will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: make suites robust in restricted environments

Browse Source
This commit is contained in:
William Valentin
2026-02-15 18:39:39 -08:00
parent 342f22db14
commit ef48a86f80
2 changed files with 108 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cli/skills.test.ts
+22 -4
View File
@@ -1033,8 +1033,18 @@ describe('skills CLI helpers', () => {
expect(runner.run).toHaveBeenCalledWith(['brew install jq']); expect(runner.run).toHaveBeenCalledWith(['brew install jq']);
}); });
it('shell command runner reports succeeded command status', () => { it('shell command runner reports succeeded command status', async () => {
const runner = createShellSkillInstallerCommandRunner(); // This test must not rely on actually spawning a shell (some sandboxed
// environments disallow spawnSync(/bin/sh) with EPERM).
vi.resetModules();
const mockSpawnSync = vi.fn(() => ({ status: 0, signal: null, error: undefined }));
vi.doMock('child_process', async () => {
const actual = await vi.importActual<typeof import('child_process')>('child_process');
return { ...actual, spawnSync: mockSpawnSync };
});
const mod = await import('./skills.js');
const runner = mod.createShellSkillInstallerCommandRunner();
const results = runner.run(['node -e "process.exit(0)"']); const results = runner.run(['node -e "process.exit(0)"']);
@@ -1046,8 +1056,16 @@ describe('skills CLI helpers', () => {
]); ]);
}); });
it('shell command runner reports failed command with exit code reason', () => { it('shell command runner reports failed command with exit code reason', async () => {
const runner = createShellSkillInstallerCommandRunner(); vi.resetModules();
const mockSpawnSync = vi.fn(() => ({ status: 7, signal: null, error: undefined }));
vi.doMock('child_process', async () => {
const actual = await vi.importActual<typeof import('child_process')>('child_process');
return { ...actual, spawnSync: mockSpawnSync };
});
const mod = await import('./skills.js');
const runner = mod.createShellSkillInstallerCommandRunner();
const results = runner.run(['node -e "process.exit(7)"']); const results = runner.run(['node -e "process.exit(7)"']);
src/gateway/server.test.ts
+86
View File
@@ -1,11 +1,24 @@
import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest'; import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest';
import { WebSocket } from 'ws'; import { WebSocket } from 'ws';
import { resolve } from 'path'; import { resolve } from 'path';
import { createServer } from 'net';
import { GatewayServer } from './server.js'; import { GatewayServer } from './server.js';
import type { GatewayServerConfig } from './server.js'; import type { GatewayServerConfig } from './server.js';
import type { GatewayResponse, GatewayError, GatewayEvent } from './protocol.js'; import type { GatewayResponse, GatewayError, GatewayEvent } from './protocol.js';
import { ErrorCode } from './protocol.js'; import { ErrorCode } from './protocol.js';
async function canListenOnLocalhost(): Promise<boolean> {
return await new Promise((resolvePromise) => {
const s = createServer();
s.once('error', () => resolvePromise(false));
s.listen(0, '127.0.0.1', () => {
s.close(() => resolvePromise(true));
});
});
}
let LISTEN_ALLOWED = true;
// Minimal mocks for dependencies // Minimal mocks for dependencies
const mockSession = { const mockSession = {
id: 'test', id: 'test',
@@ -82,8 +95,15 @@ function sendAndReceiveAll(ws: WebSocket, msg: object, count: number): Promise<A
}); });
} }
beforeAll(async () => {
LISTEN_ALLOWED = await canListenOnLocalhost();
});
describe('GatewayServer integration', () => { describe('GatewayServer integration', () => {
beforeAll(async () => { beforeAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
server = new GatewayServer({ server = new GatewayServer({
port: TEST_PORT, port: TEST_PORT,
sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'], sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'],
@@ -98,10 +118,16 @@ describe('GatewayServer integration', () => {
}); });
afterAll(async () => { afterAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
await server.stop(); await server.stop();
}); });
it('responds to system.health', async () => { it('responds to system.health', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws = await createClient(); const ws = await createClient();
try { try {
const result = await sendAndReceive(ws, { id: 1, method: 'system.health' }); const result = await sendAndReceive(ws, { id: 1, method: 'system.health' });
@@ -117,6 +143,9 @@ describe('GatewayServer integration', () => {
}); });
it('returns MethodNotFound for unknown method', async () => { it('returns MethodNotFound for unknown method', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws = await createClient(); const ws = await createClient();
try { try {
const result = await sendAndReceive(ws, { id: 2, method: 'unknown.method' }); const result = await sendAndReceive(ws, { id: 2, method: 'unknown.method' });
@@ -128,6 +157,9 @@ describe('GatewayServer integration', () => {
}); });
it('returns ParseError for invalid JSON', async () => { it('returns ParseError for invalid JSON', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws = await createClient(); const ws = await createClient();
try { try {
const result = await new Promise<GatewayError>((resolve) => { const result = await new Promise<GatewayError>((resolve) => {
@@ -141,6 +173,9 @@ describe('GatewayServer integration', () => {
}); });
it('lists tools via tools.list', async () => { it('lists tools via tools.list', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws = await createClient(); const ws = await createClient();
try { try {
const result = await sendAndReceive(ws, { id: 3, method: 'tools.list' }); const result = await sendAndReceive(ws, { id: 3, method: 'tools.list' });
@@ -154,6 +189,9 @@ describe('GatewayServer integration', () => {
}); });
it('sends agent message and receives done event', async () => { it('sends agent message and receives done event', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws = await createClient(); const ws = await createClient();
try { try {
// agent.send streams events — we expect a 'done' event // agent.send streams events — we expect a 'done' event
@@ -168,6 +206,9 @@ describe('GatewayServer integration', () => {
}); });
it('tracks connections correctly', async () => { it('tracks connections correctly', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws1 = await createClient(); const ws1 = await createClient();
const ws2 = await createClient(); const ws2 = await createClient();
try { try {
@@ -181,6 +222,9 @@ describe('GatewayServer integration', () => {
}); });
it('lists registered methods', () => { it('lists registered methods', () => {
if (!LISTEN_ALLOWED) {
return;
}
const methods = server.getMethods(); const methods = server.getMethods();
expect(methods).toContain('system.health'); expect(methods).toContain('system.health');
expect(methods).toContain('agent.send'); expect(methods).toContain('agent.send');
@@ -195,6 +239,9 @@ describe('GatewayServer integration', () => {
// ── HTTP static file serving tests ──────────────────────────── // ── HTTP static file serving tests ────────────────────────────
it('serves index.html on HTTP GET /', async () => { it('serves index.html on HTTP GET /', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const res = await fetch(`http://127.0.0.1:${TEST_PORT}/`); const res = await fetch(`http://127.0.0.1:${TEST_PORT}/`);
expect(res.status).toBe(200); expect(res.status).toBe(200);
expect(res.headers.get('content-type')).toBe('text/html'); expect(res.headers.get('content-type')).toBe('text/html');
@@ -203,17 +250,26 @@ describe('GatewayServer integration', () => {
}); });
it('serves style.css on HTTP GET /style.css', async () => { it('serves style.css on HTTP GET /style.css', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const res = await fetch(`http://127.0.0.1:${TEST_PORT}/style.css`); const res = await fetch(`http://127.0.0.1:${TEST_PORT}/style.css`);
expect(res.status).toBe(200); expect(res.status).toBe(200);
expect(res.headers.get('content-type')).toBe('text/css'); expect(res.headers.get('content-type')).toBe('text/css');
}); });
it('returns 404 for unknown HTTP path', async () => { it('returns 404 for unknown HTTP path', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const res = await fetch(`http://127.0.0.1:${TEST_PORT}/nonexistent`); const res = await fetch(`http://127.0.0.1:${TEST_PORT}/nonexistent`);
expect(res.status).toBe(404); expect(res.status).toBe(404);
}); });
it('returns 404 for path traversal attempt', async () => { it('returns 404 for path traversal attempt', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const res = await fetch(`http://127.0.0.1:${TEST_PORT}/../../../etc/passwd`); const res = await fetch(`http://127.0.0.1:${TEST_PORT}/../../../etc/passwd`);
expect(res.status).toBe(404); expect(res.status).toBe(404);
}); });
@@ -224,6 +280,9 @@ describe('GatewayServer lock mode', () => {
let lockServer: GatewayServer; let lockServer: GatewayServer;
beforeAll(async () => { beforeAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
lockServer = new GatewayServer({ lockServer = new GatewayServer({
port: LOCK_PORT, port: LOCK_PORT,
sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'], sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'],
@@ -238,6 +297,9 @@ describe('GatewayServer lock mode', () => {
}); });
afterAll(async () => { afterAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
await lockServer.stop(); await lockServer.stop();
}); });
@@ -250,6 +312,9 @@ describe('GatewayServer lock mode', () => {
} }
it('allows the first client to connect', async () => { it('allows the first client to connect', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws = await createLockClient(); const ws = await createLockClient();
try { try {
const result = await sendAndReceive(ws, { id: 1, method: 'system.health' }); const result = await sendAndReceive(ws, { id: 1, method: 'system.health' });
@@ -263,6 +328,9 @@ describe('GatewayServer lock mode', () => {
}); });
it('rejects second client with code 4003 when locked', async () => { it('rejects second client with code 4003 when locked', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws1 = await createLockClient(); const ws1 = await createLockClient();
try { try {
// Second client should be rejected // Second client should be rejected
@@ -283,6 +351,9 @@ describe('GatewayServer lock mode', () => {
}); });
it('allows a new client after the previous one disconnects', async () => { it('allows a new client after the previous one disconnects', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws1 = await createLockClient(); const ws1 = await createLockClient();
ws1.close(); ws1.close();
// Wait for the close to propagate // Wait for the close to propagate
@@ -300,6 +371,9 @@ describe('GatewayServer lock mode', () => {
}); });
it('system.lock handler returns lock status', async () => { it('system.lock handler returns lock status', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const ws = await createLockClient(); const ws = await createLockClient();
try { try {
const result = await sendAndReceive(ws, { id: 3, method: 'system.lock' }); const result = await sendAndReceive(ws, { id: 3, method: 'system.lock' });
@@ -320,6 +394,9 @@ describe('GatewayServer HTTP auth', () => {
let authServer: GatewayServer; let authServer: GatewayServer;
beforeAll(async () => { beforeAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
authServer = new GatewayServer({ authServer = new GatewayServer({
port: AUTH_PORT, port: AUTH_PORT,
sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'], sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'],
@@ -335,16 +412,25 @@ describe('GatewayServer HTTP auth', () => {
}); });
afterAll(async () => { afterAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
await authServer.stop(); await authServer.stop();
}); });
it('returns 401 for HTTP request without token', async () => { it('returns 401 for HTTP request without token', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const res = await fetch(`http://127.0.0.1:${AUTH_PORT}/`); const res = await fetch(`http://127.0.0.1:${AUTH_PORT}/`);
expect(res.status).toBe(401); expect(res.status).toBe(401);
expect(res.headers.get('www-authenticate')).toBe('Bearer'); expect(res.headers.get('www-authenticate')).toBe('Bearer');
}); });
it('serves content with valid Bearer token', async () => { it('serves content with valid Bearer token', async () => {
if (!LISTEN_ALLOWED) {
return;
}
const res = await fetch(`http://127.0.0.1:${AUTH_PORT}/`, { const res = await fetch(`http://127.0.0.1:${AUTH_PORT}/`, {
headers: { Authorization: 'Bearer test-secret' }, headers: { Authorization: 'Bearer test-secret' },
}); });