- pnpm monorepo: apps/api (Fastify + SQLite + SSE), apps/web (React+Vite), packages/shared, packages/pi-adapter - Local auth (admin/webhook-runner roles) + Keycloak JWT ready - Multi-session chat with reliable history (user persisted before LLM, assistant persisted after stream) - Markdown knowledge base with /api/docs/search + /api/docs/:id - YAML webhook catalog with backend-only execution, retry/backoff, audit (webhook_runs), and per-user rate limit - Skills config (sre-on-call, blameless-postmortem, security-incident) injected into LLM system prompt - LLM provider failover chain (config/models.yml fallback + LLM_FALLBACK_CHAIN override) - Context-aware webhooks panel + backend id-mention safety net - Per-message stats (time/duration/tokens/model), Markdown+GFM render, code & table copy/download buttons - Vitest suite, end-to-end smoke test (scripts/smoke.mjs), per-session system prompt override - /metrics Prometheus endpoint + /api/metrics JSON, request-id correlation - dotenv with explicit repo-root path; envString/envNumber helpers (handles empty-string env) - Runbooks + SOPs under knowledge/ in English; README, docs, and INDEX.md in English
152 lines
6.6 KiB
TypeScript
152 lines
6.6 KiB
TypeScript
import { afterEach, beforeEach, describe, expect, it } from "vitest";
|
|
import { existsSync, mkdirSync, rmSync } from "node:fs";
|
|
import { tmpdir } from "node:os";
|
|
import { join } from "node:path";
|
|
import Database from "better-sqlite3";
|
|
import type { AppDatabase } from "../src/db/database.js";
|
|
import { migrate } from "../src/db/migrate.js";
|
|
import { createSessionRepository, createMessageRepository } from "../src/sessions/repository.js";
|
|
import { createWebhookAuditRepository } from "../src/webhooks/audit.js";
|
|
import { runWebhookAuditPurge } from "../src/webhooks/audit.js";
|
|
|
|
let db: AppDatabase;
|
|
let dbPath: string;
|
|
|
|
beforeEach(() => {
|
|
const dir = join(tmpdir(), `sic-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
|
|
mkdirSync(dir, { recursive: true });
|
|
dbPath = join(dir, "test.db");
|
|
db = new Database(dbPath);
|
|
db.pragma("foreign_keys = ON");
|
|
migrate(db);
|
|
});
|
|
|
|
afterEach(() => {
|
|
db.close();
|
|
if (existsSync(dbPath)) rmSync(dbPath, { force: true });
|
|
});
|
|
|
|
describe("session isolation", () => {
|
|
it("never returns sessions/messages from another user", () => {
|
|
const sessions = createSessionRepository(db);
|
|
const messages = createMessageRepository(db);
|
|
|
|
const a = sessions.create("user-a", "A session");
|
|
const b = sessions.create("user-b", "B session");
|
|
|
|
messages.create({ sessionId: a.id, userId: "user-a", role: "user", content: "a msg" });
|
|
messages.create({ sessionId: b.id, userId: "user-b", role: "user", content: "b msg" });
|
|
|
|
// List filter
|
|
expect(sessions.list("user-a").map((s) => s.id)).toEqual([a.id]);
|
|
expect(sessions.list("user-b").map((s) => s.id)).toEqual([b.id]);
|
|
|
|
// get() requires matching user_id
|
|
expect(sessions.get("user-a", b.id)).toBeFalsy();
|
|
expect(sessions.get("user-b", a.id)).toBeFalsy();
|
|
|
|
// Messages filter by both session_id and user_id
|
|
const bMessages = messages.listForSession("user-a", b.id);
|
|
expect(bMessages).toEqual([]);
|
|
const aMessages = messages.listForSession("user-a", a.id);
|
|
expect(aMessages).toHaveLength(1);
|
|
expect(aMessages[0]?.content).toBe("a msg");
|
|
});
|
|
|
|
it("delete cascades to messages", () => {
|
|
const sessions = createSessionRepository(db);
|
|
const messages = createMessageRepository(db);
|
|
|
|
const s = sessions.create("user-a", null);
|
|
const m = messages.create({
|
|
sessionId: s.id,
|
|
userId: "user-a",
|
|
role: "user",
|
|
content: "will be cascaded",
|
|
});
|
|
|
|
sessions.delete("user-a", s.id);
|
|
expect(messages.listForSession("user-a", s.id)).toEqual([]);
|
|
// Direct DB check that the message row is gone (not just hidden)
|
|
const row = db.prepare("SELECT id FROM chat_messages WHERE id = ?").get(m.id);
|
|
expect(row).toBeUndefined();
|
|
});
|
|
|
|
it("updateTitle only affects the owner's session", () => {
|
|
const sessions = createSessionRepository(db);
|
|
const a = sessions.create("user-a", "Old");
|
|
sessions.updateTitle("user-a", a.id, "New");
|
|
expect(sessions.get("user-a", a.id)?.title).toBe("New");
|
|
});
|
|
});
|
|
|
|
describe("webhook audit + retention", () => {
|
|
it("usageForUserSince aggregates per webhook", () => {
|
|
const sessions = createSessionRepository(db);
|
|
const audit = createWebhookAuditRepository(db);
|
|
const s1 = sessions.create("user-a", "test");
|
|
const s2 = sessions.create("user-b", "test");
|
|
const now = Date.now();
|
|
const fresh = new Date(now - 1_000).toISOString();
|
|
const old = new Date(now - 100 * 86_400_000).toISOString();
|
|
|
|
audit.create({ webhookId: "dns-flush", userId: "user-a", sessionId: s1.id, status: "success", createdAt: fresh });
|
|
audit.create({ webhookId: "dns-flush", userId: "user-a", sessionId: s1.id, status: "success", createdAt: fresh });
|
|
audit.create({ webhookId: "dns-flush", userId: "user-a", sessionId: s1.id, status: "error", createdAt: fresh });
|
|
audit.create({ webhookId: "dns-flush", userId: "user-a", sessionId: s1.id, status: "success", createdAt: old });
|
|
audit.create({ webhookId: "other-hook", userId: "user-b", sessionId: s2.id, status: "success", createdAt: fresh });
|
|
|
|
const since = new Date(now - 7 * 86_400_000).toISOString();
|
|
const usage = audit.usageForUserSince(since, "user-a");
|
|
expect(usage["dns-flush"]?.runs).toBe(3);
|
|
expect(usage["dns-flush"]?.successes).toBe(2);
|
|
expect(usage["dns-flush"]?.successRate).toBeCloseTo(2 / 3);
|
|
expect(usage["other-hook"]).toBeUndefined();
|
|
});
|
|
|
|
it("retention purge deletes old rows but keeps recent ones", () => {
|
|
const sessions = createSessionRepository(db);
|
|
const audit = createWebhookAuditRepository(db);
|
|
const s = sessions.create("user-a", "test");
|
|
const now = Date.now();
|
|
const fresh = new Date(now - 60_000).toISOString();
|
|
const stale = new Date(now - 100 * 86_400_000).toISOString();
|
|
audit.create({ webhookId: "w", userId: "user-a", sessionId: s.id, status: "success", createdAt: fresh });
|
|
audit.create({ webhookId: "w", userId: "user-a", sessionId: s.id, status: "success", createdAt: stale });
|
|
audit.create({ webhookId: "w", userId: "user-a", sessionId: s.id, status: "success", createdAt: stale });
|
|
|
|
const report = runWebhookAuditPurge(db, { retentionDays: 30, maxPerUser: 0 });
|
|
expect(report.deletedByAge).toBe(2);
|
|
|
|
const remaining = db.prepare("SELECT COUNT(*) as n FROM webhook_runs").get() as { n: number };
|
|
expect(remaining.n).toBe(1);
|
|
});
|
|
|
|
it("per-user cap keeps the most recent N", () => {
|
|
const sessions = createSessionRepository(db);
|
|
const audit = createWebhookAuditRepository(db);
|
|
const s = sessions.create("user-a", "test");
|
|
const now = Date.now();
|
|
for (let i = 0; i < 8; i++) {
|
|
const ts = new Date(now - i * 1000).toISOString();
|
|
audit.create({ webhookId: "w", userId: "user-a", sessionId: s.id, status: "success", createdAt: ts });
|
|
}
|
|
const report = runWebhookAuditPurge(db, { retentionDays: 0, maxPerUser: 3 });
|
|
expect(report.deletedByCap).toBe(5);
|
|
const remaining = db.prepare("SELECT COUNT(*) as n FROM webhook_runs").get() as { n: number };
|
|
expect(remaining.n).toBe(3);
|
|
});
|
|
|
|
it("listForSession enforces user_id", () => {
|
|
const sessions = createSessionRepository(db);
|
|
const audit = createWebhookAuditRepository(db);
|
|
const sa = sessions.create("user-a", "test");
|
|
const sb = sessions.create("user-b", "test");
|
|
audit.create({ webhookId: "w", userId: "user-a", sessionId: sa.id, status: "success" });
|
|
audit.create({ webhookId: "w", userId: "user-b", sessionId: sb.id, status: "success" });
|
|
expect(audit.listForSession("user-a", sa.id)).toHaveLength(1);
|
|
expect(audit.listForSession("user-b", sb.id)).toHaveLength(1);
|
|
expect(audit.listForSession("user-a", sa.id)[0]?.user_id).toBe("user-a");
|
|
});
|
|
});
|