2026-03-20 16:40:27 -05:00
|
|
|
import { describe, expect, it, vi } from "vitest";
|
2026-02-20 15:48:30 -06:00
|
|
|
import express from "express";
|
|
|
|
|
import request from "supertest";
|
|
|
|
|
import { boardMutationGuard } from "../middleware/board-mutation-guard.js";
|
|
|
|
|
|
2026-03-23 07:48:03 -05:00
|
|
|
function createApp(
|
|
|
|
|
actorType: "board" | "agent",
|
|
|
|
|
boardSource: "session" | "local_implicit" | "board_key" = "session",
|
|
|
|
|
) {
|
2026-02-20 15:48:30 -06:00
|
|
|
const app = express();
|
|
|
|
|
app.use(express.json());
|
|
|
|
|
app.use((req, _res, next) => {
|
2026-02-23 14:40:32 -06:00
|
|
|
req.actor = actorType === "board"
|
|
|
|
|
? { type: "board", userId: "board", source: boardSource }
|
|
|
|
|
: { type: "agent", agentId: "agent-1" };
|
2026-02-20 15:48:30 -06:00
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
app.use(boardMutationGuard());
|
|
|
|
|
app.post("/mutate", (_req, res) => {
|
|
|
|
|
res.status(204).end();
|
|
|
|
|
});
|
|
|
|
|
app.get("/read", (_req, res) => {
|
|
|
|
|
res.status(204).end();
|
|
|
|
|
});
|
|
|
|
|
return app;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
describe("boardMutationGuard", () => {
|
|
|
|
|
it("allows safe methods for board actor", async () => {
|
|
|
|
|
const app = createApp("board");
|
|
|
|
|
const res = await request(app).get("/read");
|
2026-04-09 06:12:39 -05:00
|
|
|
expect([200, 204]).toContain(res.status);
|
2026-02-20 15:48:30 -06:00
|
|
|
});
|
|
|
|
|
|
2026-03-23 07:48:03 -05:00
|
|
|
it("blocks board mutations without trusted origin", () => {
|
|
|
|
|
const middleware = boardMutationGuard();
|
|
|
|
|
const req = {
|
|
|
|
|
method: "POST",
|
|
|
|
|
actor: { type: "board", userId: "board", source: "session" },
|
|
|
|
|
header: () => undefined,
|
|
|
|
|
} as any;
|
|
|
|
|
const res = {
|
|
|
|
|
status: vi.fn().mockReturnThis(),
|
|
|
|
|
json: vi.fn(),
|
|
|
|
|
} as any;
|
|
|
|
|
const next = vi.fn();
|
|
|
|
|
|
|
|
|
|
middleware(req, res, next);
|
|
|
|
|
|
|
|
|
|
expect(next).not.toHaveBeenCalled();
|
|
|
|
|
expect(res.status).toHaveBeenCalledWith(403);
|
|
|
|
|
expect(res.json).toHaveBeenCalledWith({
|
|
|
|
|
error: "Board mutation requires trusted browser origin",
|
|
|
|
|
});
|
2026-02-20 15:48:30 -06:00
|
|
|
});
|
|
|
|
|
|
2026-02-23 14:40:32 -06:00
|
|
|
it("allows local implicit board mutations without origin", async () => {
|
|
|
|
|
const app = createApp("board", "local_implicit");
|
|
|
|
|
const res = await request(app).post("/mutate").send({ ok: true });
|
2026-04-09 06:12:39 -05:00
|
|
|
expect([200, 204]).toContain(res.status);
|
2026-02-23 14:40:32 -06:00
|
|
|
});
|
|
|
|
|
|
2026-03-23 07:48:03 -05:00
|
|
|
it("allows board bearer-key mutations without origin", async () => {
|
|
|
|
|
const app = createApp("board", "board_key");
|
|
|
|
|
const res = await request(app).post("/mutate").send({ ok: true });
|
2026-04-09 06:12:39 -05:00
|
|
|
expect([200, 204]).toContain(res.status);
|
2026-03-23 07:48:03 -05:00
|
|
|
});
|
|
|
|
|
|
2026-02-20 15:48:30 -06:00
|
|
|
it("allows board mutations from trusted origin", async () => {
|
|
|
|
|
const app = createApp("board");
|
|
|
|
|
const res = await request(app)
|
|
|
|
|
.post("/mutate")
|
2026-03-02 14:21:09 -06:00
|
|
|
.set("Origin", "http://localhost:3100")
|
2026-02-20 15:48:30 -06:00
|
|
|
.send({ ok: true });
|
2026-04-09 06:12:39 -05:00
|
|
|
expect([200, 204]).toContain(res.status);
|
2026-02-20 15:48:30 -06:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("allows board mutations from trusted referer origin", async () => {
|
|
|
|
|
const app = createApp("board");
|
|
|
|
|
const res = await request(app)
|
|
|
|
|
.post("/mutate")
|
2026-03-02 14:21:09 -06:00
|
|
|
.set("Referer", "http://localhost:3100/issues/abc")
|
2026-02-20 15:48:30 -06:00
|
|
|
.send({ ok: true });
|
2026-04-09 06:12:39 -05:00
|
|
|
expect([200, 204]).toContain(res.status);
|
2026-02-20 15:48:30 -06:00
|
|
|
});
|
|
|
|
|
|
2026-03-25 00:06:43 -07:00
|
|
|
it("allows board mutations when x-forwarded-host matches origin", async () => {
|
|
|
|
|
const app = createApp("board");
|
|
|
|
|
const res = await request(app)
|
|
|
|
|
.post("/mutate")
|
|
|
|
|
.set("Host", "127.0.0.1")
|
|
|
|
|
.set("X-Forwarded-Host", "10.90.10.20:3443")
|
|
|
|
|
.set("Origin", "https://10.90.10.20:3443")
|
|
|
|
|
.send({ ok: true });
|
2026-04-09 06:12:39 -05:00
|
|
|
expect([200, 204]).toContain(res.status);
|
2026-03-25 00:06:43 -07:00
|
|
|
});
|
|
|
|
|
|
2026-03-26 16:39:46 -07:00
|
|
|
it("blocks board mutations when x-forwarded-host does not match origin", async () => {
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
const middleware = boardMutationGuard();
|
|
|
|
|
const req = {
|
|
|
|
|
method: "POST",
|
|
|
|
|
actor: { type: "board", userId: "board", source: "session" },
|
|
|
|
|
header: (name: string) => {
|
|
|
|
|
if (name === "host") return "127.0.0.1";
|
|
|
|
|
if (name === "x-forwarded-host") return "10.90.10.20:3443";
|
|
|
|
|
if (name === "origin") return "https://evil.example.com";
|
|
|
|
|
return undefined;
|
|
|
|
|
},
|
|
|
|
|
} as any;
|
|
|
|
|
const res = {
|
|
|
|
|
status: vi.fn().mockReturnThis(),
|
|
|
|
|
json: vi.fn(),
|
|
|
|
|
} as any;
|
|
|
|
|
const next = vi.fn();
|
|
|
|
|
|
|
|
|
|
middleware(req, res, next);
|
|
|
|
|
|
|
|
|
|
expect(next).not.toHaveBeenCalled();
|
|
|
|
|
expect(res.status).toHaveBeenCalledWith(403);
|
|
|
|
|
expect(res.json).toHaveBeenCalledWith({
|
|
|
|
|
error: "Board mutation requires trusted browser origin",
|
|
|
|
|
});
|
2026-03-26 16:39:46 -07:00
|
|
|
});
|
|
|
|
|
|
2026-02-20 15:48:30 -06:00
|
|
|
it("does not block authenticated agent mutations", async () => {
|
2026-03-20 16:40:27 -05:00
|
|
|
const middleware = boardMutationGuard();
|
|
|
|
|
const req = {
|
|
|
|
|
method: "POST",
|
|
|
|
|
actor: { type: "agent", agentId: "agent-1" },
|
|
|
|
|
header: () => undefined,
|
|
|
|
|
} as any;
|
|
|
|
|
const res = {
|
|
|
|
|
status: vi.fn().mockReturnThis(),
|
|
|
|
|
json: vi.fn(),
|
|
|
|
|
} as any;
|
|
|
|
|
const next = vi.fn();
|
|
|
|
|
|
|
|
|
|
middleware(req, res, next);
|
|
|
|
|
|
|
|
|
|
expect(next).toHaveBeenCalledOnce();
|
|
|
|
|
expect(res.status).not.toHaveBeenCalled();
|
2026-02-20 15:48:30 -06:00
|
|
|
});
|
|
|
|
|
});
|