Merge pull request #753 from mnfst/local

test: add unit tests for local mode coverage

Author: brunobuddy

.changeset/plain-chicken-lead.md

@@ -0,0 +1,2 @@
+---
+---

codecov.yml

@@ -3,21 +3,19 @@ coverage:
     project:
       default:
         target: auto
+        threshold: 1%
     patch:
       default:
         target: auto
 flags:
   backend:
     paths:
       - packages/backend/src/
-    carryforward: true
   frontend:
     paths:
       - packages/frontend/src/
-    carryforward: true
   plugin:
     paths:
       - packages/openclaw-plugin/src/
-    carryforward: true
 comment:
   layout: "reach,diff,flags"

packages/backend/src/analytics/dto/messages-query.dto.spec.ts

@@ -0,0 +1,59 @@
+import 'reflect-metadata';
+import { validate } from 'class-validator';
+import { plainToInstance } from 'class-transformer';
+import { MessagesQueryDto } from './messages-query.dto';
+
+describe('MessagesQueryDto', () => {
+  it('allows omitting all fields', async () => {
+    const dto = plainToInstance(MessagesQueryDto, {});
+    const errors = await validate(dto);
+    expect(errors).toHaveLength(0);
+  });
+
+  it('accepts valid string fields', async () => {
+    const dto = plainToInstance(MessagesQueryDto, {
+      range: '24h',
+      status: 'ok',
+      service_type: 'agent',
+      model: 'gpt-4o',
+      cursor: 'abc123',
+      agent_name: 'my-bot',
+    });
+    const errors = await validate(dto);
+    expect(errors).toHaveLength(0);
+  });
+
+  it('accepts valid numeric fields', async () => {
+    const dto = plainToInstance(MessagesQueryDto, {
+      cost_min: 0,
+      cost_max: 100,
+      limit: 50,
+    });
+    const errors = await validate(dto);
+    expect(errors).toHaveLength(0);
+  });
+
+  it('rejects negative cost_min', async () => {
+    const dto = plainToInstance(MessagesQueryDto, { cost_min: -1 });
+    const errors = await validate(dto);
+    expect(errors.length).toBeGreaterThan(0);
+  });
+
+  it('rejects cost_max over 999999', async () => {
+    const dto = plainToInstance(MessagesQueryDto, { cost_max: 1000000 });
+    const errors = await validate(dto);
+    expect(errors.length).toBeGreaterThan(0);
+  });
+
+  it('rejects limit below 1', async () => {
+    const dto = plainToInstance(MessagesQueryDto, { limit: 0 });
+    const errors = await validate(dto);
+    expect(errors.length).toBeGreaterThan(0);
+  });
+
+  it('rejects limit above 200', async () => {
+    const dto = plainToInstance(MessagesQueryDto, { limit: 201 });
+    const errors = await validate(dto);
+    expect(errors.length).toBeGreaterThan(0);
+  });
+});

packages/backend/src/auth/session.guard.spec.ts

@@ -0,0 +1,98 @@
+jest.mock('better-auth/node', () => ({
+  fromNodeHeaders: jest.fn((headers: Record<string, string>) => headers),
+}));
+
+jest.mock('./auth.instance', () => ({
+  auth: {
+    api: {
+      getSession: jest.fn(),
+    },
+  },
+}));
+
+import { ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { SessionGuard } from './session.guard';
+
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+const { auth } = require('./auth.instance');
+
+function createMockContext(overrides: {
+  ip?: string;
+  headers?: Record<string, string>;
+}): { context: ExecutionContext; request: Record<string, unknown> } {
+  const request: Record<string, unknown> = {
+    ip: overrides.ip ?? '127.0.0.1',
+    headers: overrides.headers ?? {},
+  };
+
+  const context = {
+    getHandler: jest.fn(),
+    getClass: jest.fn(),
+    switchToHttp: () => ({
+      getRequest: () => request,
+    }),
+  } as unknown as ExecutionContext;
+
+  return { context, request };
+}
+
+describe('SessionGuard', () => {
+  let guard: SessionGuard;
+  let reflector: Reflector;
+
+  beforeEach(() => {
+    reflector = new Reflector();
+    guard = new SessionGuard(reflector);
+    jest.clearAllMocks();
+  });
+
+  it('allows public routes', async () => {
+    jest.spyOn(reflector, 'getAllAndOverride').mockReturnValue(true);
+    const { context } = createMockContext({});
+
+    const result = await guard.canActivate(context);
+
+    expect(result).toBe(true);
+    expect(auth.api.getSession).not.toHaveBeenCalled();
+  });
+
+  it('passes through when X-API-Key header is present', async () => {
+    jest.spyOn(reflector, 'getAllAndOverride').mockReturnValue(false);
+    const { context } = createMockContext({
+      headers: { 'x-api-key': 'some-key' },
+    });
+
+    const result = await guard.canActivate(context);
+
+    expect(result).toBe(true);
+    expect(auth.api.getSession).not.toHaveBeenCalled();
+  });
+
+  it('attaches user when session is valid', async () => {
+    jest.spyOn(reflector, 'getAllAndOverride').mockReturnValue(false);
+    const mockSession = {
+      user: { id: 'user-1', name: 'Test', email: 'test@test.com' },
+      session: { id: 'session-1' },
+    };
+    (auth.api.getSession as jest.Mock).mockResolvedValue(mockSession);
+    const { context, request } = createMockContext({});
+
+    const result = await guard.canActivate(context);
+
+    expect(result).toBe(true);
+    expect(request['user']).toEqual(mockSession.user);
+    expect(request['session']).toEqual(mockSession.session);
+  });
+
+  it('returns true even when no session found', async () => {
+    jest.spyOn(reflector, 'getAllAndOverride').mockReturnValue(false);
+    (auth.api.getSession as jest.Mock).mockResolvedValue(null);
+    const { context, request } = createMockContext({});
+
+    const result = await guard.canActivate(context);
+
+    expect(result).toBe(true);
+    expect(request['user']).toBeUndefined();
+  });
+});

packages/backend/src/common/constants/api-key.constants.spec.ts

@@ -0,0 +1,11 @@
+import { API_KEY_PREFIX } from './api-key.constants';
+
+describe('API_KEY_PREFIX', () => {
+  it('equals mnfst_', () => {
+    expect(API_KEY_PREFIX).toBe('mnfst_');
+  });
+
+  it('is a string type', () => {
+    expect(typeof API_KEY_PREFIX).toBe('string');
+  });
+});

packages/backend/src/common/constants/cache.constants.spec.ts

@@ -0,0 +1,11 @@
+import { DASHBOARD_CACHE_TTL_MS, MODEL_PRICES_CACHE_TTL_MS } from './cache.constants';
+
+describe('Cache constants', () => {
+  it('DASHBOARD_CACHE_TTL_MS is 5 seconds', () => {
+    expect(DASHBOARD_CACHE_TTL_MS).toBe(5_000);
+  });
+
+  it('MODEL_PRICES_CACHE_TTL_MS is 5 minutes', () => {
+    expect(MODEL_PRICES_CACHE_TTL_MS).toBe(300_000);
+  });
+});

packages/backend/src/common/constants/local-mode.constants.spec.ts

@@ -0,0 +1,161 @@
+jest.mock('fs', () => ({
+  existsSync: jest.fn(),
+  readFileSync: jest.fn(),
+  writeFileSync: jest.fn(),
+  mkdirSync: jest.fn(),
+}));
+
+import {
+  LOCAL_USER_ID,
+  LOCAL_EMAIL,
+  LOCAL_DEFAULT_PORT,
+  getLocalAuthSecret,
+  getLocalPassword,
+} from './local-mode.constants';
+
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+const fs = require('fs');
+
+describe('local-mode.constants', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('static constants', () => {
+    it('exports LOCAL_USER_ID', () => {
+      expect(LOCAL_USER_ID).toBe('local-user-001');
+    });
+
+    it('exports LOCAL_EMAIL', () => {
+      expect(LOCAL_EMAIL).toBe('local@manifest.local');
+    });
+
+    it('exports LOCAL_DEFAULT_PORT', () => {
+      expect(LOCAL_DEFAULT_PORT).toBe(2099);
+    });
+  });
+
+  describe('getLocalAuthSecret', () => {
+    it('generates a random secret when config file does not exist', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+
+      const secret = getLocalAuthSecret();
+
+      expect(secret).toHaveLength(64); // 32 bytes hex
+      expect(fs.writeFileSync).toHaveBeenCalled();
+    });
+
+    it('returns existing secret from config file', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(true);
+      (fs.readFileSync as jest.Mock).mockReturnValue(
+        JSON.stringify({ authSecret: 'a'.repeat(64) }),
+      );
+
+      const secret = getLocalAuthSecret();
+
+      expect(secret).toBe('a'.repeat(64));
+      expect(fs.writeFileSync).not.toHaveBeenCalled();
+    });
+
+    it('regenerates when existing secret is too short', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(true);
+      (fs.readFileSync as jest.Mock).mockReturnValue(
+        JSON.stringify({ authSecret: 'too-short' }),
+      );
+
+      const secret = getLocalAuthSecret();
+
+      expect(secret).toHaveLength(64);
+      expect(fs.writeFileSync).toHaveBeenCalled();
+    });
+
+    it('regenerates when config file is corrupted', () => {
+      (fs.existsSync as jest.Mock)
+        .mockReturnValueOnce(true)   // ensureConfigDir
+        .mockReturnValueOnce(true);  // config file exists
+      (fs.readFileSync as jest.Mock).mockReturnValue('not-json{{{');
+
+      const secret = getLocalAuthSecret();
+
+      expect(secret).toHaveLength(64);
+      expect(fs.writeFileSync).toHaveBeenCalled();
+    });
+
+    it('creates config directory with 0o700 permissions', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+
+      getLocalAuthSecret();
+
+      expect(fs.mkdirSync).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.objectContaining({ recursive: true, mode: 0o700 }),
+      );
+    });
+  });
+
+  describe('getLocalPassword', () => {
+    it('generates a random password when config file does not exist', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+
+      const password = getLocalPassword();
+
+      expect(password.length).toBeGreaterThanOrEqual(16);
+      expect(fs.writeFileSync).toHaveBeenCalled();
+    });
+
+    it('returns existing password from config file', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(true);
+      (fs.readFileSync as jest.Mock).mockReturnValue(
+        JSON.stringify({ localPassword: 'a-valid-password-long-enough' }),
+      );
+
+      const password = getLocalPassword();
+
+      expect(password).toBe('a-valid-password-long-enough');
+      expect(fs.writeFileSync).not.toHaveBeenCalled();
+    });
+
+    it('regenerates when existing password is too short', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(true);
+      (fs.readFileSync as jest.Mock).mockReturnValue(
+        JSON.stringify({ localPassword: 'short' }),
+      );
+
+      const password = getLocalPassword();
+
+      expect(password.length).toBeGreaterThanOrEqual(16);
+      expect(fs.writeFileSync).toHaveBeenCalled();
+    });
+
+    it('preserves existing config fields when writing', () => {
+      (fs.existsSync as jest.Mock)
+        .mockReturnValueOnce(true)   // ensureConfigDir
+        .mockReturnValueOnce(true)   // readConfig check
+        .mockReturnValueOnce(true)   // writeConfig ensureConfigDir
+        .mockReturnValueOnce(false); // writeConfig config file (doesn't matter)
+      (fs.readFileSync as jest.Mock).mockReturnValue(
+        JSON.stringify({ apiKey: 'mnfst_existing', authSecret: 'x'.repeat(64) }),
+      );
+
+      getLocalPassword();
+
+      const writeCall = (fs.writeFileSync as jest.Mock).mock.calls[0];
+      const written = JSON.parse(writeCall[1]);
+      expect(written.apiKey).toBe('mnfst_existing');
+      expect(written.authSecret).toBe('x'.repeat(64));
+      expect(written.localPassword).toBeDefined();
+    });
+
+    it('writes config file with 0o600 permissions', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+
+      getLocalPassword();
+
+      expect(fs.writeFileSync).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.any(String),
+        expect.objectContaining({ mode: 0o600 }),
+      );
+    });
+  });
+});

packages/backend/src/common/decorators/public.decorator.spec.ts

@@ -0,0 +1,12 @@
+import { IS_PUBLIC_KEY, Public } from './public.decorator';
+
+describe('Public decorator', () => {
+  it('exports IS_PUBLIC_KEY as isPublic', () => {
+    expect(IS_PUBLIC_KEY).toBe('isPublic');
+  });
+
+  it('Public() returns a decorator function', () => {
+    const decorator = Public();
+    expect(typeof decorator).toBe('function');
+  });
+});