boss/tests/boss-agent-status.test.mjs

import test from "node:test";
import assert from "node:assert/strict";
import { readFileSync } from "node:fs";

import {
  buildBossAgentStatus,
  mergeBossAgentAppTccPermissions,
  mergeBossAgentStoredNativePermissions,
  mergeBossAgentNativePermissionOverrides,
  renderBossAgentHtml,
  renderBossAgentHtmlWithQr,
} from "../local-agent/boss-agent-status.mjs";

test("boss-agent status exposes unbound QR binding and local permission states", () => {
  const status = buildBossAgentStatus(
    {
      deviceId: "macbook-air",
      name: "MacBook Air",
      avatar: "A",
      account: "",
      controlPlaneUrl: "https://boss.hyzq.net",
      pairingCode: "482913",
      token: "",
      primaryApiLabel: "DeepSeek V4",
      backupApiLabel: "未启用",
      licenseExpiresAt: "2027-05-12T00:00:00.000Z",
    },
    {
      lastHeartbeatOk: true,
      lastHeartbeatStatus: 200,
      lastHeartbeatAt: "2026-05-12T05:00:00.000Z",
      lastSkills: [
        { name: "bb-browser", category: "MacBook Air", path: "/Users/jas/.codex/skills/bb-browser/SKILL.md" },
        { name: "skill-installer", category: ".system", path: "/Users/jas/.codex/skills/.system/skill-installer/SKILL.md" },
      ],
      lastSkillSyncOk: true,
      lastSkillSyncAt: "2026-05-12T05:30:00.000Z",
    },
    {
      permissions: {
        accessibility: "granted",
        screenRecording: "missing",
        automation: "unknown",
      },
      now: "2026-05-12T06:00:00.000Z",
    },
  );

  assert.equal(status.appName, "boss-agent");
  assert.equal(status.binding.bound, false);
  assert.equal(status.binding.qrPayload.includes("pairingCode=482913"), true);
  assert.equal(status.server.ok, true);
  assert.equal(status.api.primary, "DeepSeek V4");
  assert.equal(status.api.backup, "未启用");
  assert.equal(status.license.status, "pending_binding");
  assert.equal(status.skills.total, 2);
  assert.equal(status.skills.syncOk, true);
  assert.equal(status.permissionReadiness.coreReady, false);
  assert.equal(status.permissionReadiness.fullControlReady, false);
  assert.match(status.permissionReadiness.summary, /基础桌面控制/);
  assert.equal(status.permissionSetup.mode, "minimal_computer_use");
  assert.equal(status.permissionSetup.silentUseReady, false);
  assert.deepEqual(
    status.permissionSetup.actions.map((action) => action.key),
    ["accessibility", "screenRecording"],
  );
  assert.equal(
    status.permissionSetup.actions.every((action) => action.settingsUrl.startsWith("x-apple.systempreferences:")),
    true,
  );
  assert.equal(
    status.permissionSetup.actions.find((action) => action.key === "screenRecording")?.settingsUrl,
    "x-apple.systempreferences:com.apple.settings.PrivacySecurity.extension?Privacy_ScreenCapture",
  );
  assert.deepEqual(
    status.permissions.items.map((item) => [item.key, item.status]),
    [
      ["accessibility", "granted"],
      ["screenRecording", "missing"],
    ],
  );
  assert.deepEqual(status.permissions.extendedItems, []);
});

test("boss-agent status treats token-backed devices as bound and renders enterprise UI", () => {
  const status = buildBossAgentStatus(
    {
      deviceId: "mac-studio",
      name: "Mac Studio",
      avatar: "M",
      account: "krisolo",
      controlPlaneUrl: "https://boss.hyzq.net",
      token: "boss-secret-token",
      primaryApiLabel: "DeepSeek V4",
      backupApiLabel: "OpenAI 备用",
      license: {
        enterpriseName: "默认公司",
        status: "valid",
        expiresAt: "2027-05-12T00:00:00.000Z",
      },
    },
    {
      lastHeartbeatOk: true,
      lastHeartbeatStatus: 200,
      lastHeartbeatAt: "2026-05-12T05:00:00.000Z",
      lastSkills: [
        { name: "bb-browser", category: "MacBook Air", path: "/Users/jas/.codex/skills/bb-browser/SKILL.md" },
        { name: "skill-installer", category: ".system", path: "/Users/jas/.codex/skills/.system/skill-installer/SKILL.md" },
      ],
      lastSkillSyncOk: true,
    },
    {
      permissions: {
        accessibility: "granted",
        screenRecording: "granted",
        automation: "granted",
        fullDiskAccess: "missing",
        inputMonitoring: "unknown",
      },
      now: "2026-05-12T06:00:00.000Z",
    },
  );

  assert.equal(status.binding.bound, true);
  assert.equal(status.binding.account, "krisolo");
  assert.equal(status.license.status, "valid");
  assert.equal(status.license.enterpriseName, "默认公司");

  const html = renderBossAgentHtml(status);
  assert.match(html, /boss-agent/);
  assert.match(html, /企业电脑接入端/);
  assert.match(html, /本机权限获取/);
  assert.match(html, /href="\/boss-agent\?tab=permissions"><span>本机权限获取<\/span>/);
  assert.match(html, /href="\/boss-agent\?tab=skills"><span>Skill<\/span>/);
  assert.match(html, /class="active" href="\/boss-agent\?tab=overview"/);
  assert.doesNotMatch(html, /<section class="sidebar-card">/);
  assert.doesNotMatch(html, /<div class="sidebar-title">本机权限获取<\/div>/);
  assert.match(html, /Skill/);
  assert.match(html, /DeepSeek V4/);
  assert.match(html, /默认公司/);
  assert.doesNotMatch(html, /boss-secret-token/);
  assert.doesNotMatch(html, /<h2>本机电脑权限状态<\/h2>/);
});

test("boss-agent permission and skill menu entries render as separate tab pages", () => {
  const status = buildBossAgentStatus(
    {
      deviceId: "mac-studio",
      name: "Mac Studio",
      avatar: "M",
      account: "krisolo",
      controlPlaneUrl: "https://boss.hyzq.net",
      token: "boss-secret-token",
      primaryApiLabel: "DeepSeek V4",
      license: {
        enterpriseName: "默认公司",
        status: "valid",
      },
    },
    {
      lastHeartbeatOk: true,
      lastSkills: [
        { name: "bb-browser", category: "MacBook Air", path: "/Users/jas/.codex/skills/bb-browser/SKILL.md" },
      ],
      lastSkillSyncOk: true,
    },
    {
      permissions: {
        accessibility: "granted",
        screenRecording: "granted",
        automation: "granted",
        fullDiskAccess: "missing",
      },
    },
  );

  const permissionsHtml = renderBossAgentHtml(status, { activeTab: "permissions" });
  assert.match(permissionsHtml, /class="active" href="\/boss-agent\?tab=permissions"/);
  assert.match(permissionsHtml, /<h2>基础桌面控制授权<\/h2>/);
  assert.match(permissionsHtml, /基础桌面控制已可用/);
  assert.match(permissionsHtml, /后续静默使用/);
  assert.match(permissionsHtml, /api\/v1\/boss-agent\/permissions\/open\?target=core&amp;returnTab=permissions/);
  assert.doesNotMatch(permissionsHtml, /fullDiskAccess|inputMonitoring|automation|microphone|camera|localNetwork|notifications/);
  assert.doesNotMatch(permissionsHtml, /<h2>Skill 部署情况<\/h2>/);

  const skillsHtml = renderBossAgentHtml(status, { activeTab: "skills" });
  assert.match(skillsHtml, /class="active" href="\/boss-agent\?tab=skills"/);
  assert.match(skillsHtml, /<h2>Skill 部署情况<\/h2>/);
  assert.match(skillsHtml, /bb-browser/);
  assert.doesNotMatch(skillsHtml, /<h2>基础桌面控制授权<\/h2>/);
});

test("boss-agent only exposes accessibility and screen recording permission requests", () => {
  const status = buildBossAgentStatus(
    {
      deviceId: "macbook-air",
      name: "MacBook Air",
      account: "krisolo",
      token: "boss-secret-token",
    },
    {
      lastHeartbeatOk: true,
    },
    {
      permissions: {
        accessibility: "granted",
        screenRecording: "granted",
        automation: "missing",
        fullDiskAccess: "missing",
        inputMonitoring: "missing",
        microphone: "missing",
        camera: "missing",
        localNetwork: "missing",
      },
    },
  );

  assert.equal(status.permissionReadiness.coreReady, true);
  assert.equal(status.permissionSetup.silentUseReady, true);
  assert.equal(status.permissionSetup.primaryAction.href, "/api/v1/boss-agent/permissions/open?target=core&returnTab=permissions");
  assert.match(status.permissionReadiness.summary, /基础桌面控制已可用/);
  assert.deepEqual(status.permissionSetup.missingRequiredKeys, []);
  assert.deepEqual(
    status.permissions.items.map((item) => item.key),
    ["accessibility", "screenRecording"],
  );
  assert.deepEqual(status.permissions.extendedItems, []);
  assert.deepEqual(
    status.permissionSetup.actions.map((action) => action.key),
    ["accessibility", "screenRecording"],
  );
  assert.deepEqual(status.permissionSetup.optionalMissingKeys, []);
});

test("boss-agent native permission overrides only update core desktop-control permissions", () => {
  const merged = mergeBossAgentNativePermissionOverrides(
    {
      accessibility: "missing",
      screenRecording: "missing",
      automation: "granted",
      camera: "unknown",
      microphone: "unknown",
    },
    new URLSearchParams({
      nativeAccessibility: "granted",
      nativeCamera: "granted",
      nativeMicrophone: "missing",
      nativeScreenRecording: "granted",
      nativeInputMonitoring: "granted",
    }),
  );

  assert.deepEqual(merged, {
    accessibility: "granted",
    screenRecording: "granted",
  });
});

test("boss-agent native missing values do not downgrade confirmed app grants", () => {
  const merged = mergeBossAgentNativePermissionOverrides(
    {
      accessibility: "granted",
      screenRecording: "granted",
    },
    new URLSearchParams({
      nativeAccessibility: "missing",
      nativeScreenRecording: "missing",
    }),
  );

  assert.deepEqual(merged, {
    accessibility: "granted",
    screenRecording: "granted",
  });
});

test("boss-agent permission detection trusts app bundle TCC grants over node process checks", () => {
  const merged = mergeBossAgentAppTccPermissions(
    {
      accessibility: "missing",
      screenRecording: "missing",
    },
    "kTCCServiceAccessibility|2\nkTCCServiceScreenCapture|2",
  );

  assert.deepEqual(merged, {
    accessibility: "granted",
    screenRecording: "granted",
  });
});

test("boss-agent permission detection trusts stored native app permission grants", () => {
  const merged = mergeBossAgentStoredNativePermissions(
    {
      accessibility: "missing",
      screenRecording: "missing",
    },
    {
      accessibility: "granted",
      screenRecording: "granted",
    },
  );

  assert.deepEqual(merged, {
    accessibility: "granted",
    screenRecording: "granted",
  });
});

test("boss-agent unbound HTML renders a real scannable QR image when qrcode is available", async () => {
  const status = buildBossAgentStatus(
    {
      deviceId: "macbook-air",
      name: "MacBook Air",
      controlPlaneUrl: "https://boss.hyzq.net",
      pairingCode: "482913",
    },
    {
      lastHeartbeatOk: true,
      lastHeartbeatStatus: 200,
    },
    {
      permissions: {},
    },
  );

  const html = await renderBossAgentHtmlWithQr(status);
  assert.match(html, /data:image\/png;base64/);
  assert.match(html, /Boss APP 绑定二维码/);
});

test("boss-agent mac app intercepts permission links and triggers native app permission requests", () => {
  const swiftSource = readFileSync("apps/boss-agent-mac/Sources/BossAgentApp.swift", "utf8");
  const buildScript = readFileSync("scripts/build-boss-agent-mac-app.sh", "utf8");

  assert.match(swiftSource, /decidePolicyFor navigationAction/);
  assert.match(swiftSource, /api\/v1\/boss-agent\/permissions\/open/);
  assert.match(swiftSource, /NSApp\.activate\(ignoringOtherApps: true\)/);
  assert.match(swiftSource, /NSAppleEventManager\.shared\(\)\.setEventHandler/);
  assert.match(swiftSource, /kAEGetURL/);
  assert.match(swiftSource, /handleGetUrlEvent/);
  assert.match(swiftSource, /--request-permission/);
  assert.match(swiftSource, /--return-tab/);
  assert.match(swiftSource, /target == "core"/);
  assert.match(swiftSource, /lastPermissionRequestTarget/);
  assert.match(swiftSource, /AXIsProcessTrustedWithOptions/);
  assert.match(swiftSource, /CGRequestScreenCaptureAccess/);
  assert.match(swiftSource, /tccPermissionStatus/);
  assert.match(swiftSource, /kTCCServiceScreenCapture/);
  assert.doesNotMatch(swiftSource, /AVCaptureDevice\.requestAccess|UNUserNotificationCenter|import IOKit\.hid|CGRequestListenEventAccess|IOHIDRequestAccess|CGEvent\.tapCreate|NWBrowser/);
  assert.match(swiftSource, /NSWorkspace\.shared\.open/);
  assert.match(swiftSource, /deadline: \.now\(\) \+ 0\.45/);
  assert.match(swiftSource, /loadAgentPanel\(tab:/);
  assert.match(swiftSource, /returnTab/);
  assert.match(swiftSource, /nativePermissionQueryItems/);
  assert.doesNotMatch(swiftSource, /nativeCamera|nativeMicrophone|nativeInputMonitoring|privacy-localnetwork|Privacy_ListenEvent/);
  assert.doesNotMatch(swiftSource, /com\.apple\.preference\.security\?Privacy_ListenEvent/);
  assert.match(swiftSource, /func application\(_ application: NSApplication, open urls: \[URL\]\)/);
  assert.match(swiftSource, /isBossAgentDeepLink/);
  assert.match(swiftSource, /NSApplication\.didBecomeActiveNotification/);
  assert.doesNotMatch(buildScript, /NSMicrophoneUsageDescription|NSCameraUsageDescription|NSAppleEventsUsageDescription|NSLocalNetworkUsageDescription|NSInputMonitoringUsageDescription|framework IOKit|framework Network|framework UserNotifications|framework AVFoundation/);
  assert.match(buildScript, /CFBundleURLTypes/);
  assert.match(buildScript, /boss-agent/);
  assert.match(buildScript, /CFBundleIconFile/);
  assert.match(buildScript, /BossAgent\.icns/);
  assert.match(buildScript, /iconutil -c icns/);
  assert.match(buildScript, /BOSS_AGENT_CODESIGN_IDENTITY/);
  assert.match(buildScript, /security find-identity -v -p codesigning/);
  assert.match(buildScript, /falling back to ad-hoc signing/);
  assert.match(buildScript, /codesign --force --deep --timestamp=none --sign "\$SIGNING_IDENTITY" "\$APP_DIR"/);

  const statusSource = readFileSync("local-agent/boss-agent-status.mjs", "utf8");
  assert.match(statusSource, /boss-agent:\/\/permissions\/open/);
  assert.match(statusSource, /com\.hyzq\.boss\.agent/);
  assert.match(statusSource, /"-na"/);
  assert.match(statusSource, /--request-permission/);
  assert.match(statusSource, /\/Applications\/boss-agent\.app/);
  assert.match(statusSource, /nativeRequest/);
});