176 lines
10 KiB
TypeScript
176 lines
10 KiB
TypeScript
import { codexPrPreflightQueryForTest } from "./src/code-queue";
|
|
|
|
type JsonRecord = Record<string, unknown>;
|
|
|
|
function assertCondition(condition: unknown, message: string, detail: unknown = {}): void {
|
|
if (!condition) throw new Error(`${message}: ${JSON.stringify(detail)}`);
|
|
}
|
|
|
|
function asRecord(value: unknown): JsonRecord {
|
|
assertCondition(typeof value === "object" && value !== null && !Array.isArray(value), "expected JSON object", { value });
|
|
return value as JsonRecord;
|
|
}
|
|
|
|
function fixtureRuntimePreflight(tokenPresent: boolean, overrides: { systemGhPresent?: boolean } = {}): JsonRecord {
|
|
const systemGhPresent = overrides.systemGhPresent ?? true;
|
|
return {
|
|
ok: tokenPresent,
|
|
checkedAt: "2026-05-20T00:00:00.000Z",
|
|
cwd: "/workspace/unidesk",
|
|
pid: 123,
|
|
ports: {
|
|
codex: { ok: true, commandPath: "/usr/local/bin/codex", version: "codex 0.128.0", errors: [] },
|
|
opencode: { ok: true, commandPath: "/usr/local/bin/opencode", version: "opencode 1.14.48", errors: [] },
|
|
},
|
|
pullRequestDelivery: {
|
|
ok: tokenPresent,
|
|
checkedAt: "2026-05-20T00:00:00.000Z",
|
|
tools: {
|
|
git: { ok: true, path: "/usr/bin/git", version: "git version 2.43.0" },
|
|
gh: { ok: systemGhPresent, path: systemGhPresent ? "/usr/bin/gh" : null, version: systemGhPresent ? "gh version 2.45.0" : null },
|
|
hub: { ok: false, path: null, version: null },
|
|
jq: { ok: true, path: "/usr/bin/jq", version: "jq-1.7" },
|
|
ssh: { ok: true, path: "/usr/bin/ssh", version: "OpenSSH_9.6" },
|
|
curl: { ok: true, path: "/usr/bin/curl", version: "curl 8.5.0" },
|
|
},
|
|
unideskGhCli: {
|
|
ok: true,
|
|
path: "/workspace/unidesk/scripts/cli.ts",
|
|
present: true,
|
|
},
|
|
credentials: {
|
|
ghTokenPresent: tokenPresent,
|
|
githubTokenPresent: false,
|
|
ghHostPresent: false,
|
|
githubApiUrlPresent: false,
|
|
ghRepoPresent: false,
|
|
sshAuthSockPresent: false,
|
|
gitAskpassPresent: false,
|
|
ghHostsConfigPresent: false,
|
|
gitCredentialsPresent: false,
|
|
},
|
|
githubContext: {
|
|
host: "github.com",
|
|
apiBaseUrl: "https://api.github.com",
|
|
repo: "pikasTech/unidesk",
|
|
issueProbeNumber: 20,
|
|
},
|
|
egress: {
|
|
proxy: { selectedProxyHost: "d601-provider-egress-proxy.unidesk.svc.cluster.local", selectedProxyPort: "18789", selectedProxyHostResolvable: true },
|
|
githubDefault: { command: "preflight", args: ["github-default-network"], ok: true, exitCode: 0, signal: null, error: null, stdout: "skipped", stderr: "" },
|
|
apiDefault: { command: "preflight", args: ["github-api-default-network"], ok: true, exitCode: 0, signal: null, error: null, stdout: "skipped", stderr: "" },
|
|
issueApi: null,
|
|
},
|
|
git: {
|
|
insideWorktree: true,
|
|
branch: "master",
|
|
head: "abc1234",
|
|
originMaster: "abc1234",
|
|
remoteOrigin: "git@github.com:pikasTech/unidesk.git",
|
|
home: "/root",
|
|
homeWritable: true,
|
|
knownHostsPresent: true,
|
|
privateKeyPresent: true,
|
|
},
|
|
prCreateDryRun: tokenPresent ? { command: "sh", args: ["-lc", "bun scripts/cli.ts gh pr create --dry-run"], ok: true, exitCode: 0, signal: null, error: null, stdout: "{\"ok\":true,\"data\":{\"dryRun\":true}}", stderr: "" } : undefined,
|
|
limitations: tokenPresent ? [] : ["GH_TOKEN/GITHUB_TOKEN is not present; gh cannot create PRs unless another gh credential store is mounted"],
|
|
risks: systemGhPresent ? [] : ["system gh binary is missing; UniDesk REST gh CLI remains the supported PR create/comment path when scripts/cli.ts and GH_TOKEN/GITHUB_TOKEN are available"],
|
|
},
|
|
};
|
|
}
|
|
|
|
function fixtureResponse(tokenPresent: boolean, overrides: { systemGhPresent?: boolean } = {}): JsonRecord {
|
|
return {
|
|
ok: true,
|
|
status: 200,
|
|
body: {
|
|
ok: true,
|
|
runtimePreflight: fixtureRuntimePreflight(tokenPresent, overrides),
|
|
},
|
|
};
|
|
}
|
|
|
|
export function runCodeQueuePrPreflightContract(): JsonRecord {
|
|
let observedPath = "";
|
|
const missing = codexPrPreflightQueryForTest(["--remote", "--issue", "35"], (path) => {
|
|
observedPath = path;
|
|
return fixtureResponse(false);
|
|
});
|
|
assertCondition(
|
|
observedPath === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1&issue=35",
|
|
"PR preflight should route to the stable code-queue runtime preflight path",
|
|
{ observedPath },
|
|
);
|
|
assertCondition(asRecord(missing).ok === false, "missing token preflight should set top-level ok=false", missing);
|
|
assertCondition(asRecord(missing).runnerDisposition === "infra-blocked", "missing token preflight should expose root runnerDisposition", missing);
|
|
const missingPreflight = asRecord(asRecord(missing).preflight);
|
|
assertCondition(missingPreflight.ok === false, "missing token preflight should fail", missingPreflight);
|
|
assertCondition(missingPreflight.runnerDisposition === "infra-blocked", "missing token must be infra-blocked", missingPreflight);
|
|
const missingTokenCoverage = asRecord(missingPreflight.tokenCoverage);
|
|
assertCondition(missingTokenCoverage.ok === false, "tokenCoverage should fail when no env token is present", missingTokenCoverage);
|
|
assertCondition(Array.isArray(missingTokenCoverage.missing) && missingTokenCoverage.missing.includes("GH_TOKEN") && missingTokenCoverage.missing.includes("GITHUB_TOKEN"), "tokenCoverage should name both accepted env keys", missingTokenCoverage);
|
|
assertCondition(!JSON.stringify(missing).includes("contract-token"), "preflight output must not leak token values", missing);
|
|
|
|
const ready = codexPrPreflightQueryForTest(["--remote", "--push-dry-run", "--push-dry-run-ref", "refs/heads/probe/test"], (path) => {
|
|
assertCondition(path === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1&pushDryRun=1&pushDryRunRef=refs%2Fheads%2Fprobe%2Ftest", "push dry-run options should map to query string", { path });
|
|
return fixtureResponse(true);
|
|
});
|
|
const readyPreflight = asRecord(asRecord(ready).preflight);
|
|
assertCondition(asRecord(ready).ok === true, "token-ready preflight should set top-level ok=true", ready);
|
|
assertCondition(asRecord(ready).runnerDisposition === "ready", "token-ready preflight should expose root runnerDisposition", ready);
|
|
assertCondition(readyPreflight.ok === true, "token-ready preflight should pass fixture", readyPreflight);
|
|
assertCondition(readyPreflight.runnerDisposition === "ready", "ready preflight should report ready disposition", readyPreflight);
|
|
const readyTokenCoverage = asRecord(readyPreflight.tokenCoverage);
|
|
assertCondition(readyTokenCoverage.source === "GH_TOKEN", "ready token source should be redacted to key name only", readyTokenCoverage);
|
|
const readyContract = asRecord(readyPreflight.prCapabilityContract);
|
|
assertCondition(readyContract.targetBranch === "master", "PR preflight should expose target branch", readyContract);
|
|
const readyPushDryRun = asRecord(readyContract.pushDryRun);
|
|
assertCondition(readyPushDryRun.requested === true && readyPushDryRun.writesRemote === false, "push dry-run contract should be explicit and non-writing", readyPushDryRun);
|
|
const readyHandoff = asRecord(readyContract.expectedPrHandoff);
|
|
assertCondition(readyHandoff.targetBranch === "master" && readyHandoff.commanderReviewsAndMerges === true && readyHandoff.preflightCreatesPr === false, "PR handoff should stop at runner PR creation evidence", readyHandoff);
|
|
const readyMergeBoundary = asRecord(readyContract.unsupportedMergeBoundary);
|
|
assertCondition(readyMergeBoundary.degradedReason === "unsupported-command" && readyMergeBoundary.runnerDisposition === "business-failed", "merge boundary should remain unsupported", readyMergeBoundary);
|
|
const readyCliStatus = asRecord(readyContract.unideskGhCli);
|
|
assertCondition(readyCliStatus.ok === true && readyCliStatus.requiresSystemGhBinary === false, "UniDesk gh CLI availability should be separate from system gh binary", readyCliStatus);
|
|
|
|
const prCreateDryRun = codexPrPreflightQueryForTest(["--remote", "--pr-create-dry-run", "--pr-create-dry-run-head", "codequeue/pr-probe"], (path) => {
|
|
assertCondition(path === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1&prCreateDryRun=1&prCreateDryRunHead=codequeue%2Fpr-probe", "PR create dry-run options should map to query string", { path });
|
|
return fixtureResponse(true);
|
|
});
|
|
const prCreateDryRunPreflight = asRecord(asRecord(prCreateDryRun).preflight);
|
|
const prCreateDryRunProbe = asRecord(prCreateDryRunPreflight.prCreateDryRun);
|
|
assertCondition(prCreateDryRunProbe.ok === true, "PR create dry-run probe should be compacted", prCreateDryRunProbe);
|
|
const prCreateDryRunContract = asRecord(prCreateDryRunPreflight.prCapabilityContract);
|
|
const prCreateDryRunSummary = asRecord(prCreateDryRunContract.prCreateDryRun);
|
|
assertCondition(prCreateDryRunSummary.requested === true && prCreateDryRunSummary.headBranch === "codequeue/pr-probe" && prCreateDryRunSummary.writesRemote === false, "PR create dry-run contract should be explicit and non-writing", prCreateDryRunSummary);
|
|
|
|
const noSystemGh = codexPrPreflightQueryForTest(["--remote"], (path) => {
|
|
assertCondition(path === "/api/microservices/code-queue/proxy/api/runtime-preflight?remote=1", "system gh missing fixture should use remote preflight path", { path });
|
|
return fixtureResponse(true, { systemGhPresent: false });
|
|
});
|
|
const noSystemGhPreflight = asRecord(asRecord(noSystemGh).preflight);
|
|
assertCondition(noSystemGhPreflight.ok === true, "missing system gh should not block UniDesk REST PR CLI when token and scripts/cli.ts exist", noSystemGhPreflight);
|
|
const noSystemGhTools = asRecord(noSystemGhPreflight.tools);
|
|
assertCondition(asRecord(noSystemGhTools.systemGhBinary).ok === false, "system gh binary status should be explicit", noSystemGhTools);
|
|
assertCondition(asRecord(noSystemGhTools.unideskGhCli).ok === true, "UniDesk gh CLI should stay available when system gh is missing", noSystemGhTools);
|
|
|
|
return {
|
|
ok: true,
|
|
checks: [
|
|
"stable runtime-preflight proxy path",
|
|
"missing GitHub token is infra-blocked",
|
|
"token key names are reported without values",
|
|
"fake token source reports only the env key",
|
|
"system gh binary and UniDesk REST gh CLI are distinct",
|
|
"push dry-run options are forwarded",
|
|
"PR create dry-run options are forwarded",
|
|
"dry-run push and PR create are marked non-writing",
|
|
"expected PR handoff and unsupported merge boundary are explicit",
|
|
],
|
|
};
|
|
}
|
|
|
|
if (import.meta.main) {
|
|
process.stdout.write(`${JSON.stringify(runCodeQueuePrPreflightContract(), null, 2)}\n`);
|
|
}
|