Files
pikasTech-unidesk/scripts/code-queue-pr-preflight-contract-test.ts
T

176 lines
10 KiB
TypeScript

import { codexPrPreflightQueryForTest } from "./src/code-queue";
type JsonRecord = Record<string, unknown>;
function assertCondition(condition: unknown, message: string, detail: unknown = {}): void {
if (!condition) throw new Error(`${message}: ${JSON.stringify(detail)}`);
}
function asRecord(value: unknown): JsonRecord {
assertCondition(typeof value === "object" && value !== null && !Array.isArray(value), "expected JSON object", { value });
return value as JsonRecord;
}
function fixtureRuntimePreflight(tokenPresent: boolean, overrides: { systemGhPresent?: boolean } = {}): JsonRecord {
const systemGhPresent = overrides.systemGhPresent ?? true;
return {
ok: tokenPresent,
checkedAt: "2026-05-20T00:00:00.000Z",
cwd: "/workspace/unidesk",
pid: 123,
ports: {
codex: { ok: true, commandPath: "/usr/local/bin/codex", version: "codex 0.128.0", errors: [] },
opencode: { ok: true, commandPath: "/usr/local/bin/opencode", version: "opencode 1.14.48", errors: [] },
},
pullRequestDelivery: {
ok: tokenPresent,
checkedAt: "2026-05-20T00:00:00.000Z",
tools: {
git: { ok: true, path: "/usr/bin/git", version: "git version 2.43.0" },
gh: { ok: systemGhPresent, path: systemGhPresent ? "/usr/bin/gh" : null, version: systemGhPresent ? "gh version 2.45.0" : null },
hub: { ok: false, path: null, version: null },
jq: { ok: true, path: "/usr/bin/jq", version: "jq-1.7" },
ssh: { ok: true, path: "/usr/bin/ssh", version: "OpenSSH_9.6" },
curl: { ok: true, path: "/usr/bin/curl", version: "curl 8.5.0" },
},
unideskGhCli: {
ok: true,
path: "/workspace/unidesk/scripts/cli.ts",
present: true,
},
credentials: {
ghTokenPresent: tokenPresent,
githubTokenPresent: false,
ghHostPresent: false,
githubApiUrlPresent: false,
ghRepoPresent: false,
sshAuthSockPresent: false,
gitAskpassPresent: false,
ghHostsConfigPresent: false,
gitCredentialsPresent: false,
},
githubContext: {
host: "github.com",
apiBaseUrl: "https://api.github.com",
repo: "pikasTech/unidesk",
issueProbeNumber: 20,
},
egress: {
proxy: { selectedProxyHost: "d601-provider-egress-proxy.unidesk.svc.cluster.local", selectedProxyPort: "18789", selectedProxyHostResolvable: true },
githubDefault: { command: "preflight", args: ["github-default-network"], ok: true, exitCode: 0, signal: null, error: null, stdout: "skipped", stderr: "" },
apiDefault: { command: "preflight", args: ["github-api-default-network"], ok: true, exitCode: 0, signal: null, error: null, stdout: "skipped", stderr: "" },
issueApi: null,
},
git: {
insideWorktree: true,
branch: "master",
head: "abc1234",
originMaster: "abc1234",
remoteOrigin: "git@github.com:pikasTech/unidesk.git",
home: "/root",
homeWritable: true,
knownHostsPresent: true,
privateKeyPresent: true,
},
prCreateDryRun: tokenPresent ? { command: "sh", args: ["-lc", "bun scripts/cli.ts gh pr create --dry-run"], ok: true, exitCode: 0, signal: null, error: null, stdout: "{\"ok\":true,\"data\":{\"dryRun\":true}}", stderr: "" } : undefined,
limitations: tokenPresent ? [] : ["GH_TOKEN/GITHUB_TOKEN is not present; gh cannot create PRs unless another gh credential store is mounted"],
risks: systemGhPresent ? [] : ["system gh binary is missing; UniDesk REST gh CLI remains the supported PR create/comment path when scripts/cli.ts and GH_TOKEN/GITHUB_TOKEN are available"],
},
};
}
function fixtureResponse(tokenPresent: boolean, overrides: { systemGhPresent?: boolean } = {}): JsonRecord {
return {
ok: true,
status: 200,
body: {
ok: true,
runtimePreflight: fixtureRuntimePreflight(tokenPresent, overrides),
},
};
}
export function runCodeQueuePrPreflightContract(): JsonRecord {
let observedPath = "";
const missing = codexPrPreflightQueryForTest(["--remote", "--issue", "35"], (path) => {
observedPath = path;
return fixtureResponse(false);
});
assertCondition(
observedPath === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1&issue=35",
"PR preflight should route to the stable code-queue runtime preflight path",
{ observedPath },
);
assertCondition(asRecord(missing).ok === false, "missing token preflight should set top-level ok=false", missing);
assertCondition(asRecord(missing).runnerDisposition === "infra-blocked", "missing token preflight should expose root runnerDisposition", missing);
const missingPreflight = asRecord(asRecord(missing).preflight);
assertCondition(missingPreflight.ok === false, "missing token preflight should fail", missingPreflight);
assertCondition(missingPreflight.runnerDisposition === "infra-blocked", "missing token must be infra-blocked", missingPreflight);
const missingTokenCoverage = asRecord(missingPreflight.tokenCoverage);
assertCondition(missingTokenCoverage.ok === false, "tokenCoverage should fail when no env token is present", missingTokenCoverage);
assertCondition(Array.isArray(missingTokenCoverage.missing) && missingTokenCoverage.missing.includes("GH_TOKEN") && missingTokenCoverage.missing.includes("GITHUB_TOKEN"), "tokenCoverage should name both accepted env keys", missingTokenCoverage);
assertCondition(!JSON.stringify(missing).includes("contract-token"), "preflight output must not leak token values", missing);
const ready = codexPrPreflightQueryForTest(["--remote", "--push-dry-run", "--push-dry-run-ref", "refs/heads/probe/test"], (path) => {
assertCondition(path === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1&pushDryRun=1&pushDryRunRef=refs%2Fheads%2Fprobe%2Ftest", "push dry-run options should map to query string", { path });
return fixtureResponse(true);
});
const readyPreflight = asRecord(asRecord(ready).preflight);
assertCondition(asRecord(ready).ok === true, "token-ready preflight should set top-level ok=true", ready);
assertCondition(asRecord(ready).runnerDisposition === "ready", "token-ready preflight should expose root runnerDisposition", ready);
assertCondition(readyPreflight.ok === true, "token-ready preflight should pass fixture", readyPreflight);
assertCondition(readyPreflight.runnerDisposition === "ready", "ready preflight should report ready disposition", readyPreflight);
const readyTokenCoverage = asRecord(readyPreflight.tokenCoverage);
assertCondition(readyTokenCoverage.source === "GH_TOKEN", "ready token source should be redacted to key name only", readyTokenCoverage);
const readyContract = asRecord(readyPreflight.prCapabilityContract);
assertCondition(readyContract.targetBranch === "master", "PR preflight should expose target branch", readyContract);
const readyPushDryRun = asRecord(readyContract.pushDryRun);
assertCondition(readyPushDryRun.requested === true && readyPushDryRun.writesRemote === false, "push dry-run contract should be explicit and non-writing", readyPushDryRun);
const readyHandoff = asRecord(readyContract.expectedPrHandoff);
assertCondition(readyHandoff.targetBranch === "master" && readyHandoff.commanderReviewsAndMerges === true && readyHandoff.preflightCreatesPr === false, "PR handoff should stop at runner PR creation evidence", readyHandoff);
const readyMergeBoundary = asRecord(readyContract.unsupportedMergeBoundary);
assertCondition(readyMergeBoundary.degradedReason === "unsupported-command" && readyMergeBoundary.runnerDisposition === "business-failed", "merge boundary should remain unsupported", readyMergeBoundary);
const readyCliStatus = asRecord(readyContract.unideskGhCli);
assertCondition(readyCliStatus.ok === true && readyCliStatus.requiresSystemGhBinary === false, "UniDesk gh CLI availability should be separate from system gh binary", readyCliStatus);
const prCreateDryRun = codexPrPreflightQueryForTest(["--remote", "--pr-create-dry-run", "--pr-create-dry-run-head", "codequeue/pr-probe"], (path) => {
assertCondition(path === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1&prCreateDryRun=1&prCreateDryRunHead=codequeue%2Fpr-probe", "PR create dry-run options should map to query string", { path });
return fixtureResponse(true);
});
const prCreateDryRunPreflight = asRecord(asRecord(prCreateDryRun).preflight);
const prCreateDryRunProbe = asRecord(prCreateDryRunPreflight.prCreateDryRun);
assertCondition(prCreateDryRunProbe.ok === true, "PR create dry-run probe should be compacted", prCreateDryRunProbe);
const prCreateDryRunContract = asRecord(prCreateDryRunPreflight.prCapabilityContract);
const prCreateDryRunSummary = asRecord(prCreateDryRunContract.prCreateDryRun);
assertCondition(prCreateDryRunSummary.requested === true && prCreateDryRunSummary.headBranch === "codequeue/pr-probe" && prCreateDryRunSummary.writesRemote === false, "PR create dry-run contract should be explicit and non-writing", prCreateDryRunSummary);
const noSystemGh = codexPrPreflightQueryForTest(["--remote"], (path) => {
assertCondition(path === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1", "system gh missing fixture should use remote preflight path", { path });
return fixtureResponse(true, { systemGhPresent: false });
});
const noSystemGhPreflight = asRecord(asRecord(noSystemGh).preflight);
assertCondition(noSystemGhPreflight.ok === true, "missing system gh should not block UniDesk REST PR CLI when token and scripts/cli.ts exist", noSystemGhPreflight);
const noSystemGhTools = asRecord(noSystemGhPreflight.tools);
assertCondition(asRecord(noSystemGhTools.systemGhBinary).ok === false, "system gh binary status should be explicit", noSystemGhTools);
assertCondition(asRecord(noSystemGhTools.unideskGhCli).ok === true, "UniDesk gh CLI should stay available when system gh is missing", noSystemGhTools);
return {
ok: true,
checks: [
"stable runtime-preflight proxy path",
"missing GitHub token is infra-blocked",
"token key names are reported without values",
"fake token source reports only the env key",
"system gh binary and UniDesk REST gh CLI are distinct",
"push dry-run options are forwarded",
"PR create dry-run options are forwarded",
"dry-run push and PR create are marked non-writing",
"expected PR handoff and unsupported merge boundary are explicit",
],
};
}
if (import.meta.main) {
process.stdout.write(`${JSON.stringify(runCodeQueuePrPreflightContract(), null, 2)}\n`);
}