Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3fb5a60bf6abedb6284d1c57fdb97a0a484a89db
Void-Homelab/tests/api/agents.test.js
root 5437b68316 feat(api): agents routes + token mgmt (owner-only) 
Add lib/api/routes/agents.js: list/create/get, PATCH capabilities,
mint token (plaintext returned exactly once, then bcrypt-hashed),
revoke token. All endpoints gated by requireOwner so an agent token
can never bootstrap a new agent or grant itself capabilities.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-31 21:05:42 +10:00

71 lines
2.8 KiB
JavaScript
Raw Blame History

import { describe, it, expect, beforeAll } from 'vitest';
import request from 'supertest';
import { setup } from './helpers.js';
import * as agentsRepo from '../../lib/db/repos/agents.js';
let app, ownerHeaders;
const owner = { kind: 'user', id: null };
async function mintAgentToken(slug, caps = { read: true }) {
const a = await agentsRepo.create({
slug, name: slug, kind: 'claude', model: 'sonnet',
capabilities: caps, scopes: {}
}, owner);
const { token } = await agentsRepo.createToken(a.id, 'h');
return { Authorization: `Bearer ${token}` };
}
beforeAll(async () => { ({ app, ownerHeaders } = await setup()); });
describe('agents routes (owner-only)', () => {
it('GET /api/agents requires owner', async () => {
const headers = await mintAgentToken(`x-${Date.now()}`);
const res = await request(app).get('/api/agents').set(headers);
expect(res.status).toBe(403);
});
it('owner can POST agent and mint token', async () => {
const slug = `m-${Date.now()}`;
const create = await request(app).post('/api/agents').set(ownerHeaders).send({
slug, name: 'Mercy', kind: 'claude', model: 'sonnet',
capabilities: { read: true, write: true }, scopes: { page: true }
});
expect(create.status).toBe(201);
const mint = await request(app).post(`/api/agents/${create.body.id}/tokens`).set(ownerHeaders)
.send({ label: 'laptop' });
expect(mint.status).toBe(201);
expect(mint.body.token).toBeDefined();
expect(mint.body.token).toMatch(/^vk_/);
expect(mint.body.id).toBeDefined();
const auth = { Authorization: `Bearer ${mint.body.token}` };
const spacesList = await request(app).get('/api/spaces').set(auth);
expect(spacesList.status).toBe(200);
const revoke = await request(app).delete(`/api/agent-tokens/${mint.body.id}`).set(ownerHeaders);
expect(revoke.status).toBe(204);
const after = await request(app).get('/api/spaces').set(auth);
expect(after.status).toBe(401);
});
it('PATCH /:id/capabilities updates caps', async () => {
const slug = `c-${Date.now()}`;
const create = await request(app).post('/api/agents').set(ownerHeaders).send({
slug, name: slug, kind: 'claude'
});
const res = await request(app).patch(`/api/agents/${create.body.id}/capabilities`).set(ownerHeaders)
.send({ capabilities: { read: true, suggest: true }, scopes: { page: true } });
expect(res.status).toBe(200);
expect(res.body.capabilities.suggest).toBe(true);
expect(res.body.scopes.page).toBe(true);
});
it('agent token cannot POST a new agent', async () => {
const headers = await mintAgentToken(`e-${Date.now()}`, { read: true, write: true });
const res = await request(app).post('/api/agents').set(headers).send({
slug: `bad-${Date.now()}`, name: 'Bad', kind: 'claude'
});
expect(res.status).toBe(403);
});
});
Reference in New Issue View Git Blame Copy Permalink