueue({
type: 'send-email',
type: "send-email",
data: {
to: 'user@example.com',
subject: 'Welcome!',
body: 'Hello, welcome to Mosaic Stack',
to: "user@example.com",
subject: "Welcome!",
body: "Hello, welcome to Mosaic Stack",
},
});
@@ -102,11 +102,11 @@ const task = await this.valkeyService.dequeue();
if (task) {
console.log(task.status); // 'processing'
try {
// Do work...
await sendEmail(task.data);
// Mark as completed
await this.valkeyService.updateStatus(task.id, {
status: TaskStatus.COMPLETED,
@@ -129,8 +129,8 @@ const status = await this.valkeyService.getStatus(taskId);
if (status) {
console.log(status.status); // 'completed' | 'failed' | 'processing' | 'pending'
console.log(status.data); // Task metadata
console.log(status.error); // Error message if failed
console.log(status.data); // Task metadata
console.log(status.error); // Error message if failed
}
```
@@ -143,7 +143,7 @@ console.log(`${length} tasks in queue`);
// Health check
const healthy = await this.valkeyService.healthCheck();
console.log(`Valkey is ${healthy ? 'healthy' : 'down'}`);
console.log(`Valkey is ${healthy ? "healthy" : "down"}`);
// Clear queue (use with caution!)
await this.valkeyService.clearQueue();
@@ -181,12 +181,12 @@ export class EmailWorker {
private async startWorker() {
while (true) {
const task = await this.valkeyService.dequeue();
if (task) {
await this.processTask(task);
} else {
// No tasks, wait 5 seconds
await new Promise(resolve => setTimeout(resolve, 5000));
await new Promise((resolve) => setTimeout(resolve, 5000));
}
}
}
@@ -194,14 +194,14 @@ export class EmailWorker {
private async processTask(task: TaskDto) {
try {
switch (task.type) {
case 'send-email':
case "send-email":
await this.sendEmail(task.data);
break;
case 'generate-report':
case "generate-report":
await this.generateReport(task.data);
break;
}
await this.valkeyService.updateStatus(task.id, {
status: TaskStatus.COMPLETED,
});
@@ -222,10 +222,10 @@ export class EmailWorker {
export class ScheduledTasks {
constructor(private readonly valkeyService: ValkeyService) {}
@Cron('0 0 * * *') // Daily at midnight
@Cron("0 0 * * *") // Daily at midnight
async dailyReport() {
await this.valkeyService.enqueue({
type: 'daily-report',
type: "daily-report",
data: { date: new Date().toISOString() },
});
}
@@ -241,6 +241,7 @@ pnpm test valkey.service.spec.ts
```
Tests cover:
- ✅ Connection and initialization
- ✅ Enqueue operations
- ✅ Dequeue FIFO behavior
@@ -254,9 +255,11 @@ Tests cover:
### ValkeyService Methods
#### `enqueue(task: EnqueueTaskDto): Promise<TaskDto>`
Add a task to the queue.
**Parameters:**
- `task.type` (string): Task type identifier
- `task.data` (object): Task metadata
@@ -265,6 +268,7 @@ Add a task to the queue.
---
#### `dequeue(): Promise<TaskDto | null>`
Get the next task from the queue (FIFO).
**Returns:** Next task with status updated to PROCESSING, or null if queue is empty
@@ -272,9 +276,11 @@ Get the next task from the queue (FIFO).
---
#### `getStatus(taskId: string): Promise<TaskDto | null>`
Retrieve task status and metadata.
**Parameters:**
- `taskId` (string): Task UUID
**Returns:** Task data or null if not found
@@ -282,9 +288,11 @@ Retrieve task status and metadata.
---
#### `updateStatus(taskId: string, update: UpdateTaskStatusDto): Promise<TaskDto | null>`
Update task status and optionally add results or errors.
**Parameters:**
- `taskId` (string): Task UUID
- `update.status` (TaskStatus): New status
- `update.error` (string, optional): Error message for failed tasks
@@ -295,6 +303,7 @@ Update task status and optionally add results or errors.
---
#### `getQueueLength(): Promise<number>`
Get the number of tasks in queue.
**Returns:** Queue length
@@ -302,11 +311,13 @@ Get the number of tasks in queue.
---
#### `clearQueue(): Promise<void>`
Remove all tasks from queue (metadata remains until TTL).
---
#### `healthCheck(): Promise<boolean>`
Verify Valkey connectivity.
**Returns:** true if connected, false otherwise
@@ -314,6 +325,7 @@ Verify Valkey connectivity.
## Migration Notes
If upgrading from BullMQ or another queue system:
1. Task IDs are UUIDs (not incremental)
2. No built-in retry mechanism (implement in worker)
3. No job priorities (strict FIFO)
@@ -329,7 +341,7 @@ For advanced features like retries, priorities, or scheduled jobs, consider wrap
// Check Valkey connectivity
const healthy = await this.valkeyService.healthCheck();
if (!healthy) {
console.error('Valkey is not responding');
console.error("Valkey is not responding");
}
```
@@ -349,6 +361,7 @@ docker exec -it mosaic-valkey valkey-cli DEL mosaic:task:queue
### Debug Logging
The service logs all operations at `info` level. Check application logs for:
- Task enqueue/dequeue operations
- Status updates
- Connection events
@@ -356,6 +369,7 @@ The service logs all operations at `info` level. Check application logs for:
## Future Enhancements
Potential improvements for consideration:
- [ ] Task priorities (weighted queues)
- [ ] Retry mechanism with exponential backoff
- [ ] Delayed/scheduled tasks

172
apps/api/src/valkey/valkey.service.spec.ts
View File

@@ -1,10 +1,10 @@
import { Test, TestingModule } from '@nestjs/testing';
import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
import { ValkeyService } from './valkey.service';
import { TaskStatus } from './dto/task.dto';
import { Test, TestingModule } from "@nestjs/testing";
import { describe, it, expect, beforeEach, vi, afterEach } from "vitest";
import { ValkeyService } from "./valkey.service";
import { TaskStatus } from "./dto/task.dto";
// Mock ioredis module
vi.mock('ioredis', () => {
vi.mock("ioredis", () => {
// In-memory store for mocked Redis
const store = new Map<string, string>();
const lists = new Map<string, string[]>();
@@ -13,13 +13,13 @@ vi.mock('ioredis', () => {
class MockRedisClient {
// Connection methods
async ping() {
return 'PONG';
return "PONG";
}
async quit() {
return undefined;
}
on() {
return this;
}
@@ -27,9 +27,9 @@ vi.mock('ioredis', () => {
// String operations
async setex(key: string, ttl: number, value: string) {
store.set(key, value);
return 'OK';
return "OK";
}
async get(key: string) {
return store.get(key) || null;
}
@@ -43,7 +43,7 @@ vi.mock('ioredis', () => {
list.push(...values);
return list.length;
}
async lpop(key: string) {
const list = lists.get(key);
if (!list || list.length === 0) {
@@ -51,15 +51,15 @@ vi.mock('ioredis', () => {
}
return list.shift()!;
}
async llen(key: string) {
const list = lists.get(key);
return list ? list.length : 0;
}
async del(...keys: string[]) {
let deleted = 0;
keys.forEach(key => {
keys.forEach((key) => {
if (store.delete(key)) deleted++;
if (lists.delete(key)) deleted++;
});
@@ -78,16 +78,16 @@ vi.mock('ioredis', () => {
};
});
describe('ValkeyService', () => {
describe("ValkeyService", () => {
let service: ValkeyService;
let module: TestingModule;
beforeEach(async () => {
// Clear environment
process.env.VALKEY_URL = 'redis://localhost:6379';
process.env.VALKEY_URL = "redis://localhost:6379";
// Clear the mock store before each test
const Redis = await import('ioredis');
const Redis = await import("ioredis");
(Redis.default as any).__clearStore();
module = await Test.createTestingModule({
@@ -95,7 +95,7 @@ describe('ValkeyService', () => {
}).compile();
service = module.get<ValkeyService>(ValkeyService);
// Initialize the service
await service.onModuleInit();
});
@@ -104,41 +104,41 @@ describe('ValkeyService', () => {
await service.onModuleDestroy();
});
describe('initialization', () => {
it('should be defined', () => {
describe("initialization", () => {
it("should be defined", () => {
expect(service).toBeDefined();
});
it('should connect to Valkey on module init', async () => {
it("should connect to Valkey on module init", async () => {
expect(service).toBeDefined();
const healthCheck = await service.healthCheck();
expect(healthCheck).toBe(true);
});
});
describe('enqueue', () => {
it('should enqueue a task successfully', async () => {
describe("enqueue", () => {
it("should enqueue a task successfully", async () => {
const taskDto = {
type: 'test-task',
data: { message: 'Hello World' },
type: "test-task",
data: { message: "Hello World" },
};
const result = await service.enqueue(taskDto);
expect(result).toBeDefined();
expect(result.id).toBeDefined();
expect(result.type).toBe('test-task');
expect(result.data).toEqual({ message: 'Hello World' });
expect(result.type).toBe("test-task");
expect(result.data).toEqual({ message: "Hello World" });
expect(result.status).toBe(TaskStatus.PENDING);
expect(result.createdAt).toBeDefined();
expect(result.updatedAt).toBeDefined();
});
it('should increment queue length when enqueueing', async () => {
it("should increment queue length when enqueueing", async () => {
const initialLength = await service.getQueueLength();
await service.enqueue({
type: 'task-1',
type: "task-1",
data: {},
});
@@ -147,20 +147,20 @@ describe('ValkeyService', () => {
});
});
describe('dequeue', () => {
it('should return null when queue is empty', async () => {
describe("dequeue", () => {
it("should return null when queue is empty", async () => {
const result = await service.dequeue();
expect(result).toBeNull();
});
it('should dequeue tasks in FIFO order', async () => {
it("should dequeue tasks in FIFO order", async () => {
const task1 = await service.enqueue({
type: 'task-1',
type: "task-1",
data: { order: 1 },
});
const task2 = await service.enqueue({
type: 'task-2',
type: "task-2",
data: { order: 2 },
});
@@ -173,9 +173,9 @@ describe('ValkeyService', () => {
expect(dequeued2?.status).toBe(TaskStatus.PROCESSING);
});
it('should update task status to PROCESSING when dequeued', async () => {
it("should update task status to PROCESSING when dequeued", async () => {
const task = await service.enqueue({
type: 'test-task',
type: "test-task",
data: {},
});
@@ -187,73 +187,73 @@ describe('ValkeyService', () => {
});
});
describe('getStatus', () => {
it('should return null for non-existent task', async () => {
const status = await service.getStatus('non-existent-id');
describe("getStatus", () => {
it("should return null for non-existent task", async () => {
const status = await service.getStatus("non-existent-id");
expect(status).toBeNull();
});
it('should return task status for existing task', async () => {
it("should return task status for existing task", async () => {
const task = await service.enqueue({
type: 'test-task',
data: { key: 'value' },
type: "test-task",
data: { key: "value" },
});
const status = await service.getStatus(task.id);
expect(status).toBeDefined();
expect(status?.id).toBe(task.id);
expect(status?.type).toBe('test-task');
expect(status?.data).toEqual({ key: 'value' });
expect(status?.type).toBe("test-task");
expect(status?.data).toEqual({ key: "value" });
});
});
describe('updateStatus', () => {
it('should update task status to COMPLETED', async () => {
describe("updateStatus", () => {
it("should update task status to COMPLETED", async () => {
const task = await service.enqueue({
type: 'test-task',
type: "test-task",
data: {},
});
const updated = await service.updateStatus(task.id, {
status: TaskStatus.COMPLETED,
result: { output: 'success' },
result: { output: "success" },
});
expect(updated).toBeDefined();
expect(updated?.status).toBe(TaskStatus.COMPLETED);
expect(updated?.completedAt).toBeDefined();
expect(updated?.data).toEqual({ output: 'success' });
expect(updated?.data).toEqual({ output: "success" });
});
it('should update task status to FAILED with error', async () => {
it("should update task status to FAILED with error", async () => {
const task = await service.enqueue({
type: 'test-task',
type: "test-task",
data: {},
});
const updated = await service.updateStatus(task.id, {
status: TaskStatus.FAILED,
error: 'Task failed due to error',
error: "Task failed due to error",
});
expect(updated).toBeDefined();
expect(updated?.status).toBe(TaskStatus.FAILED);
expect(updated?.error).toBe('Task failed due to error');
expect(updated?.error).toBe("Task failed due to error");
expect(updated?.completedAt).toBeDefined();
});
it('should return null when updating non-existent task', async () => {
const updated = await service.updateStatus('non-existent-id', {
it("should return null when updating non-existent task", async () => {
const updated = await service.updateStatus("non-existent-id", {
status: TaskStatus.COMPLETED,
});
expect(updated).toBeNull();
});
it('should preserve existing data when updating status', async () => {
it("should preserve existing data when updating status", async () => {
const task = await service.enqueue({
type: 'test-task',
data: { original: 'data' },
type: "test-task",
data: { original: "data" },
});
await service.updateStatus(task.id, {
@@ -261,28 +261,28 @@ describe('ValkeyService', () => {
});
const status = await service.getStatus(task.id);
expect(status?.data).toEqual({ original: 'data' });
expect(status?.data).toEqual({ original: "data" });
});
});
describe('getQueueLength', () => {
it('should return 0 for empty queue', async () => {
describe("getQueueLength", () => {
it("should return 0 for empty queue", async () => {
const length = await service.getQueueLength();
expect(length).toBe(0);
});
it('should return correct queue length', async () => {
await service.enqueue({ type: 'task-1', data: {} });
await service.enqueue({ type: 'task-2', data: {} });
await service.enqueue({ type: 'task-3', data: {} });
it("should return correct queue length", async () => {
await service.enqueue({ type: "task-1", data: {} });
await service.enqueue({ type: "task-2", data: {} });
await service.enqueue({ type: "task-3", data: {} });
const length = await service.getQueueLength();
expect(length).toBe(3);
});
it('should decrease when tasks are dequeued', async () => {
await service.enqueue({ type: 'task-1', data: {} });
await service.enqueue({ type: 'task-2', data: {} });
it("should decrease when tasks are dequeued", async () => {
await service.enqueue({ type: "task-1", data: {} });
await service.enqueue({ type: "task-2", data: {} });
expect(await service.getQueueLength()).toBe(2);
@@ -294,10 +294,10 @@ describe('ValkeyService', () => {
});
});
describe('clearQueue', () => {
it('should clear all tasks from queue', async () => {
await service.enqueue({ type: 'task-1', data: {} });
await service.enqueue({ type: 'task-2', data: {} });
describe("clearQueue", () => {
it("should clear all tasks from queue", async () => {
await service.enqueue({ type: "task-1", data: {} });
await service.enqueue({ type: "task-2", data: {} });
expect(await service.getQueueLength()).toBe(2);
@@ -306,21 +306,21 @@ describe('ValkeyService', () => {
});
});
describe('healthCheck', () => {
it('should return true when Valkey is healthy', async () => {
describe("healthCheck", () => {
it("should return true when Valkey is healthy", async () => {
const healthy = await service.healthCheck();
expect(healthy).toBe(true);
});
});
describe('integration flow', () => {
it('should handle complete task lifecycle', async () => {
describe("integration flow", () => {
it("should handle complete task lifecycle", async () => {
// 1. Enqueue task
const task = await service.enqueue({
type: 'email-notification',
type: "email-notification",
data: {
to: 'user@example.com',
subject: 'Test Email',
to: "user@example.com",
subject: "Test Email",
},
});
@@ -335,8 +335,8 @@ describe('ValkeyService', () => {
const completedTask = await service.updateStatus(task.id, {
status: TaskStatus.COMPLETED,
result: {
to: 'user@example.com',
subject: 'Test Email',
to: "user@example.com",
subject: "Test Email",
sentAt: new Date().toISOString(),
},
});
@@ -350,11 +350,11 @@ describe('ValkeyService', () => {
expect(finalStatus?.data.sentAt).toBeDefined();
});
it('should handle multiple concurrent tasks', async () => {
it("should handle multiple concurrent tasks", async () => {
const tasks = await Promise.all([
service.enqueue({ type: 'task-1', data: { id: 1 } }),
service.enqueue({ type: 'task-2', data: { id: 2 } }),
service.enqueue({ type: 'task-3', data: { id: 3 } }),
service.enqueue({ type: "task-1", data: { id: 1 } }),
service.enqueue({ type: "task-2", data: { id: 2 } }),
service.enqueue({ type: "task-3", data: { id: 3 } }),
]);
expect(await service.getQueueLength()).toBe(3);

456
apps/api/src/websocket/websocket.gateway.spec.ts
View File

@@ -1,9 +1,9 @@
import { Test, TestingModule } from '@nestjs/testing';
import { WebSocketGateway } from './websocket.gateway';
import { AuthService } from '../auth/auth.service';
import { PrismaService } from '../prisma/prisma.service';
import { Server, Socket } from 'socket.io';
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
import { Test, TestingModule } from "@nestjs/testing";
import { WebSocketGateway } from "./websocket.gateway";
import { AuthService } from "../auth/auth.service";
import { PrismaService } from "../prisma/prisma.service";
import { Server, Socket } from "socket.io";
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
interface AuthenticatedSocket extends Socket {
data: {
@@ -12,7 +12,7 @@ interface AuthenticatedSocket extends Socket {
};
}
describe('WebSocketGateway', () => {
describe("WebSocketGateway", () => {
let gateway: WebSocketGateway;
let authService: AuthService;
let prismaService: PrismaService;
@@ -53,7 +53,7 @@ describe('WebSocketGateway', () => {
// Mock authenticated client
mockClient = {
id: 'test-socket-id',
id: "test-socket-id",
join: vi.fn(),
leave: vi.fn(),
emit: vi.fn(),
@@ -61,7 +61,7 @@ describe('WebSocketGateway', () => {
data: {},
handshake: {
auth: {
token: 'valid-token',
token: "valid-token",
},
},
} as unknown as AuthenticatedSocket;
@@ -76,36 +76,36 @@ describe('WebSocketGateway', () => {
}
});
describe('Authentication', () => {
it('should validate token and populate socket.data on successful authentication', async () => {
describe("Authentication", () => {
it("should validate token and populate socket.data on successful authentication", async () => {
const mockSessionData = {
user: { id: 'user-123', email: 'test@example.com' },
session: { id: 'session-123' },
user: { id: "user-123", email: "test@example.com" },
session: { id: "session-123" },
};
vi.spyOn(authService, 'verifySession').mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, 'findFirst').mockResolvedValue({
userId: 'user-123',
workspaceId: 'workspace-456',
role: 'MEMBER',
vi.spyOn(authService, "verifySession").mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, "findFirst").mockResolvedValue({
userId: "user-123",
workspaceId: "workspace-456",
role: "MEMBER",
} as never);
await gateway.handleConnection(mockClient);
expect(authService.verifySession).toHaveBeenCalledWith('valid-token');
expect(mockClient.data.userId).toBe('user-123');
expect(mockClient.data.workspaceId).toBe('workspace-456');
expect(authService.verifySession).toHaveBeenCalledWith("valid-token");
expect(mockClient.data.userId).toBe("user-123");
expect(mockClient.data.workspaceId).toBe("workspace-456");
});
it('should disconnect client with invalid token', async () => {
vi.spyOn(authService, 'verifySession').mockResolvedValue(null);
it("should disconnect client with invalid token", async () => {
vi.spyOn(authService, "verifySession").mockResolvedValue(null);
await gateway.handleConnection(mockClient);
expect(mockClient.disconnect).toHaveBeenCalled();
});
it('should disconnect client without token', async () => {
it("should disconnect client without token", async () => {
const clientNoToken = {
...mockClient,
handshake: { auth: {} },
@@ -116,23 +116,23 @@ describe('WebSocketGateway', () => {
expect(clientNoToken.disconnect).toHaveBeenCalled();
});
it('should disconnect client if token verification throws error', async () => {
vi.spyOn(authService, 'verifySession').mockRejectedValue(new Error('Invalid token'));
it("should disconnect client if token verification throws error", async () => {
vi.spyOn(authService, "verifySession").mockRejectedValue(new Error("Invalid token"));
await gateway.handleConnection(mockClient);
expect(mockClient.disconnect).toHaveBeenCalled();
});
it('should have connection timeout mechanism in place', () => {
it("should have connection timeout mechanism in place", () => {
// This test verifies that the gateway has a CONNECTION_TIMEOUT_MS constant
// The actual timeout is tested indirectly through authentication failure tests
expect((gateway as { CONNECTION_TIMEOUT_MS: number }).CONNECTION_TIMEOUT_MS).toBe(5000);
});
});
describe('Rate Limiting', () => {
it('should reject connections exceeding rate limit', async () => {
describe("Rate Limiting", () => {
it("should reject connections exceeding rate limit", async () => {
// Mock rate limiter to return false (limit exceeded)
const rateLimitedClient = { ...mockClient } as AuthenticatedSocket;
@@ -146,109 +146,109 @@ describe('WebSocketGateway', () => {
// expect(rateLimitedClient.disconnect).toHaveBeenCalled();
});
it('should allow connections within rate limit', async () => {
it("should allow connections within rate limit", async () => {
const mockSessionData = {
user: { id: 'user-123', email: 'test@example.com' },
session: { id: 'session-123' },
user: { id: "user-123", email: "test@example.com" },
session: { id: "session-123" },
};
vi.spyOn(authService, 'verifySession').mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, 'findFirst').mockResolvedValue({
userId: 'user-123',
workspaceId: 'workspace-456',
role: 'MEMBER',
vi.spyOn(authService, "verifySession").mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, "findFirst").mockResolvedValue({
userId: "user-123",
workspaceId: "workspace-456",
role: "MEMBER",
} as never);
await gateway.handleConnection(mockClient);
expect(mockClient.disconnect).not.toHaveBeenCalled();
expect(mockClient.data.userId).toBe('user-123');
expect(mockClient.data.userId).toBe("user-123");
});
});
describe('Workspace Access Validation', () => {
it('should verify user has access to workspace', async () => {
describe("Workspace Access Validation", () => {
it("should verify user has access to workspace", async () => {
const mockSessionData = {
user: { id: 'user-123', email: 'test@example.com' },
session: { id: 'session-123' },
user: { id: "user-123", email: "test@example.com" },
session: { id: "session-123" },
};
vi.spyOn(authService, 'verifySession').mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, 'findFirst').mockResolvedValue({
userId: 'user-123',
workspaceId: 'workspace-456',
role: 'MEMBER',
vi.spyOn(authService, "verifySession").mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, "findFirst").mockResolvedValue({
userId: "user-123",
workspaceId: "workspace-456",
role: "MEMBER",
} as never);
await gateway.handleConnection(mockClient);
expect(prismaService.workspaceMember.findFirst).toHaveBeenCalledWith({
where: { userId: 'user-123' },
where: { userId: "user-123" },
select: { workspaceId: true, userId: true, role: true },
});
});
it('should disconnect client without workspace access', async () => {
it("should disconnect client without workspace access", async () => {
const mockSessionData = {
user: { id: 'user-123', email: 'test@example.com' },
session: { id: 'session-123' },
user: { id: "user-123", email: "test@example.com" },
session: { id: "session-123" },
};
vi.spyOn(authService, 'verifySession').mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, 'findFirst').mockResolvedValue(null);
vi.spyOn(authService, "verifySession").mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, "findFirst").mockResolvedValue(null);
await gateway.handleConnection(mockClient);
expect(mockClient.disconnect).toHaveBeenCalled();
});
it('should only allow joining workspace rooms user has access to', async () => {
it("should only allow joining workspace rooms user has access to", async () => {
const mockSessionData = {
user: { id: 'user-123', email: 'test@example.com' },
session: { id: 'session-123' },
user: { id: "user-123", email: "test@example.com" },
session: { id: "session-123" },
};
vi.spyOn(authService, 'verifySession').mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, 'findFirst').mockResolvedValue({
userId: 'user-123',
workspaceId: 'workspace-456',
role: 'MEMBER',
vi.spyOn(authService, "verifySession").mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, "findFirst").mockResolvedValue({
userId: "user-123",
workspaceId: "workspace-456",
role: "MEMBER",
} as never);
await gateway.handleConnection(mockClient);
// Should join the workspace room they have access to
expect(mockClient.join).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockClient.join).toHaveBeenCalledWith("workspace:workspace-456");
});
});
describe('handleConnection', () => {
describe("handleConnection", () => {
beforeEach(() => {
const mockSessionData = {
user: { id: 'user-123', email: 'test@example.com' },
session: { id: 'session-123' },
user: { id: "user-123", email: "test@example.com" },
session: { id: "session-123" },
};
vi.spyOn(authService, 'verifySession').mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, 'findFirst').mockResolvedValue({
userId: 'user-123',
workspaceId: 'workspace-456',
role: 'MEMBER',
vi.spyOn(authService, "verifySession").mockResolvedValue(mockSessionData);
vi.spyOn(prismaService.workspaceMember, "findFirst").mockResolvedValue({
userId: "user-123",
workspaceId: "workspace-456",
role: "MEMBER",
} as never);
mockClient.data = {
userId: 'user-123',
workspaceId: 'workspace-456',
userId: "user-123",
workspaceId: "workspace-456",
};
});
it('should join client to workspace room on connection', async () => {
it("should join client to workspace room on connection", async () => {
await gateway.handleConnection(mockClient);
expect(mockClient.join).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockClient.join).toHaveBeenCalledWith("workspace:workspace-456");
});
it('should reject connection without authentication', async () => {
it("should reject connection without authentication", async () => {
const unauthClient = {
...mockClient,
data: {},
@@ -261,23 +261,23 @@ describe('WebSocketGateway', () => {
});
});
describe('handleDisconnect', () => {
it('should leave workspace room on disconnect', () => {
describe("handleDisconnect", () => {
it("should leave workspace room on disconnect", () => {
// Populate data as if client was authenticated
const authenticatedClient = {
...mockClient,
data: {
userId: 'user-123',
workspaceId: 'workspace-456',
userId: "user-123",
workspaceId: "workspace-456",
},
} as unknown as AuthenticatedSocket;
gateway.handleDisconnect(authenticatedClient);
expect(authenticatedClient.leave).toHaveBeenCalledWith('workspace:workspace-456');
expect(authenticatedClient.leave).toHaveBeenCalledWith("workspace:workspace-456");
});
it('should not throw error when disconnecting unauthenticated client', () => {
it("should not throw error when disconnecting unauthenticated client", () => {
const unauthenticatedClient = {
...mockClient,
data: {},
@@ -287,279 +287,279 @@ describe('WebSocketGateway', () => {
});
});
describe('emitTaskCreated', () => {
it('should emit task:created event to workspace room', () => {
describe("emitTaskCreated", () => {
it("should emit task:created event to workspace room", () => {
const task = {
id: 'task-1',
title: 'Test Task',
workspaceId: 'workspace-456',
id: "task-1",
title: "Test Task",
workspaceId: "workspace-456",
};
gateway.emitTaskCreated('workspace-456', task);
gateway.emitTaskCreated("workspace-456", task);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockServer.emit).toHaveBeenCalledWith('task:created', task);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456");
expect(mockServer.emit).toHaveBeenCalledWith("task:created", task);
});
});
describe('emitTaskUpdated', () => {
it('should emit task:updated event to workspace room', () => {
describe("emitTaskUpdated", () => {
it("should emit task:updated event to workspace room", () => {
const task = {
id: 'task-1',
title: 'Updated Task',
workspaceId: 'workspace-456',
id: "task-1",
title: "Updated Task",
workspaceId: "workspace-456",
};
gateway.emitTaskUpdated('workspace-456', task);
gateway.emitTaskUpdated("workspace-456", task);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockServer.emit).toHaveBeenCalledWith('task:updated', task);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456");
expect(mockServer.emit).toHaveBeenCalledWith("task:updated", task);
});
});
describe('emitTaskDeleted', () => {
it('should emit task:deleted event to workspace room', () => {
const taskId = 'task-1';
describe("emitTaskDeleted", () => {
it("should emit task:deleted event to workspace room", () => {
const taskId = "task-1";
gateway.emitTaskDeleted('workspace-456', taskId);
gateway.emitTaskDeleted("workspace-456", taskId);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockServer.emit).toHaveBeenCalledWith('task:deleted', { id: taskId });
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456");
expect(mockServer.emit).toHaveBeenCalledWith("task:deleted", { id: taskId });
});
});
describe('emitEventCreated', () => {
it('should emit event:created event to workspace room', () => {
describe("emitEventCreated", () => {
it("should emit event:created event to workspace room", () => {
const event = {
id: 'event-1',
title: 'Test Event',
workspaceId: 'workspace-456',
id: "event-1",
title: "Test Event",
workspaceId: "workspace-456",
};
gateway.emitEventCreated('workspace-456', event);
gateway.emitEventCreated("workspace-456", event);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockServer.emit).toHaveBeenCalledWith('event:created', event);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456");
expect(mockServer.emit).toHaveBeenCalledWith("event:created", event);
});
});
describe('emitEventUpdated', () => {
it('should emit event:updated event to workspace room', () => {
describe("emitEventUpdated", () => {
it("should emit event:updated event to workspace room", () => {
const event = {
id: 'event-1',
title: 'Updated Event',
workspaceId: 'workspace-456',
id: "event-1",
title: "Updated Event",
workspaceId: "workspace-456",
};
gateway.emitEventUpdated('workspace-456', event);
gateway.emitEventUpdated("workspace-456", event);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockServer.emit).toHaveBeenCalledWith('event:updated', event);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456");
expect(mockServer.emit).toHaveBeenCalledWith("event:updated", event);
});
});
describe('emitEventDeleted', () => {
it('should emit event:deleted event to workspace room', () => {
const eventId = 'event-1';
describe("emitEventDeleted", () => {
it("should emit event:deleted event to workspace room", () => {
const eventId = "event-1";
gateway.emitEventDeleted('workspace-456', eventId);
gateway.emitEventDeleted("workspace-456", eventId);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockServer.emit).toHaveBeenCalledWith('event:deleted', { id: eventId });
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456");
expect(mockServer.emit).toHaveBeenCalledWith("event:deleted", { id: eventId });
});
});
describe('emitProjectUpdated', () => {
it('should emit project:updated event to workspace room', () => {
describe("emitProjectUpdated", () => {
it("should emit project:updated event to workspace room", () => {
const project = {
id: 'project-1',
name: 'Updated Project',
workspaceId: 'workspace-456',
id: "project-1",
name: "Updated Project",
workspaceId: "workspace-456",
};
gateway.emitProjectUpdated('workspace-456', project);
gateway.emitProjectUpdated("workspace-456", project);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456');
expect(mockServer.emit).toHaveBeenCalledWith('project:updated', project);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456");
expect(mockServer.emit).toHaveBeenCalledWith("project:updated", project);
});
});
describe('Job Events', () => {
describe('emitJobCreated', () => {
it('should emit job:created event to workspace jobs room', () => {
describe("Job Events", () => {
describe("emitJobCreated", () => {
it("should emit job:created event to workspace jobs room", () => {
const job = {
id: 'job-1',
workspaceId: 'workspace-456',
type: 'code-task',
status: 'PENDING',
id: "job-1",
workspaceId: "workspace-456",
type: "code-task",
status: "PENDING",
};
gateway.emitJobCreated('workspace-456', job);
gateway.emitJobCreated("workspace-456", job);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456:jobs');
expect(mockServer.emit).toHaveBeenCalledWith('job:created', job);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456:jobs");
expect(mockServer.emit).toHaveBeenCalledWith("job:created", job);
});
it('should emit job:created event to specific job room', () => {
it("should emit job:created event to specific job room", () => {
const job = {
id: 'job-1',
workspaceId: 'workspace-456',
type: 'code-task',
status: 'PENDING',
id: "job-1",
workspaceId: "workspace-456",
type: "code-task",
status: "PENDING",
};
gateway.emitJobCreated('workspace-456', job);
gateway.emitJobCreated("workspace-456", job);
expect(mockServer.to).toHaveBeenCalledWith('job:job-1');
expect(mockServer.to).toHaveBeenCalledWith("job:job-1");
});
});
describe('emitJobStatusChanged', () => {
it('should emit job:status event to workspace jobs room', () => {
describe("emitJobStatusChanged", () => {
it("should emit job:status event to workspace jobs room", () => {
const data = {
id: 'job-1',
workspaceId: 'workspace-456',
status: 'RUNNING',
previousStatus: 'PENDING',
id: "job-1",
workspaceId: "workspace-456",
status: "RUNNING",
previousStatus: "PENDING",
};
gateway.emitJobStatusChanged('workspace-456', 'job-1', data);
gateway.emitJobStatusChanged("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456:jobs');
expect(mockServer.emit).toHaveBeenCalledWith('job:status', data);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456:jobs");
expect(mockServer.emit).toHaveBeenCalledWith("job:status", data);
});
it('should emit job:status event to specific job room', () => {
it("should emit job:status event to specific job room", () => {
const data = {
id: 'job-1',
workspaceId: 'workspace-456',
status: 'RUNNING',
previousStatus: 'PENDING',
id: "job-1",
workspaceId: "workspace-456",
status: "RUNNING",
previousStatus: "PENDING",
};
gateway.emitJobStatusChanged('workspace-456', 'job-1', data);
gateway.emitJobStatusChanged("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('job:job-1');
expect(mockServer.to).toHaveBeenCalledWith("job:job-1");
});
});
describe('emitJobProgress', () => {
it('should emit job:progress event to workspace jobs room', () => {
describe("emitJobProgress", () => {
it("should emit job:progress event to workspace jobs room", () => {
const data = {
id: 'job-1',
workspaceId: 'workspace-456',
id: "job-1",
workspaceId: "workspace-456",
progressPercent: 45,
message: 'Processing step 2 of 4',
message: "Processing step 2 of 4",
};
gateway.emitJobProgress('workspace-456', 'job-1', data);
gateway.emitJobProgress("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456:jobs');
expect(mockServer.emit).toHaveBeenCalledWith('job:progress', data);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456:jobs");
expect(mockServer.emit).toHaveBeenCalledWith("job:progress", data);
});
it('should emit job:progress event to specific job room', () => {
it("should emit job:progress event to specific job room", () => {
const data = {
id: 'job-1',
workspaceId: 'workspace-456',
id: "job-1",
workspaceId: "workspace-456",
progressPercent: 45,
message: 'Processing step 2 of 4',
message: "Processing step 2 of 4",
};
gateway.emitJobProgress('workspace-456', 'job-1', data);
gateway.emitJobProgress("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('job:job-1');
expect(mockServer.to).toHaveBeenCalledWith("job:job-1");
});
});
describe('emitStepStarted', () => {
it('should emit step:started event to workspace jobs room', () => {
describe("emitStepStarted", () => {
it("should emit step:started event to workspace jobs room", () => {
const data = {
id: 'step-1',
jobId: 'job-1',
workspaceId: 'workspace-456',
name: 'Build',
id: "step-1",
jobId: "job-1",
workspaceId: "workspace-456",
name: "Build",
};
gateway.emitStepStarted('workspace-456', 'job-1', data);
gateway.emitStepStarted("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456:jobs');
expect(mockServer.emit).toHaveBeenCalledWith('step:started', data);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456:jobs");
expect(mockServer.emit).toHaveBeenCalledWith("step:started", data);
});
it('should emit step:started event to specific job room', () => {
it("should emit step:started event to specific job room", () => {
const data = {
id: 'step-1',
jobId: 'job-1',
workspaceId: 'workspace-456',
name: 'Build',
id: "step-1",
jobId: "job-1",
workspaceId: "workspace-456",
name: "Build",
};
gateway.emitStepStarted('workspace-456', 'job-1', data);
gateway.emitStepStarted("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('job:job-1');
expect(mockServer.to).toHaveBeenCalledWith("job:job-1");
});
});
describe('emitStepCompleted', () => {
it('should emit step:completed event to workspace jobs room', () => {
describe("emitStepCompleted", () => {
it("should emit step:completed event to workspace jobs room", () => {
const data = {
id: 'step-1',
jobId: 'job-1',
workspaceId: 'workspace-456',
name: 'Build',
id: "step-1",
jobId: "job-1",
workspaceId: "workspace-456",
name: "Build",
success: true,
};
gateway.emitStepCompleted('workspace-456', 'job-1', data);
gateway.emitStepCompleted("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456:jobs');
expect(mockServer.emit).toHaveBeenCalledWith('step:completed', data);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456:jobs");
expect(mockServer.emit).toHaveBeenCalledWith("step:completed", data);
});
it('should emit step:completed event to specific job room', () => {
it("should emit step:completed event to specific job room", () => {
const data = {
id: 'step-1',
jobId: 'job-1',
workspaceId: 'workspace-456',
name: 'Build',
id: "step-1",
jobId: "job-1",
workspaceId: "workspace-456",
name: "Build",
success: true,
};
gateway.emitStepCompleted('workspace-456', 'job-1', data);
gateway.emitStepCompleted("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('job:job-1');
expect(mockServer.to).toHaveBeenCalledWith("job:job-1");
});
});
describe('emitStepOutput', () => {
it('should emit step:output event to workspace jobs room', () => {
describe("emitStepOutput", () => {
it("should emit step:output event to workspace jobs room", () => {
const data = {
id: 'step-1',
jobId: 'job-1',
workspaceId: 'workspace-456',
output: 'Build completed successfully',
id: "step-1",
jobId: "job-1",
workspaceId: "workspace-456",
output: "Build completed successfully",
timestamp: new Date().toISOString(),
};
gateway.emitStepOutput('workspace-456', 'job-1', data);
gateway.emitStepOutput("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('workspace:workspace-456:jobs');
expect(mockServer.emit).toHaveBeenCalledWith('step:output', data);
expect(mockServer.to).toHaveBeenCalledWith("workspace:workspace-456:jobs");
expect(mockServer.emit).toHaveBeenCalledWith("step:output", data);
});
it('should emit step:output event to specific job room', () => {
it("should emit step:output event to specific job room", () => {
const data = {
id: 'step-1',
jobId: 'job-1',
workspaceId: 'workspace-456',
output: 'Build completed successfully',
id: "step-1",
jobId: "job-1",
workspaceId: "workspace-456",
output: "Build completed successfully",
timestamp: new Date().toISOString(),
};
gateway.emitStepOutput('workspace-456', 'job-1', data);
gateway.emitStepOutput("workspace-456", "job-1", data);
expect(mockServer.to).toHaveBeenCalledWith('job:job-1');
expect(mockServer.to).toHaveBeenCalledWith("job:job-1");
});
});
});

62
apps/orchestrator/src/api/agents/agents.controller.ts
View File

@@ -1,9 +1,11 @@
import {
Controller,
Post,
Get,
Body,
Param,
BadRequestException,
NotFoundException,
Logger,
UsePipes,
ValidationPipe,
@@ -11,6 +13,7 @@ import {
} from "@nestjs/common";
import { QueueService } from "../../queue/queue.service";
import { AgentSpawnerService } from "../../spawner/agent-spawner.service";
import { AgentLifecycleService } from "../../spawner/agent-lifecycle.service";
import { KillswitchService } from "../../killswitch/killswitch.service";
import { SpawnAgentDto, SpawnAgentResponseDto } from "./dto/spawn-agent.dto";
@@ -24,6 +27,7 @@ export class AgentsController {
constructor(
private readonly queueService: QueueService,
private readonly spawnerService: AgentSpawnerService,
private readonly lifecycleService: AgentLifecycleService,
private readonly killswitchService: KillswitchService
) {}
@@ -66,6 +70,64 @@ export class AgentsController {
}
}
/**
* Get agent status
* @param agentId Agent ID to query
* @returns Agent status details
*/
@Get(":agentId/status")
async getAgentStatus(@Param("agentId") agentId: string): Promise<{
agentId: string;
taskId: string;
status: string;
spawnedAt: string;
startedAt?: string;
completedAt?: string;
error?: string;
}> {
this.logger.log(`Received status request for agent: ${agentId}`);
try {
// Try to get from lifecycle service (Valkey)
const lifecycleState = await this.lifecycleService.getAgentLifecycleState(agentId);
if (lifecycleState) {
return {
agentId: lifecycleState.agentId,
taskId: lifecycleState.taskId,
status: lifecycleState.status,
spawnedAt: lifecycleState.startedAt ?? new Date().toISOString(),
startedAt: lifecycleState.startedAt,
completedAt: lifecycleState.completedAt,
error: lifecycleState.error,
};
}
// Fallback to spawner service (in-memory)
const session = this.spawnerService.getAgentSession(agentId);
if (session) {
return {
agentId: session.agentId,
taskId: session.taskId,
status: session.state,
spawnedAt: session.spawnedAt.toISOString(),
completedAt: session.completedAt?.toISOString(),
error: session.error,
};
}
throw new NotFoundException(`Agent ${agentId} not found`);
} catch (error: unknown) {
if (error instanceof NotFoundException) {
throw error;
}
const errorMessage = error instanceof Error ? error.message : String(error);
this.logger.error(`Failed to get agent status: ${errorMessage}`);
throw new Error(`Failed to get agent status: ${errorMessage}`);
}
}
/**
* Kill a single agent immediately
* @param agentId Agent ID to kill

3
apps/orchestrator/src/api/agents/agents.module.ts
View File

@@ -3,9 +3,10 @@ import { AgentsController } from "./agents.controller";
import { QueueModule } from "../../queue/queue.module";
import { SpawnerModule } from "../../spawner/spawner.module";
import { KillswitchModule } from "../../killswitch/killswitch.module";
import { ValkeyModule } from "../../valkey/valkey.module";
@Module({
imports: [QueueModule, SpawnerModule, KillswitchModule],
imports: [QueueModule, SpawnerModule, KillswitchModule, ValkeyModule],
controllers: [AgentsController],
})
export class AgentsModule {}

220
apps/web/src/app/(authenticated)/federation/connections/page.tsx Normal file
View File

@@ -0,0 +1,220 @@
"use client";
/**
* Federation Connections Page
* Manage connections to remote Mosaic Stack instances
*/
import { useState, useEffect } from "react";
import { ConnectionList } from "@/components/federation/ConnectionList";
import { InitiateConnectionDialog } from "@/components/federation/InitiateConnectionDialog";
import {
mockConnections,
FederationConnectionStatus,
type ConnectionDetails,
} from "@/lib/api/federation";
// TODO: Replace with real API calls when backend is integrated
// import {
// fetchConnections,
// initiateConnection,
// acceptConnection,
// rejectConnection,
// disconnectConnection,
// } from "@/lib/api/federation";
export default function ConnectionsPage(): React.JSX.Element {
const [connections, setConnections] = useState<ConnectionDetails[]>([]);
const [isLoading, setIsLoading] = useState(false);
const [showDialog, setShowDialog] = useState(false);
const [dialogLoading, setDialogLoading] = useState(false);
const [error, setError] = useState<string | null>(null);
const [dialogError, setDialogError] = useState<string | null>(null);
// Load connections on mount
useEffect(() => {
void loadConnections();
}, []);
const loadConnections = async (): Promise<void> => {
setIsLoading(true);
setError(null);
try {
// TODO: Replace with real API call when backend is integrated
// const data = await fetchConnections();
// Using mock data for now
await new Promise((resolve) => setTimeout(resolve, 500)); // Simulate network delay
setConnections(mockConnections);
} catch (err) {
setError(
err instanceof Error ? err.message : "Unable to load connections. Please try again."
);
} finally {
setIsLoading(false);
}
};
const handleInitiate = async (_url: string): Promise<void> => {
setDialogLoading(true);
setDialogError(null);
try {
// TODO: Replace with real API call
// const newConnection = await initiateConnection({ remoteUrl: url });
// Simulate API call for now
await new Promise((resolve) => setTimeout(resolve, 1000));
// Close dialog and reload connections
setShowDialog(false);
await loadConnections();
} catch (err) {
setDialogError(
err instanceof Error
? err.message
: "Unable to initiate connection. Please check the URL and try again."
);
} finally {
setDialogLoading(false);
}
};
const handleAccept = async (connectionId: string): Promise<void> => {
setError(null);
try {
// TODO: Replace with real API call
// await acceptConnection(connectionId);
// Simulate API call and optimistic update
await new Promise((resolve) => setTimeout(resolve, 500));
setConnections((prev) =>
prev.map((conn) =>
conn.id === connectionId
? {
...conn,
status: FederationConnectionStatus.ACTIVE,
connectedAt: new Date().toISOString(),
}
: conn
)
);
} catch (err) {
setError(
err instanceof Error ? err.message : "Unable to accept connection. Please try again."
);
}
};
const handleReject = async (connectionId: string): Promise<void> => {
setError(null);
try {
// TODO: Replace with real API call
// await rejectConnection(connectionId, { reason: "User declined" });
// Simulate API call and optimistic update
await new Promise((resolve) => setTimeout(resolve, 500));
setConnections((prev) =>
prev.map((conn) =>
conn.id === connectionId
? {
...conn,
status: FederationConnectionStatus.REJECTED,
}
: conn
)
);
} catch (err) {
setError(
err instanceof Error ? err.message : "Unable to reject connection. Please try again."
);
}
};
const handleDisconnect = async (connectionId: string): Promise<void> => {
setError(null);
try {
// TODO: Replace with real API call
// await disconnectConnection(connectionId);
// Simulate API call and optimistic update
await new Promise((resolve) => setTimeout(resolve, 500));
setConnections((prev) =>
prev.map((conn) =>
conn.id === connectionId
? {
...conn,
status: FederationConnectionStatus.DISCONNECTED,
disconnectedAt: new Date().toISOString(),
}
: conn
)
);
} catch (err) {
setError(err instanceof Error ? err.message : "Unable to disconnect. Please try again.");
}
};
return (
<main className="container mx-auto px-4 py-8">
{/* Header */}
<div className="mb-8 flex items-center justify-between">
<div>
<h1 className="text-3xl font-bold text-gray-900">Federation Connections</h1>
<p className="text-gray-600 mt-2">Manage connections to other Mosaic Stack instances</p>
</div>
<button
onClick={() => {
setShowDialog(true);
}}
className="px-4 py-2 bg-blue-600 text-white text-sm font-medium rounded-md hover:bg-blue-700 transition-colors"
>
Connect to Instance
</button>
</div>
{/* Error Banner */}
{error && (
<div className="mb-6 p-4 bg-red-50 border border-red-200 rounded-lg">
<p className="text-sm text-red-600">{error}</p>
<button
onClick={() => {
setError(null);
}}
className="text-sm text-red-700 underline mt-2"
>
Dismiss
</button>
</div>
)}
{/* Connection List */}
<ConnectionList
connections={connections}
isLoading={isLoading}
onAccept={handleAccept}
onReject={handleReject}
onDisconnect={handleDisconnect}
/>
{/* Initiate Connection Dialog */}
<InitiateConnectionDialog
open={showDialog}
onInitiate={handleInitiate}
onCancel={() => {
setShowDialog(false);
setDialogError(null);
}}
isLoading={dialogLoading}
{...(dialogError && { error: dialogError })}
/>
</main>
);
}

175
apps/web/src/app/(authenticated)/federation/dashboard/page.tsx Normal file
View File

@@ -0,0 +1,175 @@
"use client";
/**
* Aggregated Dashboard Page
* Displays data from multiple federated instances in a unified view
*/
import { useState, useEffect } from "react";
import { AggregatedDataGrid } from "@/components/federation/AggregatedDataGrid";
import type { FederatedTask, FederatedEvent } from "@/components/federation/types";
import {
fetchConnections,
FederationConnectionStatus,
type ConnectionDetails,
} from "@/lib/api/federation";
import { sendFederatedQuery } from "@/lib/api/federation-queries";
import type { Task, Event } from "@mosaic/shared";
export default function AggregatedDashboardPage(): React.JSX.Element {
const [tasks, setTasks] = useState<FederatedTask[]>([]);
const [events, setEvents] = useState<FederatedEvent[]>([]);
const [isLoading, setIsLoading] = useState(true);
const [error, setError] = useState<string | null>(null);
const [connections, setConnections] = useState<ConnectionDetails[]>([]);
useEffect(() => {
void loadAggregatedData();
}, []);
async function loadAggregatedData(): Promise<void> {
setIsLoading(true);
setError(null);
try {
// Fetch all active connections
const allConnections = await fetchConnections(FederationConnectionStatus.ACTIVE);
setConnections(allConnections);
if (allConnections.length === 0) {
setIsLoading(false);
return;
}
// Query each connection for tasks and events
const allTasks: FederatedTask[] = [];
const allEvents: FederatedEvent[] = [];
const errors: string[] = [];
for (const connection of allConnections) {
try {
// Query tasks
if (connection.remoteCapabilities.supportsQuery) {
const taskResponse = await sendFederatedQuery(connection.id, "tasks.list", {
limit: 10,
});
// Wait a bit for the query to be processed and response received
// In production, this would use WebSocket or polling
await new Promise((resolve) => setTimeout(resolve, 1000));
// For MVP, we'll use mock data since query processing is async
// In production, we'd poll for the response or use WebSocket
if (taskResponse.response) {
const responseTasks = (taskResponse.response as { data?: Task[] }).data ?? [];
const federatedTasks = responseTasks.map((task) => ({
task,
provenance: {
instanceId: connection.remoteInstanceId,
instanceName:
(connection.metadata.name as string | undefined) ?? connection.remoteUrl,
instanceUrl: connection.remoteUrl,
timestamp: new Date().toISOString(),
},
}));
allTasks.push(...federatedTasks);
}
// Query events
const eventResponse = await sendFederatedQuery(connection.id, "events.list", {
limit: 10,
});
await new Promise((resolve) => setTimeout(resolve, 1000));
if (eventResponse.response) {
const responseEvents = (eventResponse.response as { data?: Event[] }).data ?? [];
const federatedEvents = responseEvents.map((event) => ({
event,
provenance: {
instanceId: connection.remoteInstanceId,
instanceName:
(connection.metadata.name as string | undefined) ?? connection.remoteUrl,
instanceUrl: connection.remoteUrl,
timestamp: new Date().toISOString(),
},
}));
allEvents.push(...federatedEvents);
}
}
} catch (err) {
const errorMessage = err instanceof Error ? err.message : "Unknown error";
const instanceName =
(connection.metadata.name as string | undefined) ?? connection.remoteUrl;
errors.push(`Unable to reach ${instanceName}: ${errorMessage}`);
}
}
setTasks(allTasks);
setEvents(allEvents);
if (errors.length > 0 && allTasks.length === 0 && allEvents.length === 0) {
setError(errors.join(", "));
}
} catch (err) {
const errorMessage = err instanceof Error ? err.message : "Unable to load connections";
setError(errorMessage);
} finally {
setIsLoading(false);
}
}
async function handleRefresh(): Promise<void> {
await loadAggregatedData();
}
return (
<main className="container mx-auto px-4 py-8">
{/* Header */}
<div className="mb-8 flex items-center justify-between">
<div>
<h1 className="text-3xl font-bold text-gray-900">Aggregated Dashboard</h1>
<p className="text-gray-600 mt-2">View tasks and events from all connected instances</p>
</div>
<button
onClick={handleRefresh}
disabled={isLoading}
className="px-4 py-2 bg-blue-600 text-white text-sm font-medium rounded-md hover:bg-blue-700 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
>
{isLoading ? "Loading..." : "Refresh"}
</button>
</div>
{/* Connection status */}
{!isLoading && connections.length > 0 && (
<div className="mb-6">
<p className="text-sm text-gray-600">
Connected to <span className="font-medium text-gray-900">{connections.length}</span>{" "}
{connections.length === 1 ? "instance" : "instances"}
</p>
</div>
)}
{/* Connection warning */}
{!isLoading && connections.length === 0 && (
<div className="mb-6 p-4 bg-yellow-50 border border-yellow-200 rounded-lg">
<p className="text-sm text-yellow-800">
No active connections found. Please visit the{" "}
<a href="/federation/connections" className="font-medium underline">
Connection Manager
</a>{" "}
to connect to remote instances.
</p>
</div>
)}
{/* Data grid */}
<AggregatedDataGrid
tasks={tasks}
events={events}
isLoading={isLoading}
{...(error !== null && { error })}
/>
</main>
);
}

228
apps/web/src/app/(authenticated)/federation/settings/page.tsx Normal file
View File

@@ -0,0 +1,228 @@
"use client";
/**
* Federation Settings Page
* Configure local instance federation settings (spoke configuration)
* Admin-only page
*/
import { useState, useEffect } from "react";
import { SpokeConfigurationForm } from "@/components/federation/SpokeConfigurationForm";
import {
fetchInstanceIdentity,
updateInstanceConfiguration,
regenerateInstanceKeys,
type PublicInstanceIdentity,
type UpdateInstanceRequest,
} from "@/lib/api/federation";
export default function FederationSettingsPage(): React.JSX.Element {
const [instance, setInstance] = useState<PublicInstanceIdentity | null>(null);
const [isLoading, setIsLoading] = useState(false);
const [isSaving, setIsSaving] = useState(false);
const [isRegenerating, setIsRegenerating] = useState(false);
const [error, setError] = useState<string | null>(null);
const [saveError, setSaveError] = useState<string | null>(null);
const [successMessage, setSuccessMessage] = useState<string | null>(null);
const [showRegenerateConfirm, setShowRegenerateConfirm] = useState(false);
// Load instance identity on mount
useEffect(() => {
void loadInstance();
}, []);
const loadInstance = async (): Promise<void> => {
setIsLoading(true);
setError(null);
try {
const data = await fetchInstanceIdentity();
setInstance(data);
} catch (err) {
setError(
err instanceof Error
? err.message
: "Unable to load instance configuration. Please try again."
);
} finally {
setIsLoading(false);
}
};
const handleSave = async (updates: UpdateInstanceRequest): Promise<void> => {
setIsSaving(true);
setSaveError(null);
setSuccessMessage(null);
try {
const updatedInstance = await updateInstanceConfiguration(updates);
setInstance(updatedInstance);
setSuccessMessage("Configuration saved successfully");
// Clear success message after 3 seconds
setTimeout(() => {
setSuccessMessage(null);
}, 3000);
} catch (err) {
setSaveError(
err instanceof Error ? err.message : "Unable to save configuration. Please try again."
);
} finally {
setIsSaving(false);
}
};
const handleRegenerateKeys = async (): Promise<void> => {
setIsRegenerating(true);
setSaveError(null);
setSuccessMessage(null);
try {
const updatedInstance = await regenerateInstanceKeys();
setInstance(updatedInstance);
setSuccessMessage("Instance keypair regenerated successfully");
setShowRegenerateConfirm(false);
// Clear success message after 3 seconds
setTimeout(() => {
setSuccessMessage(null);
}, 3000);
} catch (err) {
setSaveError(
err instanceof Error ? err.message : "Unable to regenerate keys. Please try again."
);
} finally {
setIsRegenerating(false);
}
};
// Loading state
if (isLoading) {
return (
<div className="container mx-auto px-4 py-8">
<div className="max-w-4xl mx-auto">
<h1 className="text-3xl font-bold text-gray-900 mb-8">Federation Settings</h1>
<div className="bg-white border border-gray-200 rounded-lg p-8 text-center">
<div className="text-gray-600">Loading configuration...</div>
</div>
</div>
</div>
);
}
// Error state
if (error) {
return (
<div className="container mx-auto px-4 py-8">
<div className="max-w-4xl mx-auto">
<h1 className="text-3xl font-bold text-gray-900 mb-8">Federation Settings</h1>
<div className="bg-red-50 border border-red-200 rounded-lg p-8">
<h2 className="text-lg font-semibold text-red-900 mb-2">
Unable to Load Configuration
</h2>
<p className="text-red-700">{error}</p>
<button
onClick={() => void loadInstance()}
className="mt-4 px-4 py-2 bg-red-600 text-white rounded-lg hover:bg-red-700 transition-colors"
>
Try Again
</button>
</div>
</div>
</div>
);
}
// No instance (shouldn't happen, but handle gracefully)
if (!instance) {
return (
<div className="container mx-auto px-4 py-8">
<div className="max-w-4xl mx-auto">
<h1 className="text-3xl font-bold text-gray-900 mb-8">Federation Settings</h1>
<div className="bg-gray-50 border border-gray-200 rounded-lg p-8 text-center">
<div className="text-gray-600">No instance configuration found</div>
</div>
</div>
</div>
);
}
return (
<div className="container mx-auto px-4 py-8">
<div className="max-w-4xl mx-auto">
{/* Page Header */}
<div className="mb-8">
<h1 className="text-3xl font-bold text-gray-900 mb-2">Federation Settings</h1>
<p className="text-gray-600">
Configure your instance's federation capabilities and identity. These settings determine
how your instance interacts with other Mosaic Stack instances.
</p>
</div>
{/* Success Message */}
{successMessage && (
<div className="mb-6 bg-green-50 border border-green-200 text-green-700 px-4 py-3 rounded-lg">
{successMessage}
</div>
)}
{/* Main Configuration Form */}
<div className="bg-white border border-gray-200 rounded-lg p-6">
<SpokeConfigurationForm
instance={instance}
onSave={handleSave}
isLoading={isSaving}
{...(saveError && { error: saveError })}
/>
</div>
{/* Advanced Section: Regenerate Keys */}
<div className="mt-8 bg-white border border-gray-200 rounded-lg p-6">
<h3 className="text-lg font-medium text-gray-900 mb-2">Advanced</h3>
<p className="text-sm text-gray-600 mb-4">
Regenerating your instance's keypair will invalidate all existing federation
connections. Connected instances will need to re-establish connections with your new
public key.
</p>
{showRegenerateConfirm ? (
<div className="bg-yellow-50 border border-yellow-200 rounded-lg p-4">
<h4 className="font-medium text-yellow-900 mb-2">Confirm Keypair Regeneration</h4>
<p className="text-sm text-yellow-800 mb-4">
This action will disconnect all federated instances. They will need to reconnect
using your new public key. This action cannot be undone.
</p>
<div className="flex items-center space-x-3">
<button
onClick={() => void handleRegenerateKeys()}
disabled={isRegenerating}
className="px-4 py-2 bg-yellow-600 text-white rounded-lg hover:bg-yellow-700 disabled:bg-gray-300 disabled:cursor-not-allowed transition-colors"
>
{isRegenerating ? "Regenerating..." : "Confirm Regenerate"}
</button>
<button
onClick={() => {
setShowRegenerateConfirm(false);
}}
disabled={isRegenerating}
className="px-4 py-2 border border-gray-300 text-gray-700 rounded-lg hover:bg-gray-50 disabled:bg-gray-100 disabled:cursor-not-allowed transition-colors"
>
Cancel
</button>
</div>
</div>
) : (
<button
onClick={() => {
setShowRegenerateConfirm(true);
}}
className="px-4 py-2 border border-yellow-600 text-yellow-700 rounded-lg hover:bg-yellow-50 transition-colors"
>
Regenerate Keypair
</button>
)}
</div>
</div>
</div>
);
}

156
apps/web/src/components/federation/AggregatedDataGrid.test.tsx Normal file
View File

@@ -0,0 +1,156 @@
/**
* AggregatedDataGrid Component Tests
*/
import { describe, it, expect } from "vitest";
import { render, screen } from "@testing-library/react";
import { AggregatedDataGrid } from "./AggregatedDataGrid";
import { TaskStatus, TaskPriority } from "@mosaic/shared";
import type { FederatedTask, FederatedEvent } from "./types";
const mockTasks: FederatedTask[] = [
{
task: {
id: "task-1",
title: "Task from Work",
description: "Work task",
status: TaskStatus.IN_PROGRESS,
priority: TaskPriority.HIGH,
dueDate: new Date("2026-02-05"),
creatorId: "user-1",
assigneeId: "user-1",
workspaceId: "workspace-1",
projectId: null,
parentId: null,
sortOrder: 0,
metadata: {},
completedAt: null,
createdAt: new Date("2026-02-03"),
updatedAt: new Date("2026-02-03"),
},
provenance: {
instanceId: "instance-work-001",
instanceName: "Work Instance",
instanceUrl: "https://mosaic.work.example.com",
timestamp: "2026-02-03T14:00:00Z",
},
},
{
task: {
id: "task-2",
title: "Task from Home",
description: "Home task",
status: TaskStatus.NOT_STARTED,
priority: TaskPriority.MEDIUM,
dueDate: new Date("2026-02-06"),
creatorId: "user-1",
assigneeId: "user-1",
workspaceId: "workspace-2",
projectId: null,
parentId: null,
sortOrder: 0,
metadata: {},
completedAt: null,
createdAt: new Date("2026-02-03"),
updatedAt: new Date("2026-02-03"),
},
provenance: {
instanceId: "instance-home-001",
instanceName: "Home Instance",
instanceUrl: "https://mosaic.home.example.com",
timestamp: "2026-02-03T14:00:00Z",
},
},
];
const mockEvents: FederatedEvent[] = [
{
event: {
id: "event-1",
title: "Meeting from Work",
description: "Team standup",
startTime: new Date("2026-02-05T10:00:00"),
endTime: new Date("2026-02-05T10:30:00"),
allDay: false,
location: "Zoom",
recurrence: null,
creatorId: "user-1",
workspaceId: "workspace-1",
projectId: null,
metadata: {},
createdAt: new Date("2026-02-03"),
updatedAt: new Date("2026-02-03"),
},
provenance: {
instanceId: "instance-work-001",
instanceName: "Work Instance",
instanceUrl: "https://mosaic.work.example.com",
timestamp: "2026-02-03T14:00:00Z",
},
},
];
describe("AggregatedDataGrid", () => {
it("should render tasks", () => {
render(<AggregatedDataGrid tasks={mockTasks} events={[]} />);
expect(screen.getByText("Task from Work")).toBeInTheDocument();
expect(screen.getByText("Task from Home")).toBeInTheDocument();
});
it("should render events", () => {
render(<AggregatedDataGrid tasks={[]} events={mockEvents} />);
expect(screen.getByText("Meeting from Work")).toBeInTheDocument();
});
it("should render both tasks and events", () => {
render(<AggregatedDataGrid tasks={mockTasks} events={mockEvents} />);
expect(screen.getByText("Task from Work")).toBeInTheDocument();
expect(screen.getByText("Meeting from Work")).toBeInTheDocument();
});
it("should show loading state", () => {
render(<AggregatedDataGrid tasks={[]} events={[]} isLoading={true} />);
expect(screen.getByText("Loading data from instances...")).toBeInTheDocument();
});
it("should show empty state when no data", () => {
render(<AggregatedDataGrid tasks={[]} events={[]} />);
expect(screen.getByText("No data available from connected instances")).toBeInTheDocument();
});
it("should show error message", () => {
render(<AggregatedDataGrid tasks={[]} events={[]} error="Unable to reach work instance" />);
expect(screen.getByText("Unable to reach work instance")).toBeInTheDocument();
});
it("should render with custom className", () => {
const { container } = render(
<AggregatedDataGrid tasks={mockTasks} events={[]} className="custom-class" />
);
expect(container.querySelector(".custom-class")).toBeInTheDocument();
});
it("should show instance provenance indicators", () => {
render(<AggregatedDataGrid tasks={mockTasks} events={[]} />);
expect(screen.getByText("Work Instance")).toBeInTheDocument();
expect(screen.getByText("Home Instance")).toBeInTheDocument();
});
it("should render with compact mode", () => {
const { container } = render(
<AggregatedDataGrid tasks={mockTasks} events={[]} compact={true} />
);
// Check that cards have compact padding
const compactCards = container.querySelectorAll(".p-3");
expect(compactCards.length).toBeGreaterThan(0);
});
});

100
apps/web/src/components/federation/AggregatedDataGrid.tsx Normal file
View File

@@ -0,0 +1,100 @@
/**
* AggregatedDataGrid Component
* Displays aggregated tasks and events from multiple federated instances
*/
import type { FederatedTask, FederatedEvent } from "./types";
import { FederatedTaskCard } from "./FederatedTaskCard";
import { FederatedEventCard } from "./FederatedEventCard";
interface AggregatedDataGridProps {
tasks: FederatedTask[];
events: FederatedEvent[];
isLoading?: boolean;
error?: string;
compact?: boolean;
className?: string;
}
export function AggregatedDataGrid({
tasks,
events,
isLoading = false,
error,
compact = false,
className = "",
}: AggregatedDataGridProps): React.JSX.Element {
// Loading state
if (isLoading) {
return (
<div className={`flex items-center justify-center p-8 ${className}`}>
<div className="text-center">
<div className="inline-block animate-spin rounded-full h-8 w-8 border-b-2 border-blue-600 mb-4"></div>
<p className="text-gray-600">Loading data from instances...</p>
</div>
</div>
);
}
// Error state
if (error) {
return (
<div className={`flex items-center justify-center p-8 ${className}`}>
<div className="text-center">
<span className="text-4xl mb-4 block"></span>
<p className="text-gray-900 font-medium mb-2">Unable to load data</p>
<p className="text-gray-600 text-sm">{error}</p>
</div>
</div>
);
}
// Empty state
if (tasks.length === 0 && events.length === 0) {
return (
<div className={`flex items-center justify-center p-8 ${className}`}>
<div className="text-center">
<span className="text-4xl mb-4 block">📋</span>
<p className="text-gray-900 font-medium mb-2">No data available</p>
<p className="text-gray-600 text-sm">No data available from connected instances</p>
</div>
</div>
);
}
return (
<div className={`space-y-4 ${className}`}>
{/* Tasks section */}
{tasks.length > 0 && (
<div>
<h3 className="text-lg font-medium text-gray-900 mb-3">Tasks ({tasks.length})</h3>
<div className="space-y-2">
{tasks.map((federatedTask) => (
<FederatedTaskCard
key={`task-${federatedTask.task.id}-${federatedTask.provenance.instanceId}`}
federatedTask={federatedTask}
compact={compact}
/>
))}
</div>
</div>
)}
{/* Events section */}
{events.length > 0 && (
<div>
<h3 className="text-lg font-medium text-gray-900 mb-3">Events ({events.length})</h3>
<div className="space-y-2">
{events.map((federatedEvent) => (
<FederatedEventCard
key={`event-${federatedEvent.event.id}-${federatedEvent.provenance.instanceId}`}
federatedEvent={federatedEvent}
compact={compact}
/>
))}
</div>
</div>
)}
</div>
);
}

201
apps/web/src/components/federation/ConnectionCard.test.tsx Normal file
View File

@@ -0,0 +1,201 @@
/**
* ConnectionCard Component Tests
* Following TDD - write tests first!
*/
import { describe, it, expect, vi } from "vitest";
import { render, screen } from "@testing-library/react";
import userEvent from "@testing-library/user-event";
import { ConnectionCard } from "./ConnectionCard";
import { FederationConnectionStatus, type ConnectionDetails } from "@/lib/api/federation";
describe("ConnectionCard", (): void => {
const mockActiveConnection: ConnectionDetails = {
id: "conn-1",
workspaceId: "workspace-1",
remoteInstanceId: "instance-work-001",
remoteUrl: "https://mosaic.work.example.com",
remotePublicKey: "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
remoteCapabilities: {
supportsQuery: true,
supportsCommand: true,
supportsEvent: true,
supportsAgentSpawn: true,
protocolVersion: "1.0",
},
status: FederationConnectionStatus.ACTIVE,
metadata: {
name: "Work Instance",
description: "Corporate Mosaic instance",
},
createdAt: new Date("2026-02-01").toISOString(),
updatedAt: new Date("2026-02-01").toISOString(),
connectedAt: new Date("2026-02-01").toISOString(),
disconnectedAt: null,
};
const mockPendingConnection: ConnectionDetails = {
...mockActiveConnection,
id: "conn-2",
status: FederationConnectionStatus.PENDING,
metadata: {
name: "Partner Instance",
description: "Awaiting acceptance",
},
connectedAt: null,
};
const mockOnAccept = vi.fn();
const mockOnReject = vi.fn();
const mockOnDisconnect = vi.fn();
it("should render connection name from metadata", (): void => {
render(<ConnectionCard connection={mockActiveConnection} />);
expect(screen.getByText("Work Instance")).toBeInTheDocument();
});
it("should render connection URL", (): void => {
render(<ConnectionCard connection={mockActiveConnection} />);
expect(screen.getByText("https://mosaic.work.example.com")).toBeInTheDocument();
});
it("should render connection description from metadata", (): void => {
render(<ConnectionCard connection={mockActiveConnection} />);
expect(screen.getByText("Corporate Mosaic instance")).toBeInTheDocument();
});
it("should show Active status with green indicator for active connections", (): void => {
render(<ConnectionCard connection={mockActiveConnection} />);
expect(screen.getByText("Active")).toBeInTheDocument();
});
it("should show Pending status with blue indicator for pending connections", (): void => {
render(<ConnectionCard connection={mockPendingConnection} />);
expect(screen.getByText("Pending")).toBeInTheDocument();
});
it("should show Disconnected status for disconnected connections", (): void => {
const disconnectedConnection = {
...mockActiveConnection,
status: FederationConnectionStatus.DISCONNECTED,
disconnectedAt: new Date("2026-02-02").toISOString(),
};
render(<ConnectionCard connection={disconnectedConnection} />);
expect(screen.getByText("Disconnected")).toBeInTheDocument();
});
it("should show Rejected status for rejected connections", (): void => {
const rejectedConnection = {
...mockActiveConnection,
status: FederationConnectionStatus.REJECTED,
};
render(<ConnectionCard connection={rejectedConnection} />);
expect(screen.getByText("Rejected")).toBeInTheDocument();
});
it("should show Disconnect button for active connections", (): void => {
render(<ConnectionCard connection={mockActiveConnection} onDisconnect={mockOnDisconnect} />);
expect(screen.getByRole("button", { name: /disconnect/i })).toBeInTheDocument();
});
it("should show Accept and Reject buttons for pending connections", (): void => {
render(
<ConnectionCard
connection={mockPendingConnection}
onAccept={mockOnAccept}
onReject={mockOnReject}
/>
);
expect(screen.getByRole("button", { name: /accept/i })).toBeInTheDocument();
expect(screen.getByRole("button", { name: /reject/i })).toBeInTheDocument();
});
it("should not show action buttons for disconnected connections", (): void => {
const disconnectedConnection = {
...mockActiveConnection,
status: FederationConnectionStatus.DISCONNECTED,
};
render(<ConnectionCard connection={disconnectedConnection} />);
expect(screen.queryByRole("button")).not.toBeInTheDocument();
});
it("should call onAccept when accept button clicked", async (): Promise<void> => {
const user = userEvent.setup();
render(
<ConnectionCard
connection={mockPendingConnection}
onAccept={mockOnAccept}
onReject={mockOnReject}
/>
);
const acceptButton = screen.getByRole("button", { name: /accept/i });
await user.click(acceptButton);
expect(mockOnAccept).toHaveBeenCalledWith(mockPendingConnection.id);
});
it("should call onReject when reject button clicked", async (): Promise<void> => {
const user = userEvent.setup();
render(
<ConnectionCard
connection={mockPendingConnection}
onAccept={mockOnAccept}
onReject={mockOnReject}
/>
);
const rejectButton = screen.getByRole("button", { name: /reject/i });
await user.click(rejectButton);
expect(mockOnReject).toHaveBeenCalledWith(mockPendingConnection.id);
});
it("should call onDisconnect when disconnect button clicked", async (): Promise<void> => {
const user = userEvent.setup();
render(<ConnectionCard connection={mockActiveConnection} onDisconnect={mockOnDisconnect} />);
const disconnectButton = screen.getByRole("button", { name: /disconnect/i });
await user.click(disconnectButton);
expect(mockOnDisconnect).toHaveBeenCalledWith(mockActiveConnection.id);
});
it("should display capabilities when showDetails is true", (): void => {
render(<ConnectionCard connection={mockActiveConnection} showDetails={true} />);
expect(screen.getByText(/Query/i)).toBeInTheDocument();
expect(screen.getByText(/Command/i)).toBeInTheDocument();
expect(screen.getByText(/Events/i)).toBeInTheDocument();
expect(screen.getByText(/Agent Spawn/i)).toBeInTheDocument();
});
it("should not display capabilities by default", (): void => {
render(<ConnectionCard connection={mockActiveConnection} />);
// Capabilities should not be visible without showDetails=true
const card = screen.getByText("Work Instance").closest("div");
expect(card?.textContent).not.toMatch(/Query.*Command.*Events/);
});
it("should use fallback name if metadata name is missing", (): void => {
const connectionWithoutName = {
...mockActiveConnection,
metadata: {},
};
render(<ConnectionCard connection={connectionWithoutName} />);
expect(screen.getByText("Remote Instance")).toBeInTheDocument();
});
it("should render with compact layout when compact prop is true", (): void => {
const { container } = render(
<ConnectionCard connection={mockActiveConnection} compact={true} />
);
// Verify compact class is applied
expect(container.querySelector(".p-3")).toBeInTheDocument();
});
it("should render with full layout by default", (): void => {
const { container } = render(<ConnectionCard connection={mockActiveConnection} />);
// Verify full padding is applied
expect(container.querySelector(".p-4")).toBeInTheDocument();
});
});

152
apps/web/src/components/federation/ConnectionCard.tsx Normal file
View File

@@ -0,0 +1,152 @@
/**
* ConnectionCard Component
* Displays a single federation connection with PDA-friendly design
*/
import { FederationConnectionStatus, type ConnectionDetails } from "@/lib/api/federation";
interface ConnectionCardProps {
connection: ConnectionDetails;
onAccept?: (connectionId: string) => void;
onReject?: (connectionId: string) => void;
onDisconnect?: (connectionId: string) => void;
showDetails?: boolean;
compact?: boolean;
}
/**
* Get PDA-friendly status text and color
*/
function getStatusDisplay(status: FederationConnectionStatus): {
text: string;
colorClass: string;
icon: string;
} {
switch (status) {
case FederationConnectionStatus.ACTIVE:
return {
text: "Active",
colorClass: "text-green-600 bg-green-50",
icon: "🟢",
};
case FederationConnectionStatus.PENDING:
return {
text: "Pending",
colorClass: "text-blue-600 bg-blue-50",
icon: "🔵",
};
case FederationConnectionStatus.DISCONNECTED:
return {
text: "Disconnected",
colorClass: "text-yellow-600 bg-yellow-50",
icon: "⏸️",
};
case FederationConnectionStatus.REJECTED:
return {
text: "Rejected",
colorClass: "text-gray-600 bg-gray-50",
icon: "⚪",
};
}
}
export function ConnectionCard({
connection,
onAccept,
onReject,
onDisconnect,
showDetails = false,
compact = false,
}: ConnectionCardProps): React.JSX.Element {
const status = getStatusDisplay(connection.status);
const name =
typeof connection.metadata.name === "string" ? connection.metadata.name : "Remote Instance";
const description = connection.metadata.description as string | undefined;
const paddingClass = compact ? "p-3" : "p-4";
return (
<div
className={`border border-gray-200 rounded-lg ${paddingClass} hover:border-gray-300 transition-colors`}
>
{/* Header */}
<div className="flex items-start justify-between mb-2">
<div className="flex-1">
<h3 className="text-lg font-medium text-gray-900">{name}</h3>
<p className="text-sm text-gray-600 mt-1">{connection.remoteUrl}</p>
{description && <p className="text-sm text-gray-500 mt-1">{description}</p>}
</div>
{/* Status Badge */}
<div
className={`flex items-center gap-1 px-3 py-1 rounded-full text-sm font-medium ${status.colorClass}`}
>
<span>{status.icon}</span>
<span>{status.text}</span>
</div>
</div>
{/* Capabilities (when showDetails is true) */}
{showDetails && (
<div className="mt-3 pt-3 border-t border-gray-100">
<p className="text-xs font-medium text-gray-700 mb-2">Capabilities</p>
<div className="flex flex-wrap gap-2">
{connection.remoteCapabilities.supportsQuery && (
<span className="text-xs px-2 py-1 bg-gray-100 text-gray-700 rounded">Query</span>
)}
{connection.remoteCapabilities.supportsCommand && (
<span className="text-xs px-2 py-1 bg-gray-100 text-gray-700 rounded">Command</span>
)}
{connection.remoteCapabilities.supportsEvent && (
<span className="text-xs px-2 py-1 bg-gray-100 text-gray-700 rounded">Events</span>
)}
{connection.remoteCapabilities.supportsAgentSpawn && (
<span className="text-xs px-2 py-1 bg-gray-100 text-gray-700 rounded">
Agent Spawn
</span>
)}
</div>
</div>
)}
{/* Actions */}
{connection.status === FederationConnectionStatus.PENDING && (onAccept ?? onReject) && (
<div className="mt-4 flex gap-2">
{onAccept && (
<button
onClick={() => {
onAccept(connection.id);
}}
className="px-4 py-2 bg-green-600 text-white text-sm font-medium rounded-md hover:bg-green-700 transition-colors"
>
Accept
</button>
)}
{onReject && (
<button
onClick={() => {
onReject(connection.id);
}}
className="px-4 py-2 bg-gray-200 text-gray-700 text-sm font-medium rounded-md hover:bg-gray-300 transition-colors"
>
Reject
</button>
)}
</div>
)}
{connection.status === FederationConnectionStatus.ACTIVE && onDisconnect && (
<div className="mt-4">
<button
onClick={() => {
onDisconnect(connection.id);
}}
className="px-4 py-2 bg-gray-200 text-gray-700 text-sm font-medium rounded-md hover:bg-gray-300 transition-colors"
>
Disconnect
</button>
</div>
)}
</div>
);
}

120
apps/web/src/components/federation/ConnectionList.test.tsx Normal file
View File

@@ -0,0 +1,120 @@
/**
* ConnectionList Component Tests
* Following TDD - write tests first!
*/
import { describe, it, expect, vi } from "vitest";
import { render, screen } from "@testing-library/react";
import { ConnectionList } from "./ConnectionList";
import { FederationConnectionStatus, type ConnectionDetails } from "@/lib/api/federation";
describe("ConnectionList", (): void => {
const mockConnections: ConnectionDetails[] = [
{
id: "conn-1",
workspaceId: "workspace-1",
remoteInstanceId: "instance-work-001",
remoteUrl: "https://mosaic.work.example.com",
remotePublicKey: "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
remoteCapabilities: {
supportsQuery: true,
supportsCommand: true,
supportsEvent: true,
supportsAgentSpawn: true,
protocolVersion: "1.0",
},
status: FederationConnectionStatus.ACTIVE,
metadata: {
name: "Work Instance",
description: "Corporate Mosaic instance",
},
createdAt: new Date("2026-02-01").toISOString(),
updatedAt: new Date("2026-02-01").toISOString(),
connectedAt: new Date("2026-02-01").toISOString(),
disconnectedAt: null,
},
{
id: "conn-2",
workspaceId: "workspace-1",
remoteInstanceId: "instance-partner-001",
remoteUrl: "https://mosaic.partner.example.com",
remotePublicKey: "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
remoteCapabilities: {
supportsQuery: true,
supportsCommand: false,
supportsEvent: true,
supportsAgentSpawn: false,
protocolVersion: "1.0",
},
status: FederationConnectionStatus.PENDING,
metadata: {
name: "Partner Instance",
description: "Awaiting acceptance",
},
createdAt: new Date("2026-02-02").toISOString(),
updatedAt: new Date("2026-02-02").toISOString(),
connectedAt: null,
disconnectedAt: null,
},
];
const mockOnAccept = vi.fn();
const mockOnReject = vi.fn();
const mockOnDisconnect = vi.fn();
it("should render loading state", (): void => {
render(<ConnectionList connections={[]} isLoading={true} />);
expect(screen.getByText(/loading/i)).toBeInTheDocument();
});
it("should render empty state when no connections", (): void => {
render(<ConnectionList connections={[]} isLoading={false} />);
expect(screen.getByText(/no federation connections/i)).toBeInTheDocument();
});
it("should render PDA-friendly empty state message", (): void => {
render(<ConnectionList connections={[]} isLoading={false} />);
expect(screen.getByText(/ready to connect/i)).toBeInTheDocument();
});
it("should render all connections", (): void => {
render(<ConnectionList connections={mockConnections} isLoading={false} />);
expect(screen.getByText("Work Instance")).toBeInTheDocument();
expect(screen.getByText("Partner Instance")).toBeInTheDocument();
});
it("should group connections by status", (): void => {
render(<ConnectionList connections={mockConnections} isLoading={false} />);
expect(screen.getByRole("heading", { name: "Active" })).toBeInTheDocument();
expect(screen.getByRole("heading", { name: "Pending" })).toBeInTheDocument();
});
it("should pass handlers to connection cards", (): void => {
render(
<ConnectionList
connections={mockConnections}
isLoading={false}
onAccept={mockOnAccept}
onReject={mockOnReject}
onDisconnect={mockOnDisconnect}
/>
);
const acceptButtons = screen.getAllByRole("button", { name: /accept/i });
const disconnectButtons = screen.getAllByRole("button", { name: /disconnect/i });
expect(acceptButtons.length).toBeGreaterThan(0);
expect(disconnectButtons.length).toBeGreaterThan(0);
});
it("should handle null connections array", (): void => {
render(<ConnectionList connections={null} isLoading={false} />);
expect(screen.getByText(/no federation connections/i)).toBeInTheDocument();
});
it("should render with compact layout when compact prop is true", (): void => {
render(<ConnectionList connections={mockConnections} isLoading={false} compact={true} />);
// Verify connections are rendered
expect(screen.getByText("Work Instance")).toBeInTheDocument();
});
});

116
apps/web/src/components/federation/ConnectionList.tsx Normal file
View File

@@ -0,0 +1,116 @@
/**
* ConnectionList Component
* Displays a list of federation connections grouped by status
*/
import { FederationConnectionStatus, type ConnectionDetails } from "@/lib/api/federation";
import { ConnectionCard } from "./ConnectionCard";
interface ConnectionListProps {
connections: ConnectionDetails[] | null;
isLoading: boolean;
onAccept?: (connectionId: string) => void;
onReject?: (connectionId: string) => void;
onDisconnect?: (connectionId: string) => void;
compact?: boolean;
}
export function ConnectionList({
connections,
isLoading,
onAccept,
onReject,
onDisconnect,
compact = false,
}: ConnectionListProps): React.JSX.Element {
if (isLoading) {
return (
<div className="flex justify-center items-center p-8">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-gray-900"></div>
<span className="ml-3 text-gray-600">Loading connections...</span>
</div>
);
}
// Handle null/undefined connections gracefully
if (!connections || connections.length === 0) {
return (
<div className="text-center p-8 text-gray-500">
<p className="text-lg">No federation connections</p>
<p className="text-sm mt-2">Ready to connect to remote instances</p>
</div>
);
}
// Group connections by status
const groupedConnections: Record<FederationConnectionStatus, ConnectionDetails[]> = {
[FederationConnectionStatus.PENDING]: [],
[FederationConnectionStatus.ACTIVE]: [],
[FederationConnectionStatus.DISCONNECTED]: [],
[FederationConnectionStatus.REJECTED]: [],
};
connections.forEach((connection) => {
groupedConnections[connection.status].push(connection);
});
// Define group order with PDA-friendly labels
const groups: {
status: FederationConnectionStatus;
label: string;
description: string;
}[] = [
{
status: FederationConnectionStatus.ACTIVE,
label: "Active",
description: "Currently connected instances",
},
{
status: FederationConnectionStatus.PENDING,
label: "Pending",
description: "Connections awaiting acceptance",
},
{
status: FederationConnectionStatus.DISCONNECTED,
label: "Disconnected",
description: "Previously connected instances",
},
{
status: FederationConnectionStatus.REJECTED,
label: "Rejected",
description: "Connection requests that were declined",
},
];
return (
<div className="space-y-8">
{groups.map((group) => {
const groupConnections = groupedConnections[group.status];
if (groupConnections.length === 0) {
return null;
}
return (
<section key={group.status}>
<div className="mb-4">
<h2 className="text-lg font-semibold text-gray-700">{group.label}</h2>
<p className="text-sm text-gray-500 mt-1">{group.description}</p>
</div>
<div className="space-y-3">
{groupConnections.map((connection) => (
<ConnectionCard
key={connection.id}
connection={connection}
{...(onAccept && { onAccept })}
{...(onReject && { onReject })}
{...(onDisconnect && { onDisconnect })}
compact={compact}
/>
))}
</div>
</section>
);
})}
</div>
);
}

136
apps/web/src/components/federation/FederatedEventCard.test.tsx Normal file
View File

@@ -0,0 +1,136 @@
/**
* FederatedEventCard Component Tests
*/
import { describe, it, expect } from "vitest";
import { render, screen } from "@testing-library/react";
import { FederatedEventCard } from "./FederatedEventCard";
import type { FederatedEvent } from "./types";
const mockEvent: FederatedEvent = {
event: {
id: "event-1",
title: "Team standup",
description: "Daily sync meeting",
startTime: new Date("2026-02-05T10:00:00"),
endTime: new Date("2026-02-05T10:30:00"),
allDay: false,
location: "Zoom",
recurrence: null,
creatorId: "user-1",
workspaceId: "workspace-1",
projectId: null,
metadata: {},
createdAt: new Date("2026-02-03"),
updatedAt: new Date("2026-02-03"),
},
provenance: {
instanceId: "instance-work-001",
instanceName: "Work Instance",
instanceUrl: "https://mosaic.work.example.com",
timestamp: "2026-02-03T14:00:00Z",
},
};
describe("FederatedEventCard", () => {
it("should render event title", () => {
render(<FederatedEventCard federatedEvent={mockEvent} />);
expect(screen.getByText("Team standup")).toBeInTheDocument();
});
it("should render event description", () => {
render(<FederatedEventCard federatedEvent={mockEvent} />);
expect(screen.getByText("Daily sync meeting")).toBeInTheDocument();
});
it("should render provenance indicator", () => {
render(<FederatedEventCard federatedEvent={mockEvent} />);
expect(screen.getByText("Work Instance")).toBeInTheDocument();
});
it("should render event time", () => {
render(<FederatedEventCard federatedEvent={mockEvent} />);
// Check for time components
expect(screen.getByText(/10:00/)).toBeInTheDocument();
});
it("should render event location", () => {
render(<FederatedEventCard federatedEvent={mockEvent} />);
expect(screen.getByText("Zoom")).toBeInTheDocument();
});
it("should render with compact mode", () => {
const { container } = render(<FederatedEventCard federatedEvent={mockEvent} compact={true} />);
const card = container.querySelector(".p-3");
expect(card).toBeInTheDocument();
});
it("should handle event without description", () => {
const eventNoDesc: FederatedEvent = {
...mockEvent,
event: {
...mockEvent.event,
description: null,
},
};
render(<FederatedEventCard federatedEvent={eventNoDesc} />);
expect(screen.getByText("Team standup")).toBeInTheDocument();
expect(screen.queryByText("Daily sync meeting")).not.toBeInTheDocument();
});
it("should handle event without location", () => {
const eventNoLocation: FederatedEvent = {
...mockEvent,
event: {
...mockEvent.event,
location: null,
},
};
render(<FederatedEventCard federatedEvent={eventNoLocation} />);
expect(screen.getByText("Team standup")).toBeInTheDocument();
expect(screen.queryByText("Zoom")).not.toBeInTheDocument();
});
it("should render all-day event", () => {
const allDayEvent: FederatedEvent = {
...mockEvent,
event: {
...mockEvent.event,
allDay: true,
},
};
render(<FederatedEventCard federatedEvent={allDayEvent} />);
expect(screen.getByText("All day")).toBeInTheDocument();
});
it("should handle onClick callback", () => {
let clicked = false;
const handleClick = (): void => {
clicked = true;
};
const { container } = render(
<FederatedEventCard federatedEvent={mockEvent} onClick={handleClick} />
);
const card = container.querySelector(".cursor-pointer");
expect(card).toBeInTheDocument();
if (card instanceof HTMLElement) {
card.click();
}
expect(clicked).toBe(true);
});
});

94
apps/web/src/components/federation/FederatedEventCard.tsx Normal file
View File

@@ -0,0 +1,94 @@
/**
* FederatedEventCard Component
* Displays an event from a federated instance with provenance indicator
*/
import type { FederatedEvent } from "./types";
import { ProvenanceIndicator } from "./ProvenanceIndicator";
interface FederatedEventCardProps {
federatedEvent: FederatedEvent;
compact?: boolean;
onClick?: () => void;
}
/**
* Format time for display
*/
function formatTime(date: Date): string {
return new Intl.DateTimeFormat("en-US", {
hour: "numeric",
minute: "2-digit",
hour12: true,
}).format(new Date(date));
}
/**
* Format date for display
*/
function formatDate(date: Date): string {
return new Intl.DateTimeFormat("en-US", {
weekday: "short",
month: "short",
day: "numeric",
}).format(new Date(date));
}
export function FederatedEventCard({
federatedEvent,
compact = false,
onClick,
}: FederatedEventCardProps): React.JSX.Element {
const { event, provenance } = federatedEvent;
const paddingClass = compact ? "p-3" : "p-4";
const clickableClass = onClick ? "cursor-pointer hover:border-gray-300" : "";
const startTime = formatTime(event.startTime);
const endTime = event.endTime !== null ? formatTime(event.endTime) : "";
const startDate = formatDate(event.startTime);
return (
<div
className={`border border-gray-200 rounded-lg ${paddingClass} ${clickableClass} transition-colors`}
onClick={onClick}
>
{/* Header with title and provenance */}
<div className="flex items-start justify-between mb-2">
<div className="flex-1">
<h3 className="text-base font-medium text-gray-900">{event.title}</h3>
{event.description && <p className="text-sm text-gray-600 mt-1">{event.description}</p>}
</div>
<ProvenanceIndicator
instanceId={provenance.instanceId}
instanceName={provenance.instanceName}
instanceUrl={provenance.instanceUrl}
compact={compact}
/>
</div>
{/* Metadata row */}
<div className="flex items-center gap-3 text-sm flex-wrap">
{/* Date */}
<span className="text-xs text-gray-700 font-medium">{startDate}</span>
{/* Time */}
{event.allDay ? (
<span className="text-xs text-gray-600">All day</span>
) : (
<span className="text-xs text-gray-600">
{startTime} - {endTime}
</span>
)}
{/* Location */}
{event.location && (
<span className="text-xs text-gray-600">
<span className="mr-1">📍</span>
{event.location}
</span>
)}
</div>
</div>
);
}

144
apps/web/src/components/federation/FederatedTaskCard.test.tsx Normal file
View File

@@ -0,0 +1,144 @@
/**
* FederatedTaskCard Component Tests
*/
import { describe, it, expect } from "vitest";
import { render, screen } from "@testing-library/react";
import { FederatedTaskCard } from "./FederatedTaskCard";
import { TaskStatus, TaskPriority } from "@mosaic/shared";
import type { FederatedTask } from "./types";
const mockTask: FederatedTask = {
task: {
id: "task-1",
title: "Review pull request",
description: "Review and provide feedback on frontend PR",
status: TaskStatus.IN_PROGRESS,
priority: TaskPriority.HIGH,
dueDate: new Date("2026-02-05"),
creatorId: "user-1",
assigneeId: "user-1",
workspaceId: "workspace-1",
projectId: null,
parentId: null,
sortOrder: 0,
metadata: {},
completedAt: null,
createdAt: new Date("2026-02-03"),
updatedAt: new Date("2026-02-03"),
},
provenance: {
instanceId: "instance-work-001",
instanceName: "Work Instance",
instanceUrl: "https://mosaic.work.example.com",
timestamp: "2026-02-03T14:00:00Z",
},
};
describe("FederatedTaskCard", () => {
it("should render task title", () => {
render(<FederatedTaskCard federatedTask={mockTask} />);
expect(screen.getByText("Review pull request")).toBeInTheDocument();
});
it("should render task description", () => {
render(<FederatedTaskCard federatedTask={mockTask} />);
expect(screen.getByText("Review and provide feedback on frontend PR")).toBeInTheDocument();
});
it("should render provenance indicator", () => {
render(<FederatedTaskCard federatedTask={mockTask} />);
expect(screen.getByText("Work Instance")).toBeInTheDocument();
});
it("should render status badge", () => {
render(<FederatedTaskCard federatedTask={mockTask} />);
expect(screen.getByText("In Progress")).toBeInTheDocument();
});
it("should render priority indicator for high priority", () => {
render(<FederatedTaskCard federatedTask={mockTask} />);
expect(screen.getByText("High")).toBeInTheDocument();
});
it("should render target date", () => {
render(<FederatedTaskCard federatedTask={mockTask} />);
// Check for "Target:" text followed by a date
expect(screen.getByText(/Target:/)).toBeInTheDocument();
expect(screen.getByText(/2026/)).toBeInTheDocument();
});
it("should render with compact mode", () => {
const { container } = render(<FederatedTaskCard federatedTask={mockTask} compact={true} />);
const card = container.querySelector(".p-3");
expect(card).toBeInTheDocument();
});
it("should render completed task with completed status", () => {
const completedTask: FederatedTask = {
...mockTask,
task: {
...mockTask.task,
status: TaskStatus.COMPLETED,
completedAt: new Date("2026-02-04"),
},
};
render(<FederatedTaskCard federatedTask={completedTask} />);
expect(screen.getByText("Completed")).toBeInTheDocument();
});
it("should handle task without description", () => {
const taskNoDesc: FederatedTask = {
...mockTask,
task: {
...mockTask.task,
description: null,
},
};
render(<FederatedTaskCard federatedTask={taskNoDesc} />);
expect(screen.getByText("Review pull request")).toBeInTheDocument();
expect(
screen.queryByText("Review and provide feedback on frontend PR")
).not.toBeInTheDocument();
});
it("should handle task without target date", () => {
const taskNoTarget: FederatedTask = {
...mockTask,
task: {
...mockTask.task,
dueDate: null,
},
};
render(<FederatedTaskCard federatedTask={taskNoTarget} />);
expect(screen.getByText("Review pull request")).toBeInTheDocument();
expect(screen.queryByText(/Target:/)).not.toBeInTheDocument();
});
it("should use PDA-friendly language for status", () => {
const pausedTask: FederatedTask = {
...mockTask,
task: {
...mockTask.task,
status: TaskStatus.PAUSED,
},
};
render(<FederatedTaskCard federatedTask={pausedTask} />);
expect(screen.getByText("Paused")).toBeInTheDocument();
});
});

113
apps/web/src/components/federation/FederatedTaskCard.tsx Normal file
View File

@@ -0,0 +1,113 @@
/**
* FederatedTaskCard Component
* Displays a task from a federated instance with provenance indicator
*/
import { TaskStatus, TaskPriority } from "@mosaic/shared";
import type { FederatedTask } from "./types";
import { ProvenanceIndicator } from "./ProvenanceIndicator";
interface FederatedTaskCardProps {
federatedTask: FederatedTask;
compact?: boolean;
onClick?: () => void;
}
/**
* Get PDA-friendly status text and color
*/
function getStatusDisplay(status: TaskStatus): { text: string; colorClass: string } {
switch (status) {
case TaskStatus.NOT_STARTED:
return { text: "Not Started", colorClass: "bg-gray-100 text-gray-700" };
case TaskStatus.IN_PROGRESS:
return { text: "In Progress", colorClass: "bg-blue-100 text-blue-700" };
case TaskStatus.COMPLETED:
return { text: "Completed", colorClass: "bg-green-100 text-green-700" };
case TaskStatus.PAUSED:
return { text: "Paused", colorClass: "bg-yellow-100 text-yellow-700" };
case TaskStatus.ARCHIVED:
return { text: "Archived", colorClass: "bg-gray-100 text-gray-600" };
default:
return { text: "Unknown", colorClass: "bg-gray-100 text-gray-700" };
}
}
/**
* Get priority text and color
*/
function getPriorityDisplay(priority: TaskPriority): { text: string; colorClass: string } {
switch (priority) {
case TaskPriority.LOW:
return { text: "Low", colorClass: "text-gray-600" };
case TaskPriority.MEDIUM:
return { text: "Medium", colorClass: "text-blue-600" };
case TaskPriority.HIGH:
return { text: "High", colorClass: "text-orange-600" };
default:
return { text: "Unknown", colorClass: "text-gray-600" };
}
}
/**
* Format date for display
*/
function formatDate(date: Date | null): string | null {
if (!date) {
return null;
}
return new Intl.DateTimeFormat("en-US", {
year: "numeric",
month: "short",
day: "numeric",
}).format(new Date(date));
}
export function FederatedTaskCard({
federatedTask,
compact = false,
onClick,
}: FederatedTaskCardProps): React.JSX.Element {
const { task, provenance } = federatedTask;
const status = getStatusDisplay(task.status);
const priority = getPriorityDisplay(task.priority);
const dueDate = formatDate(task.dueDate);
const paddingClass = compact ? "p-3" : "p-4";
const clickableClass = onClick ? "cursor-pointer hover:border-gray-300" : "";
return (
<div
className={`border border-gray-200 rounded-lg ${paddingClass} ${clickableClass} transition-colors`}
onClick={onClick}
>
{/* Header with title and provenance */}
<div className="flex items-start justify-between mb-2">
<div className="flex-1">
<h3 className="text-base font-medium text-gray-900">{task.title}</h3>
{task.description && <p className="text-sm text-gray-600 mt-1">{task.description}</p>}
</div>
<ProvenanceIndicator
instanceId={provenance.instanceId}
instanceName={provenance.instanceName}
instanceUrl={provenance.instanceUrl}
compact={compact}
/>
</div>
{/* Metadata row */}
<div className="flex items-center gap-3 text-sm flex-wrap">
{/* Status badge */}
<span className={`px-2 py-1 rounded-full text-xs font-medium ${status.colorClass}`}>
{status.text}
</span>
{/* Priority */}
<span className={`text-xs font-medium ${priority.colorClass}`}>{priority.text}</span>
{/* Target date */}
{dueDate && <span className="text-xs text-gray-600">Target: {dueDate}</span>}
</div>
</div>
);
}

189
apps/web/src/components/federation/InitiateConnectionDialog.test.tsx Normal file
View File

@@ -0,0 +1,189 @@
/**
* InitiateConnectionDialog Component Tests
* Following TDD - write tests first!
*/
import { describe, it, expect, vi } from "vitest";
import { render, screen } from "@testing-library/react";
import userEvent from "@testing-library/user-event";
import { InitiateConnectionDialog } from "./InitiateConnectionDialog";
describe("InitiateConnectionDialog", (): void => {
const mockOnInitiate = vi.fn();
const mockOnCancel = vi.fn();
it("should render when open is true", (): void => {
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
expect(screen.getByText(/connect to remote instance/i)).toBeInTheDocument();
});
it("should not render when open is false", (): void => {
const { container } = render(
<InitiateConnectionDialog open={false} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
expect(container.firstChild).toBeNull();
});
it("should render PDA-friendly title", (): void => {
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
expect(screen.getByText(/connect to remote instance/i)).toBeInTheDocument();
});
it("should render PDA-friendly description", (): void => {
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
expect(screen.getByText(/enter the url/i)).toBeInTheDocument();
});
it("should render URL input field", (): void => {
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
expect(screen.getByLabelText(/instance url/i)).toBeInTheDocument();
});
it("should render Connect button", (): void => {
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
expect(screen.getByRole("button", { name: /connect/i })).toBeInTheDocument();
});
it("should render Cancel button", (): void => {
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
expect(screen.getByRole("button", { name: /cancel/i })).toBeInTheDocument();
});
it("should call onCancel when cancel button clicked", async (): Promise<void> => {
const user = userEvent.setup();
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
const cancelButton = screen.getByRole("button", { name: /cancel/i });
await user.click(cancelButton);
expect(mockOnCancel).toHaveBeenCalledTimes(1);
});
it("should call onInitiate with URL when connect button clicked", async (): Promise<void> => {
const user = userEvent.setup();
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
const urlInput = screen.getByLabelText(/instance url/i);
await user.type(urlInput, "https://mosaic.example.com");
const connectButton = screen.getByRole("button", { name: /connect/i });
await user.click(connectButton);
expect(mockOnInitiate).toHaveBeenCalledWith("https://mosaic.example.com");
});
it("should disable connect button when URL is empty", (): void => {
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
const connectButton = screen.getByRole("button", { name: /connect/i });
expect(connectButton).toBeDisabled();
});
it("should enable connect button when URL is entered", async (): Promise<void> => {
const user = userEvent.setup();
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
const urlInput = screen.getByLabelText(/instance url/i);
await user.type(urlInput, "https://mosaic.example.com");
const connectButton = screen.getByRole("button", { name: /connect/i });
expect(connectButton).not.toBeDisabled();
});
it("should show validation error for invalid URL", async (): Promise<void> => {
const user = userEvent.setup();
render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
const urlInput = screen.getByLabelText(/instance url/i);
await user.type(urlInput, "not-a-valid-url");
const connectButton = screen.getByRole("button", { name: /connect/i });
await user.click(connectButton);
expect(screen.getByText(/please enter a valid url/i)).toBeInTheDocument();
});
it("should clear input when dialog is closed", async (): Promise<void> => {
const user = userEvent.setup();
const { rerender } = render(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
const urlInput = screen.getByLabelText(/instance url/i);
await user.type(urlInput, "https://mosaic.example.com");
// Close dialog
rerender(
<InitiateConnectionDialog open={false} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
// Reopen dialog
rerender(
<InitiateConnectionDialog open={true} onInitiate={mockOnInitiate} onCancel={mockOnCancel} />
);
const newUrlInput = screen.getByLabelText(/instance url/i);
expect(newUrlInput).toHaveValue("");
});
it("should show loading state when isLoading is true", (): void => {
render(
<InitiateConnectionDialog
open={true}
onInitiate={mockOnInitiate}
onCancel={mockOnCancel}
isLoading={true}
/>
);
expect(screen.getByText(/connecting/i)).toBeInTheDocument();
});
it("should disable buttons when isLoading is true", (): void => {
render(
<InitiateConnectionDialog
open={true}
onInitiate={mockOnInitiate}
onCancel={mockOnCancel}
isLoading={true}
/>
);
const connectButton = screen.getByRole("button", { name: /connecting/i });
const cancelButton = screen.getByRole("button", { name: /cancel/i });
expect(connectButton).toBeDisabled();
expect(cancelButton).toBeDisabled();
});
it("should display error message when error prop is provided", (): void => {
render(
<InitiateConnectionDialog
open={true}
onInitiate={mockOnInitiate}
onCancel={mockOnCancel}
error="Unable to connect to remote instance"
/>
);
expect(screen.getByText("Unable to connect to remote instance")).toBeInTheDocument();
});
});

129
apps/web/src/components/federation/InitiateConnectionDialog.tsx Normal file
View File

@@ -0,0 +1,129 @@
/**
* InitiateConnectionDialog Component
* Dialog for initiating a new federation connection
*/
import { useState, useEffect } from "react";
interface InitiateConnectionDialogProps {
open: boolean;
onInitiate: (url: string) => void;
onCancel: () => void;
isLoading?: boolean;
error?: string;
}
/**
* Validate if a string is a valid URL
*/
function isValidUrl(url: string): boolean {
try {
const parsedUrl = new URL(url);
return parsedUrl.protocol === "http:" || parsedUrl.protocol === "https:";
} catch {
return false;
}
}
export function InitiateConnectionDialog({
open,
onInitiate,
onCancel,
isLoading = false,
error,
}: InitiateConnectionDialogProps): React.JSX.Element | null {
const [url, setUrl] = useState("");
const [validationError, setValidationError] = useState("");
// Clear input when dialog closes
useEffect(() => {
if (!open) {
setUrl("");
setValidationError("");
}
}, [open]);
if (!open) {
return null;
}
const handleConnect = (): void => {
// Validate URL
if (!url.trim()) {
setValidationError("Please enter a URL");
return;
}
if (!isValidUrl(url)) {
setValidationError("Please enter a valid URL (must start with http:// or https://)");
return;
}
setValidationError("");
onInitiate(url);
};
const handleKeyPress = (e: React.KeyboardEvent<HTMLInputElement>): void => {
if (e.key === "Enter" && url.trim() && !isLoading) {
handleConnect();
}
};
return (
<div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center p-4 z-50">
<div className="bg-white rounded-lg max-w-md w-full p-6">
{/* Header */}
<h2 className="text-xl font-semibold text-gray-900 mb-2">Connect to Remote Instance</h2>
<p className="text-sm text-gray-600 mb-6">
Enter the URL of the Mosaic Stack instance you&apos;d like to connect to
</p>
{/* URL Input */}
<div className="mb-4">
<label htmlFor="instance-url" className="block text-sm font-medium text-gray-700 mb-2">
Instance URL
</label>
<input
id="instance-url"
type="url"
value={url}
onChange={(e) => {
setUrl(e.target.value);
setValidationError("");
}}
onKeyDown={handleKeyPress}
disabled={isLoading}
placeholder="https://mosaic.example.com"
className="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 disabled:bg-gray-100 disabled:cursor-not-allowed"
/>
{validationError && <p className="text-sm text-red-600 mt-1">{validationError}</p>}
</div>
{/* Error Message */}
{error && (
<div className="mb-4 p-3 bg-red-50 border border-red-200 rounded-md">
<p className="text-sm text-red-600">{error}</p>
</div>
)}
{/* Actions */}
<div className="flex gap-3 justify-end">
<button
onClick={onCancel}
disabled={isLoading}
className="px-4 py-2 text-gray-700 bg-gray-100 rounded-md hover:bg-gray-200 transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
>
Cancel
</button>
<button
onClick={handleConnect}
disabled={!url.trim() || isLoading}
className="px-4 py-2 bg-blue-600 text-white rounded-md hover:bg-blue-700 transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
>
{isLoading ? "Connecting..." : "Connect"}
</button>
</div>
</div>
</div>
);
}

105
apps/web/src/components/federation/ProvenanceIndicator.test.tsx Normal file
View File

@@ -0,0 +1,105 @@
/**
* ProvenanceIndicator Component Tests
*/
import { describe, it, expect } from "vitest";
import { render, screen } from "@testing-library/react";
import { ProvenanceIndicator } from "./ProvenanceIndicator";
describe("ProvenanceIndicator", () => {
it("should render instance name", () => {
render(
<ProvenanceIndicator
instanceId="instance-work-001"
instanceName="Work Instance"
instanceUrl="https://mosaic.work.example.com"
/>
);
expect(screen.getByText("Work Instance")).toBeInTheDocument();
});
it("should render with compact mode", () => {
const { container } = render(
<ProvenanceIndicator
instanceId="instance-work-001"
instanceName="Work Instance"
instanceUrl="https://mosaic.work.example.com"
compact={true}
/>
);
// Compact mode should have smaller padding
const badge = container.querySelector(".px-2");
expect(badge).toBeInTheDocument();
});
it("should render with custom color", () => {
const { container } = render(
<ProvenanceIndicator
instanceId="instance-work-001"
instanceName="Work Instance"
instanceUrl="https://mosaic.work.example.com"
color="bg-blue-100"
/>
);
const badge = container.querySelector(".bg-blue-100");
expect(badge).toBeInTheDocument();
});
it("should render with default color when not provided", () => {
const { container } = render(
<ProvenanceIndicator
instanceId="instance-work-001"
instanceName="Work Instance"
instanceUrl="https://mosaic.work.example.com"
/>
);
const badge = container.querySelector(".bg-gray-100");
expect(badge).toBeInTheDocument();
});
it("should show tooltip with instance details on hover", () => {
render(
<ProvenanceIndicator
instanceId="instance-work-001"
instanceName="Work Instance"
instanceUrl="https://mosaic.work.example.com"
/>
);
// Check for title attribute (tooltip)
const badge = screen.getByText("Work Instance");
expect(badge.closest("div")).toHaveAttribute(
"title",
"From: Work Instance (https://mosaic.work.example.com)"
);
});
it("should render with icon when showIcon is true", () => {
render(
<ProvenanceIndicator
instanceId="instance-work-001"
instanceName="Work Instance"
instanceUrl="https://mosaic.work.example.com"
showIcon={true}
/>
);
expect(screen.getByText("🔗")).toBeInTheDocument();
});
it("should not render icon by default", () => {
render(
<ProvenanceIndicator
instanceId="instance-work-001"
instanceName="Work Instance"
instanceUrl="https://mosaic.work.example.com"
/>
);
expect(screen.queryByText("🔗")).not.toBeInTheDocument();
});
});

36
apps/web/src/components/federation/ProvenanceIndicator.tsx Normal file
View File

@@ -0,0 +1,36 @@
/**
* ProvenanceIndicator Component
* Shows which instance data came from with PDA-friendly design
*/
interface ProvenanceIndicatorProps {
instanceId: string;
instanceName: string;
instanceUrl: string;
compact?: boolean;
color?: string;
showIcon?: boolean;
}
export function ProvenanceIndicator({
instanceId,
instanceName,
instanceUrl,
compact = false,
color = "bg-gray-100",
showIcon = false,
}: ProvenanceIndicatorProps): React.JSX.Element {
const paddingClass = compact ? "px-2 py-0.5 text-xs" : "px-3 py-1 text-sm";
const tooltipText = `From: ${instanceName} (${instanceUrl})`;
return (
<div
className={`inline-flex items-center gap-1 ${paddingClass} ${color} text-gray-700 rounded-full font-medium`}
title={tooltipText}
data-instance-id={instanceId}
>
{showIcon && <span>🔗</span>}
<span>{instanceName}</span>
</div>
);
}

Some files were not shown because too many files have changed in this diff Show More