Files
2026-07-13 13:39:12 +08:00

265 lines
11 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
import { mkdtempSync, rmSync, writeFileSync, mkdirSync } from "node:fs";
import { join } from "node:path";
import { tmpdir } from "node:os";
// Remote-mode core: the CLI must resolve BOTH baseUrl and auth from the active
// context (canonical `contexts`/`currentContext` schema, with legacy
// `profiles`/`activeProfile` fallback). Before this work, getBaseUrl read only
// the legacy `profiles` schema and buildHeaders never read the context's
// credential at all — so `omniroute contexts use <remote>` silently failed to
// route auth to the remote server.
let tmpDir: string;
let origDataDir: string | undefined;
let origBaseUrl: string | undefined;
let origApiKey: string | undefined;
let origContext: string | undefined;
function writeConfig(cfg: unknown): void {
mkdirSync(tmpDir, { recursive: true });
writeFileSync(join(tmpDir, "config.json"), JSON.stringify(cfg, null, 2));
}
test.before(() => {
tmpDir = mkdtempSync(join(tmpdir(), "omniroute-remote-test-"));
origDataDir = process.env.DATA_DIR;
origBaseUrl = process.env.OMNIROUTE_BASE_URL;
origApiKey = process.env.OMNIROUTE_API_KEY;
origContext = process.env.OMNIROUTE_CONTEXT;
process.env.DATA_DIR = tmpDir;
delete process.env.OMNIROUTE_BASE_URL;
delete process.env.OMNIROUTE_API_KEY;
delete process.env.OMNIROUTE_CONTEXT;
});
test.after(() => {
if (origDataDir === undefined) delete process.env.DATA_DIR;
else process.env.DATA_DIR = origDataDir;
if (origBaseUrl === undefined) delete process.env.OMNIROUTE_BASE_URL;
else process.env.OMNIROUTE_BASE_URL = origBaseUrl;
if (origApiKey === undefined) delete process.env.OMNIROUTE_API_KEY;
else process.env.OMNIROUTE_API_KEY = origApiKey;
if (origContext === undefined) delete process.env.OMNIROUTE_CONTEXT;
else process.env.OMNIROUTE_CONTEXT = origContext;
try {
rmSync(tmpDir, { recursive: true, force: true });
} catch {}
});
// ── getBaseUrl ────────────────────────────────────────────────────────────────
test("getBaseUrl reads baseUrl from the active context (canonical schema)", async () => {
writeConfig({
version: 1,
currentContext: "vps",
contexts: {
default: { baseUrl: "http://localhost:20128", apiKey: null },
vps: { baseUrl: "https://vps.example.com:20128", accessToken: "oma_live_x", scope: "write" },
},
});
const { getBaseUrl } = await import("../../bin/cli/api.mjs");
assert.equal(getBaseUrl(), "https://vps.example.com:20128");
});
test("getBaseUrl honors the --context override", async () => {
writeConfig({
version: 1,
currentContext: "default",
contexts: {
default: { baseUrl: "http://localhost:20128", apiKey: null },
staging: { baseUrl: "http://staging:20128", apiKey: null },
},
});
const { getBaseUrl } = await import("../../bin/cli/api.mjs");
assert.equal(getBaseUrl({ context: "staging" }), "http://staging:20128");
});
test("getBaseUrl is backward-compatible with the legacy profiles schema", async () => {
writeConfig({
version: 1,
activeProfile: "old",
profiles: { old: { baseUrl: "http://legacy:20128" } },
});
const { getBaseUrl } = await import("../../bin/cli/api.mjs");
assert.equal(getBaseUrl(), "http://legacy:20128");
});
test("getBaseUrl: opts.baseUrl wins over the active context", async () => {
writeConfig({
version: 1,
currentContext: "vps",
contexts: { vps: { baseUrl: "https://vps.example.com" } },
});
const { getBaseUrl } = await import("../../bin/cli/api.mjs");
assert.equal(getBaseUrl({ baseUrl: "http://override:1234" }), "http://override:1234");
});
// ── buildHeaders (auth resolution) ─────────────────────────────────────────────
test("buildHeaders injects Bearer from the active context accessToken", async () => {
writeConfig({
version: 1,
currentContext: "vps",
contexts: { vps: { baseUrl: "https://vps.example.com", accessToken: "oma_live_secret" } },
});
const { buildHeaders } = await import("../../bin/cli/api.mjs");
const headers = await buildHeaders({ cliToken: "" });
assert.equal(headers.get("authorization"), "Bearer oma_live_secret");
});
test("buildHeaders prefers accessToken over apiKey in the same context", async () => {
writeConfig({
version: 1,
currentContext: "vps",
contexts: {
vps: { baseUrl: "https://vps.example.com", accessToken: "oma_token", apiKey: "sk-legacy" },
},
});
const { buildHeaders } = await import("../../bin/cli/api.mjs");
const headers = await buildHeaders({ cliToken: "" });
assert.equal(headers.get("authorization"), "Bearer oma_token");
});
test("buildHeaders falls back to the context apiKey when no accessToken", async () => {
writeConfig({
version: 1,
currentContext: "vps",
contexts: { vps: { baseUrl: "https://vps.example.com", apiKey: "sk-ctx" } },
});
const { buildHeaders } = await import("../../bin/cli/api.mjs");
const headers = await buildHeaders({ cliToken: "" });
assert.equal(headers.get("authorization"), "Bearer sk-ctx");
});
test("buildHeaders: explicit opts.apiKey wins over the context credential", async () => {
writeConfig({
version: 1,
currentContext: "vps",
contexts: { vps: { baseUrl: "https://vps.example.com", accessToken: "oma_token" } },
});
const { buildHeaders } = await import("../../bin/cli/api.mjs");
const headers = await buildHeaders({ cliToken: "", apiKey: "sk-explicit" });
assert.equal(headers.get("authorization"), "Bearer sk-explicit");
});
test("buildHeaders: active-context token wins over an opts.apiKey echoing the ambient env", async () => {
// Regression: users keep OMNIROUTE_API_KEY (their inference key) in the shell.
// The global --api-key option is bound to that env var, so commands that spread
// optsWithGlobals() into apiFetch carry opts.apiKey === the env value. After
// `omniroute connect <remote>` the active context holds the scoped token; an
// opts.apiKey that merely mirrors the ambient env must NOT outrank it, or every
// remote management command sends the local inference key ("Invalid management
// token"). This reproduces the exact failing shape: opts.apiKey === env value.
writeConfig({
version: 1,
currentContext: "vps",
contexts: { vps: { baseUrl: "https://vps.example.com", accessToken: "oma_live_scoped" } },
});
const prev = process.env.OMNIROUTE_API_KEY;
process.env.OMNIROUTE_API_KEY = "sk-ambient-inference-key";
try {
const { buildHeaders } = await import("../../bin/cli/api.mjs");
// opts.apiKey mirrors the ambient env (commander's .env binding + spread).
const headers = await buildHeaders({ cliToken: "", apiKey: "sk-ambient-inference-key" });
assert.equal(headers.get("authorization"), "Bearer oma_live_scoped");
} finally {
if (prev === undefined) delete process.env.OMNIROUTE_API_KEY;
else process.env.OMNIROUTE_API_KEY = prev;
}
});
test("buildHeaders: a DISTINCT explicit key still wins over the context even when env is set", async () => {
// A real `--api-key <x>` flag or a command-supplied token (e.g. connect --key)
// differs from the ambient env value, so it counts as explicit and overrides.
writeConfig({
version: 1,
currentContext: "vps",
contexts: { vps: { baseUrl: "https://vps.example.com", accessToken: "oma_live_scoped" } },
});
const prev = process.env.OMNIROUTE_API_KEY;
process.env.OMNIROUTE_API_KEY = "sk-ambient-inference-key";
try {
const { buildHeaders } = await import("../../bin/cli/api.mjs");
const headers = await buildHeaders({ cliToken: "", apiKey: "oma_explicit_token" });
assert.equal(headers.get("authorization"), "Bearer oma_explicit_token");
} finally {
if (prev === undefined) delete process.env.OMNIROUTE_API_KEY;
else process.env.OMNIROUTE_API_KEY = prev;
}
});
test("buildHeaders: ambient OMNIROUTE_API_KEY is the fallback when no context credential", async () => {
// Local/default usage with no stored context credential still works off the env.
writeConfig({
version: 1,
currentContext: "default",
contexts: { default: { baseUrl: "http://localhost:20128", apiKey: null } },
});
const prev = process.env.OMNIROUTE_API_KEY;
process.env.OMNIROUTE_API_KEY = "sk-ambient-inference-key";
try {
const { buildHeaders } = await import("../../bin/cli/api.mjs");
const headers = await buildHeaders({ cliToken: "", apiKey: "sk-ambient-inference-key" });
assert.equal(headers.get("authorization"), "Bearer sk-ambient-inference-key");
} finally {
if (prev === undefined) delete process.env.OMNIROUTE_API_KEY;
else process.env.OMNIROUTE_API_KEY = prev;
}
});
// ── context current command ─────────────────────────────────────────────────────
test("commands/contexts.mjs registers a `current` subcommand", async () => {
const { registerContexts } = await import("../../bin/cli/commands/contexts.mjs");
// Minimal fake commander program to capture subcommand registration.
const sub: string[] = [];
const fakeCtx: any = {
command(name: string) {
sub.push(name.split(" ")[0]);
return this;
},
alias() {
return this;
},
description() {
return this;
},
requiredOption() {
return this;
},
option() {
return this;
},
action() {
return this;
},
};
const fakeProgram: any = {
command() {
return fakeCtx;
},
};
registerContexts(fakeProgram);
assert.ok(sub.includes("current"), `expected a 'current' subcommand, got: ${sub.join(", ")}`);
});
test("createProgram wires the remote-mode commands into the real CLI program", async () => {
// Regression: contexts.mjs existed and was unit-tested in isolation, but its
// registerContexts() was never called by registry.mjs — so `omniroute contexts`
// fell through to `serve`, and `connect`'s own advice ("omniroute contexts use
// default") was a dead command. Build the REAL program and assert the wiring.
const { createProgram } = await import("../../bin/cli/program.mjs");
const program = createProgram();
const names = program.commands.map((c: any) => c.name());
for (const cmd of ["contexts", "connect", "tokens", "configure"]) {
assert.ok(names.includes(cmd), `expected top-level '${cmd}' command, got: ${names.join(", ")}`);
}
const contexts = program.commands.find((c: any) => c.name() === "contexts");
const subs = contexts.commands.map((c: any) => c.name());
for (const sub of ["list", "use", "current"]) {
assert.ok(subs.includes(sub), `expected 'contexts ${sub}' subcommand, got: ${subs.join(", ")}`);
}
});