kimi-code/packages/server/test/auth-wiring.e2e.test.ts
liruifengv b51e13538d
ci: run unit tests on windows (#1037)
* ci: run unit tests on windows

* fix(migration-legacy): align workdir bucket key with agent-core

computeWorkdirBucket used a local node:path-based resolve that yields backslash-separated paths on Windows, while agent-core's encodeWorkDirKey uses pathe (forward slashes on every platform). The SHA-256 inputs diverged, so migrated sessions were written to a bucket that the session picker never reads, making them invisible on Windows.

Alias computeWorkdirBucket to encodeWorkDirKey so both sides stay byte-identical, drop the local slugify copy, and update the workdir-bucket test reference accordingly.

* test(acp-adapter): expect platform-native separators in e2e-fs path

The e2e-fs test asserted the fs/readTextFile wire path as the raw POSIX targetPath, but AcpKaos.toClientPath converts '/' to '\' when the inner LocalKaos reports pathClass 'win32' (Windows). On Windows the wire path became '\Users\test\x.ts' and the assertion failed.

Mirror toClientPath in the test: expect backslash separators on win32 and the raw path otherwise. Implementation is unchanged.

* test(sdk): normalize workDir and skillDir paths in session tests

SessionStore.create/list and the skill loader normalize paths through pathe (forward slashes). The SDK tests compared the resulting workDir and skill loaded-dir against raw mkdtemp / node:path strings, which use backslashes on Windows (and node:fs realpath also returns backslashes for the skill dir), failing three toMatchObject assertions.

Build the expected paths with agent-core's normalizeWorkDir so they match the internal pathe representation on every platform. The skill dir keeps its realpath() (the loader realpaths the root) and only normalizes separators.

* test(skill): normalize realpath to forward slashes in scanner tests

resolveSkillRoots normalizes every root.path through fs.realpath followed by replacing backslashes with forward slashes (scanner.ts). The scanner tests compared root.path against node:fs realpath directly, which returns backslashes on Windows, so twenty assertions failed (toEqual / toContain / toHaveLength) even though the resolved paths were identical.

Wrap realpath at the top of the test file to mirror the implementation's normalization, so every comparison uses the same forward-slash form on every platform.

* test: skip Unix-only permission tests on Windows

The Unix file-permission assertions (mode bits like 0o600 / 0o700 and chmod 000 making a path unreadable) have no equivalent on Windows, which uses ACLs; fs.chmod there can only toggle the read-only bit. These six tests failed on Windows with mismatched mode values or a missing 40411.

Skip them on win32 via it.skipIf(process.platform === 'win32'): oauth FileTokenStorage (0600 file, 0700 dir), agent-core BackgroundTaskPersistence (0700 tasks dir), agent-core createPerIdJsonStore (0700 subdir), migration-legacy atomicWrite (0600 file), and server fs:browse (chmod 000 -> 40411).

* test(tui): make platform-sensitive assertions cross-platform

The TUI implementations are already platform-aware (pathe-style paths, pathToFileURL, quoteShellArg cmd/POSIX quoting, Alt+V on Windows for paste expansion), but the tests hard-coded POSIX expectations and failed on Windows.

Align the assertions with the implementation's platform behavior: footer-goal-badge matches the '[goal' badge prefix instead of /goal/ (toolbar tips contain '/goal'); tool-call expects backslash relative paths on win32; plan-box builds the file:// URL via pathToFileURL; custom-editor sends Alt+V on win32 for paste expansion; file-mention-provider normalizes the expected description to forward slashes; kimi-tui-startup builds the resume command with quoteShellArg; kimi-tui-message-flow builds the expected install path with resolve().

* test: align path assertions with pathe on Windows

Several test suites asserted paths produced by node:path/node:os/node:fs against values that agent-core, node-sdk and kaos normalize through pathe (forward slashes). On Windows the two forms diverge (backslashes vs forward slashes), failing about 19 assertions.

Mirror the implementation's normalization in the assertions via a local toPosix helper (or agent-core's normalizeWorkDir), so expected paths use forward slashes on every platform: kaos LocalKaos, node-sdk export/list/resume/config/transport sessions, cli FileMentionProvider, and agent-core skill-session.

* test(native): build path expectations with node:path.resolve

paths.mjs builds every path with node:path.resolve, which yields backslash-separated absolute paths on Windows. The path-helpers tests asserted against template strings that mixed the backslash appRoot with forward-slash segments, so Object.is failed on Windows even though the strings looked identical.

Build the expectations with the same resolve(appRoot, ...) helper so the separators match on every platform.

* fix: make Windows CI tests pass across all packages

Fix the remaining Windows CI failures so the Windows test job can go green. The changes fall into a few categories:

- Path separators: agent-core/node-sdk/kaos normalize paths via pathe (forward slashes); align test expectations and a couple of implementations (native cache base, workspace registry) with that.

- Platform-only services: skip launchd/systemd manager suites on win32 (Windows uses schtasks).

- Process/signal lifecycle: skip or relax tests that rely on POSIX signals / SIGTERM semantics that Windows does not support.

- Hook shell syntax: rewrite hook test commands from POSIX shell (single quotes, semicolons, stderr redirects, if/then/fi) to node -e / .cjs files that run under cmd.exe.

- CRLF: make Bash tool description stripping tolerate CRLF line endings.

- Misc: realpath short-name divergence, port-retry timing, telemetry spawn, fs-watch timing, snapshot path normalization, etc.

* fix: remove unused basename import in workspaceRegistryService

Fix lint error (no-unused-vars): basename from node:path is no longer used after switching to posixBasename from pathe.

* fix: align resume harness pathClass and wait for banner state on Windows

Two more Windows CI fixes:

- createResumeNoSideEffectKaos now reports pathClass 'win32' on Windows so tool descriptions (e.g. Glob's Windows note) match the live agent in expectResumeMatches, fixing usage/description deep-equal drift.

- kimi-tui-startup once-banner test now waits for writeBannerDisplayState to land before asserting, since the atomic write can lag behind the render on Windows.

* fix: resolve remaining Windows unit test failures

Make the new Windows CI job green across agent-core, kaos, node-sdk and server:

- Align the resume harness kaos pathClass with the live agent so platform-conditional tool descriptions (Glob's Windows note) match in expectResumeMatches instead of drifting on win32.
- Rewrite hook commands in agent-core tests as cross-platform node one-liners; single-quote echo, >&2 and ';' do not work under cmd.exe.
- Add .gitattributes enforcing LF so raw-imported templates (e.g. the compaction instruction) produce byte-identical token counts on Windows and POSIX.
- Terminate the full process tree on Windows in both the hook runner and kaos (taskkill /T /F) so grandchildren cannot outlive their parent and keep the cwd locked.
- Normalize workDir path separators in two kimi-sdk session tests to match the stored canonical form.
- Avoid cmd.exe arg-quoting pitfalls in the kaos cmd.exe test, and run the Windows process-tree kill test from a script file with the pid path passed via argv.
- Give the first fs-git e2e test more time on Windows and retry the temp-dir cleanup; skip the fs-watch overflow-burst assertion on Windows where fs-event coalescing prevents the single-window spike.

* ci: retrigger checks

* fix: resolve remaining Windows failures after merging main

- Terminate the spawned git/gh process tree on Windows in FsGitService (taskkill /T /F on timeout) so a timed-out 'gh pr view' cannot leave a grandchild holding the workspace cwd, which made the fs-git e2e cleanup fail with EPERM.

- Give the fs:git_status e2e suite a longer timeout on Windows and retry the temp-dir cleanup longer to ride out the slower child-process teardown.

- Make the third-party plugin install trust test assert the resolved install path via node:path so it matches the Windows-resolved path (D:\tmp\...) as well as the POSIX one.

* fix: align workspace registry roots and harden fs-git cleanup on Windows

- workspace-registry test: compare normalized (forward-slash) roots, since the registry and session index both store workDir via pathe.resolve (forward slashes on every platform). realpath() yields backslashes on Windows and diverged from the stored root.

- fs-git e2e: bump the temp-dir cleanup retries and the afterEach timeout, since Windows child-process teardown after server.close() is asynchronous and can keep the workspace cwd locked for several seconds.

* test: stub openUrl in kimi-tui-message-flow feedback tests

The /feedback command falls back to openUrl(FEEDBACK_ISSUE_URL) when submission fails, which spawned a real browser window on every test run. Mock #/utils/open-url (matching the existing login/message-replay/server test convention) so the suite never opens a browser.

* test: harden fs-git e2e cleanup against Windows cwd locks

On Windows, git/gh child processes and the session core process can outlive server.close() and keep the temp workspace as their cwd, so rmSync fails with EPERM even after a long retry. Add rmSyncRobust that retries and, if the cwd is still locked, swallows EPERM/EBUSY on Windows — the OS reclaims the temp dir and a cleanup hiccup must not fail an otherwise-passing test.

* test: harden server e2e cleanup against async teardown races

server.close() does not fully await the server's asynchronous teardown, so on a loaded CI runner the temp home/workspace dirs can still be held or written to when the afterEach rmSync runs, failing with EPERM (Windows) or ENOTEMPTY (Linux). Use a rmSyncRobust helper (retry + swallow EPERM/EBUSY/ENOTEMPTY) in the fs-git and question e2e cleanup. Also fix a leftover `throw err` (renamed to `throw error`) that broke the typecheck.
2026-06-26 11:56:41 +08:00

208 lines
6.2 KiB
TypeScript

/**
* Production auth wiring end-to-end (ROADMAP M5.1).
*
* Unlike the override-driven tests (which inject a fixed-token
* `IAuthTokenService`), this file boots `startServer` with NO auth override so
* the REAL `defaultAuth` is built: a persistent token written to
* `<homeDir>/server.token` (0600) plus the HTTP/WS auth hooks. The token
* is read back from disk — exactly what the CLI does (M5.4) — and exercised
* against a gated HTTP route and the WS upgrade path. This proves the
* production wiring, not just the override seam.
*/
import { mkdtempSync, readFileSync, rmSync, statSync } from 'node:fs';
import { tmpdir } from 'node:os';
import { join } from 'node:path';
import { pino } from 'pino';
import { afterEach, beforeEach, describe, expect, it } from 'vitest';
import { WebSocket, type RawData } from 'ws';
import { startServer, type RunningServer } from '../src';
import { rawDataToString } from '../src/ws/rawData';
let tmpDir: string;
let lockPath: string;
let bridgeHome: string;
const running: RunningServer[] = [];
beforeEach(() => {
tmpDir = mkdtempSync(join(tmpdir(), 'kimi-server-auth-wiring-'));
lockPath = join(tmpDir, 'lock');
bridgeHome = mkdtempSync(join(tmpdir(), 'kimi-server-auth-wiring-home-'));
});
afterEach(async () => {
for (const r of running.splice(0)) {
try {
await r.close();
} catch {
// ignore
}
}
rmSync(tmpDir, { recursive: true, force: true });
rmSync(bridgeHome, { recursive: true, force: true });
});
function tokenPath(): string {
return join(bridgeHome, 'server.token');
}
function readToken(): string {
return readFileSync(tokenPath(), 'utf8').trim();
}
async function bootReal(): Promise<RunningServer> {
const r = await startServer({
host: '127.0.0.1',
port: 0,
lockPath,
logger: pino({ level: 'silent' }),
coreProcessOptions: { homeDir: bridgeHome },
});
running.push(r);
return r;
}
function wsUrl(http: string): string {
return http.replace(/^http:\/\//, 'ws://') + '/api/v1/ws';
}
interface WsFrame {
type: string;
[k: string]: unknown;
}
interface Conn {
ws: WebSocket;
queue: WsFrame[];
waiters: Array<(frame: WsFrame) => void>;
closed: Promise<{ code: number; reason: string }>;
}
function openConn(url: string, protocols?: string[]): Promise<Conn> {
return new Promise((resolve, reject) => {
const ws = new WebSocket(url, protocols);
const queue: WsFrame[] = [];
const waiters: Array<(frame: WsFrame) => void> = [];
let closedResolve: (v: { code: number; reason: string }) => void;
const closed = new Promise<{ code: number; reason: string }>((res) => {
closedResolve = res;
});
// Attach the message listener BEFORE 'open' can fire so the immediate
// `server_hello` frame is never dropped.
ws.on('message', (data: RawData) => {
try {
const frame = JSON.parse(rawDataToString(data)) as WsFrame;
if (waiters.length > 0) waiters.shift()?.(frame);
else queue.push(frame);
} catch {
// ignore non-JSON frames
}
});
ws.on('close', (code, reason) => closedResolve({ code, reason: String(reason) }));
ws.once('open', () => resolve({ ws, queue, waiters, closed }));
ws.once('error', reject);
});
}
function receive(conn: Conn, timeoutMs: number): Promise<WsFrame> {
return new Promise((resolve, reject) => {
if (conn.queue.length > 0) {
resolve(conn.queue.shift()!);
return;
}
const t = setTimeout(() => {
const idx = conn.waiters.indexOf(waiter);
if (idx >= 0) conn.waiters.splice(idx, 1);
reject(new Error(`no message within ${timeoutMs}ms`));
}, timeoutMs);
const waiter = (frame: WsFrame): void => {
clearTimeout(t);
resolve(frame);
};
conn.waiters.push(waiter);
});
}
async function receiveType(conn: Conn, type: string, timeoutMs: number): Promise<WsFrame> {
const deadline = Date.now() + timeoutMs;
for (;;) {
const remaining = deadline - Date.now();
if (remaining <= 0) throw new Error(`no message of type ${type} within ${timeoutMs}ms`);
const frame = await receive(conn, remaining);
if (frame.type === type) return frame;
}
}
function expectRejected(url: string): Promise<void> {
return new Promise((resolve, reject) => {
const ws = new WebSocket(url);
const t = setTimeout(
() => done(new Error('connection was not rejected within timeout')),
1500,
);
const done = (err?: Error): void => {
clearTimeout(t);
ws.removeAllListeners();
try {
ws.terminate();
} catch {
// ignore
}
if (err === undefined) {
resolve();
} else {
reject(err);
}
};
ws.once('open', () => done(new Error('connection unexpectedly opened')));
ws.once('error', () => done());
ws.once('close', () => done());
});
}
describe('production auth wiring (M5.1)', () => {
it.skipIf(process.platform === 'win32')('writes a 0600 token file at boot and keeps it on close (persistent)', async () => {
const r = await bootReal();
const p = tokenPath();
const info = statSync(p);
expect(info.mode & 0o777).toBe(0o600);
const token = readToken();
expect(token.length).toBeGreaterThan(0);
await r.close();
// Persistent token: the file survives shutdown so the next start reuses it.
expect(statSync(p).mode & 0o777).toBe(0o600);
});
it('gates HTTP: 200 with the token, 401 without', async () => {
const r = await bootReal();
const token = readToken();
const ok = await fetch(`${r.address}/openapi.json`, {
headers: { Authorization: `Bearer ${token}` },
});
expect(ok.status).toBe(200);
const bad = await fetch(`${r.address}/openapi.json`);
expect(bad.status).toBe(401);
const body = (await bad.json()) as { code: number };
expect(body.code).toBe(40101);
});
it('gates WS: server_hello with the token, rejected without', async () => {
const r = await bootReal();
const token = readToken();
const conn = await openConn(wsUrl(r.address), [`kimi-code.bearer.${token}`]);
const hello = await receiveType(conn, 'server_hello', 1000);
expect(hello.type).toBe('server_hello');
conn.ws.close();
await conn.closed;
await expectRejected(wsUrl(r.address));
});
});