chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
@@ -0,0 +1,271 @@
/**
* @vitest-environment node
*
* Tests for POST/DELETE /api/v1/workflows/[id]/deploy — verifies auth,
* workspace admin permission enforcement, optional body handling, and the
* mapping of orchestration results to v1 API responses.
*/
import { WorkflowLockedError } from '@sim/platform-authz/workflow'
import { createMockRequest, workflowAuthzMockFns } from '@sim/testing'
import { NextRequest, NextResponse } from 'next/server'
import { beforeEach, describe, expect, it, vi } from 'vitest'
const {
mockCheckRateLimit,
mockValidateWorkspaceAccess,
mockPerformFullDeploy,
mockPerformFullUndeploy,
mockCaptureServerEvent,
} = vi.hoisted(() => ({
mockCheckRateLimit: vi.fn(),
mockValidateWorkspaceAccess: vi.fn(),
mockPerformFullDeploy: vi.fn(),
mockPerformFullUndeploy: vi.fn(),
mockCaptureServerEvent: vi.fn(),
}))
vi.mock('@/app/api/v1/middleware', () => ({
checkRateLimit: mockCheckRateLimit,
createRateLimitResponse: vi.fn(() =>
NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
),
validateWorkspaceAccess: mockValidateWorkspaceAccess,
}))
vi.mock('@/lib/workflows/orchestration', () => ({
performFullDeploy: mockPerformFullDeploy,
performFullUndeploy: mockPerformFullUndeploy,
}))
vi.mock('@/app/api/v1/logs/meta', () => ({
getUserLimits: vi.fn().mockResolvedValue({}),
createApiResponse: vi.fn((body: unknown) => ({ body, headers: {} })),
}))
vi.mock('@/lib/posthog/server', () => ({
captureServerEvent: mockCaptureServerEvent,
}))
import { DELETE, POST } from '@/app/api/v1/workflows/[id]/deploy/route'
const WORKFLOW_ID = 'wf-1'
const WORKFLOW_RECORD = {
id: WORKFLOW_ID,
name: 'My Workflow',
workspaceId: 'ws-1',
isDeployed: true,
}
function makeContext(id = WORKFLOW_ID) {
return { params: Promise.resolve({ id }) }
}
function makeRequest(method: string, body?: unknown) {
return createMockRequest(
method,
body,
{},
`http://localhost:3000/api/v1/workflows/${WORKFLOW_ID}/deploy`
)
}
describe('POST /api/v1/workflows/[id]/deploy', () => {
beforeEach(() => {
vi.clearAllMocks()
mockCheckRateLimit.mockResolvedValue({ allowed: true, userId: 'user-1' })
mockValidateWorkspaceAccess.mockResolvedValue(null)
workflowAuthzMockFns.mockGetActiveWorkflowRecord.mockResolvedValue(WORKFLOW_RECORD)
workflowAuthzMockFns.mockAssertWorkflowMutable.mockResolvedValue(undefined)
mockPerformFullDeploy.mockResolvedValue({
success: true,
deployedAt: new Date('2026-06-12T00:00:00Z'),
version: 4,
warnings: undefined,
})
})
it('rejects unauthenticated requests', async () => {
mockCheckRateLimit.mockResolvedValue({ allowed: false, error: 'Invalid API key' })
const response = await POST(makeRequest('POST'), makeContext())
expect(response.status).toBe(401)
expect(mockPerformFullDeploy).not.toHaveBeenCalled()
})
it('returns 404 when the workflow does not exist', async () => {
workflowAuthzMockFns.mockGetActiveWorkflowRecord.mockResolvedValue(null)
const response = await POST(makeRequest('POST'), makeContext())
expect(response.status).toBe(404)
expect(mockPerformFullDeploy).not.toHaveBeenCalled()
})
it('masks missing admin permission as 404', async () => {
mockValidateWorkspaceAccess.mockResolvedValue(
NextResponse.json({ error: 'Access denied' }, { status: 403 })
)
const response = await POST(makeRequest('POST'), makeContext())
expect(response.status).toBe(404)
expect(mockValidateWorkspaceAccess).toHaveBeenCalledWith(
expect.objectContaining({ allowed: true }),
'user-1',
'ws-1',
'admin'
)
expect(mockPerformFullDeploy).not.toHaveBeenCalled()
})
it('rejects a malformed JSON body', async () => {
const request = new NextRequest(
new URL(`http://localhost:3000/api/v1/workflows/${WORKFLOW_ID}/deploy`),
{
method: 'POST',
headers: new Headers({ 'Content-Type': 'application/json' }),
body: '{"name": "Release 4"',
}
)
const response = await POST(request, makeContext())
expect(response.status).toBe(400)
expect(mockPerformFullDeploy).not.toHaveBeenCalled()
})
it('rejects invalid version metadata', async () => {
const response = await POST(makeRequest('POST', { name: '' }), makeContext())
expect(response.status).toBe(400)
expect(mockPerformFullDeploy).not.toHaveBeenCalled()
})
it('deploys without a request body', async () => {
const response = await POST(makeRequest('POST'), makeContext())
expect(response.status).toBe(200)
expect(mockPerformFullDeploy).toHaveBeenCalledWith(
expect.objectContaining({
workflowId: WORKFLOW_ID,
userId: 'user-1',
versionName: undefined,
versionDescription: undefined,
})
)
const body = await response.json()
expect(body.data).toEqual({
id: WORKFLOW_ID,
isDeployed: true,
deployedAt: '2026-06-12T00:00:00.000Z',
version: 4,
warnings: [],
})
})
it('passes version metadata through to the deploy orchestration', async () => {
const response = await POST(
makeRequest('POST', { name: 'Release 4', description: 'Fixes the agent prompt' }),
makeContext()
)
expect(response.status).toBe(200)
expect(mockPerformFullDeploy).toHaveBeenCalledWith(
expect.objectContaining({
versionName: 'Release 4',
versionDescription: 'Fixes the agent prompt',
})
)
expect(mockCaptureServerEvent).toHaveBeenCalledWith(
'user-1',
'workflow_deployed',
expect.objectContaining({ workflow_id: WORKFLOW_ID }),
expect.anything()
)
})
it('maps validation failures from the orchestration to 400', async () => {
mockPerformFullDeploy.mockResolvedValue({
success: false,
error: 'Invalid schedule configuration',
errorCode: 'validation',
})
const response = await POST(makeRequest('POST'), makeContext())
expect(response.status).toBe(400)
const body = await response.json()
expect(body.error).toBe('Invalid schedule configuration')
})
it('returns 423 when the workflow is locked', async () => {
workflowAuthzMockFns.mockAssertWorkflowMutable.mockRejectedValue(new WorkflowLockedError())
const response = await POST(makeRequest('POST'), makeContext())
expect(response.status).toBe(423)
expect(mockPerformFullDeploy).not.toHaveBeenCalled()
})
})
describe('DELETE /api/v1/workflows/[id]/deploy', () => {
beforeEach(() => {
vi.clearAllMocks()
mockCheckRateLimit.mockResolvedValue({ allowed: true, userId: 'user-1' })
mockValidateWorkspaceAccess.mockResolvedValue(null)
workflowAuthzMockFns.mockGetActiveWorkflowRecord.mockResolvedValue(WORKFLOW_RECORD)
workflowAuthzMockFns.mockAssertWorkflowMutable.mockResolvedValue(undefined)
mockPerformFullUndeploy.mockResolvedValue({ success: true })
})
it('returns 400 when the workflow is not deployed', async () => {
workflowAuthzMockFns.mockGetActiveWorkflowRecord.mockResolvedValue({
...WORKFLOW_RECORD,
isDeployed: false,
})
const response = await DELETE(makeRequest('DELETE'), makeContext())
expect(response.status).toBe(400)
const body = await response.json()
expect(body.error).toBe('Workflow is not deployed')
expect(mockPerformFullUndeploy).not.toHaveBeenCalled()
})
it('undeploys a deployed workflow', async () => {
const response = await DELETE(makeRequest('DELETE'), makeContext())
expect(response.status).toBe(200)
expect(mockPerformFullUndeploy).toHaveBeenCalledWith(
expect.objectContaining({ workflowId: WORKFLOW_ID, userId: 'user-1' })
)
const body = await response.json()
expect(body.data).toEqual({
id: WORKFLOW_ID,
isDeployed: false,
deployedAt: null,
warnings: [],
})
expect(mockCaptureServerEvent).toHaveBeenCalledWith(
'user-1',
'workflow_undeployed',
expect.objectContaining({ workflow_id: WORKFLOW_ID }),
expect.anything()
)
})
it('masks missing admin permission as 404', async () => {
mockValidateWorkspaceAccess.mockResolvedValue(
NextResponse.json({ error: 'Access denied' }, { status: 403 })
)
const response = await DELETE(makeRequest('DELETE'), makeContext())
expect(response.status).toBe(404)
expect(mockPerformFullUndeploy).not.toHaveBeenCalled()
})
})
@@ -0,0 +1,184 @@
import { createLogger } from '@sim/logger'
import { assertWorkflowMutable, WorkflowLockedError } from '@sim/platform-authz/workflow'
import { getErrorMessage } from '@sim/utils/errors'
import { type NextRequest, NextResponse } from 'next/server'
import {
v1DeployWorkflowBodySchema,
v1DeployWorkflowContract,
v1UndeployWorkflowContract,
} from '@/lib/api/contracts/v1/workflows'
import { parseOptionalJsonBody, parseRequest, validationErrorResponse } from '@/lib/api/server'
import { generateRequestId } from '@/lib/core/utils/request'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import { captureServerEvent } from '@/lib/posthog/server'
import { performFullDeploy, performFullUndeploy } from '@/lib/workflows/orchestration'
import { statusForOrchestrationError } from '@/lib/workflows/orchestration/types'
import { createApiResponse, getUserLimits } from '@/app/api/v1/logs/meta'
import { checkRateLimit, createRateLimitResponse } from '@/app/api/v1/middleware'
import { resolveV1DeploymentWorkflow } from '@/app/api/v1/workflows/utils'
const logger = createLogger('V1WorkflowDeployAPI')
export const dynamic = 'force-dynamic'
export const runtime = 'nodejs'
export const maxDuration = 120
export const POST = withRouteHandler(
async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
const requestId = generateRequestId()
try {
const rateLimit = await checkRateLimit(request, 'workflow-deploy')
if (!rateLimit.allowed) {
return createRateLimitResponse(rateLimit)
}
const userId = rateLimit.userId!
const parsed = await parseRequest(v1DeployWorkflowContract, request, context, {
validationErrorResponse: () =>
NextResponse.json({ error: 'Invalid workflow ID' }, { status: 400 }),
})
if (!parsed.success) return parsed.response
const { id } = parsed.data.params
const rawBody = await parseOptionalJsonBody(request)
if (!rawBody.success) return rawBody.response
const body = v1DeployWorkflowBodySchema.safeParse(rawBody.data ?? {})
if (!body.success) {
return validationErrorResponse(body.error)
}
const target = await resolveV1DeploymentWorkflow(rateLimit, userId, id)
if (!target.ok) return target.response
const { workflow, workspaceId } = target
await assertWorkflowMutable(id)
logger.info(`[${requestId}] Deploying workflow ${id} via v1 API`, { userId })
const result = await performFullDeploy({
workflowId: id,
userId,
workflowName: workflow.name || undefined,
versionName: body.data.name,
versionDescription: body.data.description ?? undefined,
requestId,
request,
})
if (!result.success) {
return NextResponse.json(
{ error: result.error || 'Failed to deploy workflow' },
{ status: statusForOrchestrationError(result.errorCode) }
)
}
captureServerEvent(
userId,
'workflow_deployed',
{ workflow_id: id, workspace_id: workspaceId },
{
groups: { workspace: workspaceId },
setOnce: { first_workflow_deployed_at: new Date().toISOString() },
}
)
const limits = await getUserLimits(userId)
const apiResponse = createApiResponse(
{
data: {
id,
isDeployed: true,
deployedAt: result.deployedAt?.toISOString() ?? null,
version: result.version,
warnings: result.warnings ?? [],
},
},
limits,
rateLimit
)
return NextResponse.json(apiResponse.body, { headers: apiResponse.headers })
} catch (error: unknown) {
if (error instanceof WorkflowLockedError) {
return NextResponse.json({ error: error.message }, { status: error.status })
}
const message = getErrorMessage(error, 'Unknown error')
logger.error(`[${requestId}] Workflow deploy error`, { error: message })
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
)
export const DELETE = withRouteHandler(
async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
const requestId = generateRequestId()
try {
const rateLimit = await checkRateLimit(request, 'workflow-deploy')
if (!rateLimit.allowed) {
return createRateLimitResponse(rateLimit)
}
const userId = rateLimit.userId!
const parsed = await parseRequest(v1UndeployWorkflowContract, request, context, {
validationErrorResponse: () =>
NextResponse.json({ error: 'Invalid workflow ID' }, { status: 400 }),
})
if (!parsed.success) return parsed.response
const { id } = parsed.data.params
const target = await resolveV1DeploymentWorkflow(rateLimit, userId, id)
if (!target.ok) return target.response
const { workflow, workspaceId } = target
if (!workflow.isDeployed) {
return NextResponse.json({ error: 'Workflow is not deployed' }, { status: 400 })
}
await assertWorkflowMutable(id)
logger.info(`[${requestId}] Undeploying workflow ${id} via v1 API`, { userId })
const result = await performFullUndeploy({ workflowId: id, userId, requestId })
if (!result.success) {
return NextResponse.json(
{ error: result.error || 'Failed to undeploy workflow' },
{ status: 500 }
)
}
captureServerEvent(
userId,
'workflow_undeployed',
{ workflow_id: id, workspace_id: workspaceId },
{ groups: { workspace: workspaceId } }
)
const limits = await getUserLimits(userId)
const apiResponse = createApiResponse(
{
data: {
id,
isDeployed: false,
deployedAt: null,
warnings: result.warnings ?? [],
},
},
limits,
rateLimit
)
return NextResponse.json(apiResponse.body, { headers: apiResponse.headers })
} catch (error: unknown) {
if (error instanceof WorkflowLockedError) {
return NextResponse.json({ error: error.message }, { status: error.status })
}
const message = getErrorMessage(error, 'Unknown error')
logger.error(`[${requestId}] Workflow undeploy error`, { error: message })
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
)