test: add comprehensive server-side tests for remote-control-server

165 tests covering store, auth, event-bus, services, work-dispatch,
ws-handler, and middleware modules. Also includes ws-handler fix to
replay all events (inbound + outbound) for bridge reconnection.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: claude-code-best

packages/remote-control-server/src/__tests__/auth.test.ts

@@ -0,0 +1,162 @@
+import { describe, test, expect, beforeEach, afterAll, mock, spyOn } from "bun:test";
+
+// Mock config before importing modules that depend on it
+const mockConfig = {
+  port: 3000,
+  host: "0.0.0.0",
+  apiKeys: ["test-key-1", "test-key-2"],
+  baseUrl: "",
+  pollTimeout: 8,
+  heartbeatInterval: 20,
+  jwtExpiresIn: 3600,
+  disconnectTimeout: 300,
+};
+
+mock.module("../config", () => ({
+  config: mockConfig,
+  getBaseUrl: () => "http://localhost:3000",
+}));
+
+import { validateApiKey, hashApiKey } from "../auth/api-key";
+import { generateWorkerJwt, verifyWorkerJwt } from "../auth/jwt";
+import { issueToken, resolveToken } from "../auth/token";
+import { storeReset, storeCreateUser } from "../store";
+
+// ---------- api-key ----------
+
+describe("validateApiKey", () => {
+  test("validates a configured API key", () => {
+    expect(validateApiKey("test-key-1")).toBe(true);
+    expect(validateApiKey("test-key-2")).toBe(true);
+  });
+
+  test("rejects unknown key", () => {
+    expect(validateApiKey("unknown-key")).toBe(false);
+  });
+
+  test("rejects undefined", () => {
+    expect(validateApiKey(undefined)).toBe(false);
+  });
+
+  test("rejects empty string", () => {
+    expect(validateApiKey("")).toBe(false);
+  });
+});
+
+describe("hashApiKey", () => {
+  test("produces consistent SHA-256 hex", () => {
+    const hash = hashApiKey("my-key");
+    expect(hash).toMatch(/^[0-9a-f]{64}$/);
+    expect(hashApiKey("my-key")).toBe(hash);
+  });
+
+  test("different keys produce different hashes", () => {
+    expect(hashApiKey("key-a")).not.toBe(hashApiKey("key-b"));
+  });
+});
+
+// ---------- jwt ----------
+
+describe("JWT", () => {
+  // JWT reads process.env.RCS_API_KEYS directly (not via config)
+  const originalKeys = process.env.RCS_API_KEYS;
+
+  beforeEach(() => {
+    process.env.RCS_API_KEYS = "jwt-test-secret";
+  });
+
+  afterAll(() => {
+    process.env.RCS_API_KEYS = originalKeys;
+  });
+
+  describe("generateWorkerJwt", () => {
+    test("produces a three-part base64url token", () => {
+      const token = generateWorkerJwt("ses_123", 3600);
+      const parts = token.split(".");
+      expect(parts).toHaveLength(3);
+      for (const part of parts) {
+        expect(part).toMatch(/^[A-Za-z0-9_-]+$/);
+      }
+    });
+
+    test("contains correct header", () => {
+      const token = generateWorkerJwt("ses_123", 3600);
+      const header = JSON.parse(atob(token.split(".")[0].replace(/-/g, "+").replace(/_/g, "/")));
+      expect(header.alg).toBe("HS256");
+      expect(header.typ).toBe("JWT");
+    });
+
+    test("throws when no API key configured", () => {
+      delete process.env.RCS_API_KEYS;
+      expect(() => generateWorkerJwt("ses_123", 3600)).toThrow("No API key configured");
+      process.env.RCS_API_KEYS = "jwt-test-secret";
+    });
+  });
+
+  describe("verifyWorkerJwt", () => {
+    test("verifies a valid token", () => {
+      const token = generateWorkerJwt("ses_abc", 3600);
+      const payload = verifyWorkerJwt(token);
+      expect(payload).not.toBeNull();
+      expect(payload!.session_id).toBe("ses_abc");
+      expect(payload!.role).toBe("worker");
+      expect(payload!.iat).toBeGreaterThan(0);
+      expect(payload!.exp).toBeGreaterThan(payload!.iat);
+    });
+
+    test("returns null for expired token", () => {
+      const token = generateWorkerJwt("ses_old", -10);
+      expect(verifyWorkerJwt(token)).toBeNull();
+    });
+
+    test("returns null for malformed token (not 3 parts)", () => {
+      expect(verifyWorkerJwt("a.b")).toBeNull();
+      expect(verifyWorkerJwt("just-a-string")).toBeNull();
+    });
+
+    test("returns null for tampered signature", () => {
+      const token = generateWorkerJwt("ses_123", 3600);
+      const parts = token.split(".");
+      const tampered = `${parts[0]}.${parts[1]}.${parts[2].slice(0, -4)}xxxx`;
+      expect(verifyWorkerJwt(tampered)).toBeNull();
+    });
+
+    test("returns null for wrong signing key", () => {
+      const token = generateWorkerJwt("ses_123", 3600);
+      process.env.RCS_API_KEYS = "wrong-key";
+      expect(verifyWorkerJwt(token)).toBeNull();
+      process.env.RCS_API_KEYS = "jwt-test-secret";
+    });
+  });
+});
+
+// ---------- token ----------
+
+describe("issueToken / resolveToken", () => {
+  beforeEach(() => {
+    storeReset();
+  });
+
+  test("issues and resolves a token", () => {
+    storeCreateUser("alice");
+    const { token, expires_in } = issueToken("alice");
+    expect(token).toMatch(/^rct_\d+_[0-9a-f]+$/);
+    expect(expires_in).toBe(86400);
+    expect(resolveToken(token)).toBe("alice");
+  });
+
+  test("returns null for unknown token", () => {
+    expect(resolveToken("nonexistent")).toBeNull();
+  });
+
+  test("returns null for undefined token", () => {
+    expect(resolveToken(undefined)).toBeNull();
+  });
+
+  test("tokens are unique", () => {
+    storeCreateUser("alice");
+    const t1 = issueToken("alice").token;
+    const t2 = issueToken("alice").token;
+    expect(t1).not.toBe(t2);
+  });
+});

packages/remote-control-server/src/__tests__/event-bus.test.ts

@@ -0,0 +1,176 @@
+import { describe, test, expect, beforeEach } from "bun:test";
+import { EventBus, getEventBus, removeEventBus, getAllEventBuses } from "../transport/event-bus";
+
+describe("EventBus", () => {
+  let bus: EventBus;
+
+  beforeEach(() => {
+    bus = new EventBus();
+  });
+
+  describe("publish", () => {
+    test("publishes event with seqNum starting at 1", () => {
+      const event = bus.publish({
+        id: "e1",
+        sessionId: "s1",
+        type: "user",
+        payload: { content: "hello" },
+        direction: "outbound",
+      });
+      expect(event.seqNum).toBe(1);
+      expect(event.createdAt).toBeGreaterThan(0);
+    });
+
+    test("increments seqNum on each publish", () => {
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      bus.publish({ id: "e2", sessionId: "s1", type: "assistant", payload: {}, direction: "inbound" });
+      const event = bus.publish({ id: "e3", sessionId: "s1", type: "result", payload: {}, direction: "inbound" });
+      expect(event.seqNum).toBe(3);
+    });
+
+    test("throws when publishing to a closed bus", () => {
+      bus.close();
+      expect(() =>
+        bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" }),
+      ).toThrow("EventBus is closed");
+    });
+  });
+
+  describe("subscribe", () => {
+    test("receives published events", () => {
+      const received: unknown[] = [];
+      bus.subscribe((event) => received.push(event));
+
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: { content: "hi" }, direction: "outbound" });
+      expect(received).toHaveLength(1);
+      expect((received[0] as any).payload).toEqual({ content: "hi" });
+    });
+
+    test("unsubscribe stops receiving events", () => {
+      const received: unknown[] = [];
+      const unsub = bus.subscribe((event) => received.push(event));
+      unsub();
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      expect(received).toHaveLength(0);
+    });
+
+    test("multiple subscribers all receive events", () => {
+      const r1: unknown[] = [];
+      const r2: unknown[] = [];
+      bus.subscribe((e) => r1.push(e));
+      bus.subscribe((e) => r2.push(e));
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      expect(r1).toHaveLength(1);
+      expect(r2).toHaveLength(1);
+    });
+
+    test("subscriber error does not affect other subscribers", () => {
+      const received: unknown[] = [];
+      bus.subscribe(() => {
+        throw new Error("boom");
+      });
+      bus.subscribe((e) => received.push(e));
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      expect(received).toHaveLength(1);
+    });
+
+    test("subscriberCount", () => {
+      expect(bus.subscriberCount()).toBe(0);
+      const unsub1 = bus.subscribe(() => {});
+      expect(bus.subscriberCount()).toBe(1);
+      const unsub2 = bus.subscribe(() => {});
+      expect(bus.subscriberCount()).toBe(2);
+      unsub1();
+      expect(bus.subscriberCount()).toBe(1);
+    });
+  });
+
+  describe("getEventsSince", () => {
+    test("returns events after given seqNum", () => {
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      bus.publish({ id: "e2", sessionId: "s1", type: "assistant", payload: {}, direction: "inbound" });
+      bus.publish({ id: "e3", sessionId: "s1", type: "result", payload: {}, direction: "inbound" });
+
+      const events = bus.getEventsSince(1);
+      expect(events).toHaveLength(2);
+      expect(events[0].seqNum).toBe(2);
+      expect(events[1].seqNum).toBe(3);
+    });
+
+    test("returns empty for seqNum beyond last", () => {
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      expect(bus.getEventsSince(1)).toHaveLength(0);
+    });
+
+    test("returns all events when seqNum is 0", () => {
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      bus.publish({ id: "e2", sessionId: "s1", type: "assistant", payload: {}, direction: "inbound" });
+      expect(bus.getEventsSince(0)).toHaveLength(2);
+    });
+  });
+
+  describe("getLastSeqNum", () => {
+    test("returns 0 for empty bus", () => {
+      expect(bus.getLastSeqNum()).toBe(0);
+    });
+
+    test("returns last seqNum after publishes", () => {
+      bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      bus.publish({ id: "e2", sessionId: "s1", type: "user", payload: {}, direction: "outbound" });
+      expect(bus.getLastSeqNum()).toBe(2);
+    });
+  });
+
+  describe("close", () => {
+    test("clears subscribers and prevents publishing", () => {
+      bus.subscribe(() => {});
+      bus.close();
+      expect(bus.subscriberCount()).toBe(0);
+      expect(() => bus.publish({ id: "e1", sessionId: "s1", type: "user", payload: {}, direction: "outbound" })).toThrow();
+    });
+  });
+});
+
+describe("EventBus registry", () => {
+  beforeEach(() => {
+    // Clean up global registry
+    for (const [key] of getAllEventBuses()) {
+      removeEventBus(key);
+    }
+  });
+
+  describe("getEventBus", () => {
+    test("creates new bus for unknown session", () => {
+      const bus = getEventBus("s1");
+      expect(bus).toBeInstanceOf(EventBus);
+      expect(getAllEventBuses().has("s1")).toBe(true);
+    });
+
+    test("returns same bus for same session", () => {
+      const bus1 = getEventBus("s1");
+      const bus2 = getEventBus("s1");
+      expect(bus1).toBe(bus2);
+    });
+  });
+
+  describe("removeEventBus", () => {
+    test("removes and closes bus", () => {
+      const bus = getEventBus("s2");
+      removeEventBus("s2");
+      expect(getAllEventBuses().has("s2")).toBe(false);
+      expect(() => bus.publish({ id: "e1", sessionId: "s2", type: "user", payload: {}, direction: "outbound" })).toThrow();
+    });
+
+    test("no-op for non-existent bus", () => {
+      expect(() => removeEventBus("nonexistent")).not.toThrow();
+    });
+  });
+
+  describe("getAllEventBuses", () => {
+    test("returns all registered buses", () => {
+      getEventBus("a");
+      getEventBus("b");
+      expect(getAllEventBuses().size).toBeGreaterThanOrEqual(2);
+    });
+  });
+});