Hugging Face's logo

Darochin
/
openskynet

English
Spanish
agent
autonomy
research
typescript
nodejs
llm
Model card Files
xet
 Community
openskynet
File size: 4,644 Bytes
fc93158
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
import { describe, expect, it } from "vitest";
import {
  INVALID_EXEC_SECRET_REF_IDS,
  VALID_EXEC_SECRET_REF_IDS,
} from "../test-utils/secret-ref-test-vectors.js";
import { isSecretsApplyPlan, resolveValidatedPlanTarget } from "./plan.js";

describe("secrets plan validation", () => {
  it("accepts legacy provider target types", () => {
    const resolved = resolveValidatedPlanTarget({
      type: "models.providers.apiKey",
      path: "models.providers.openai.apiKey",
      pathSegments: ["models", "providers", "openai", "apiKey"],
      providerId: "openai",
    });
    expect(resolved?.pathSegments).toEqual(["models", "providers", "openai", "apiKey"]);
  });

  it("accepts expanded target types beyond legacy surface", () => {
    const resolved = resolveValidatedPlanTarget({
      type: "channels.telegram.botToken",
      path: "channels.telegram.botToken",
      pathSegments: ["channels", "telegram", "botToken"],
    });
    expect(resolved?.pathSegments).toEqual(["channels", "telegram", "botToken"]);
  });

  it("accepts model provider header targets with wildcard-backed paths", () => {
    const resolved = resolveValidatedPlanTarget({
      type: "models.providers.headers",
      path: "models.providers.openai.headers.x-api-key",
      pathSegments: ["models", "providers", "openai", "headers", "x-api-key"],
      providerId: "openai",
    });
    expect(resolved?.pathSegments).toEqual([
      "models",
      "providers",
      "openai",
      "headers",
      "x-api-key",
    ]);
  });

  it("rejects target paths that do not match the registered shape", () => {
    const resolved = resolveValidatedPlanTarget({
      type: "channels.telegram.botToken",
      path: "channels.telegram.webhookSecret",
      pathSegments: ["channels", "telegram", "webhookSecret"],
    });
    expect(resolved).toBeNull();
  });

  it("validates plan files with non-legacy target types", () => {
    const isValid = isSecretsApplyPlan({
      version: 1,
      protocolVersion: 1,
      generatedAt: "2026-02-28T00:00:00.000Z",
      generatedBy: "manual",
      targets: [
        {
          type: "talk.apiKey",
          path: "talk.apiKey",
          pathSegments: ["talk", "apiKey"],
          ref: { source: "env", provider: "default", id: "TALK_API_KEY" },
        },
      ],
    });
    expect(isValid).toBe(true);
  });

  it("requires agentId for auth-profiles plan targets", () => {
    const withoutAgent = isSecretsApplyPlan({
      version: 1,
      protocolVersion: 1,
      generatedAt: "2026-02-28T00:00:00.000Z",
      generatedBy: "manual",
      targets: [
        {
          type: "auth-profiles.api_key.key",
          path: "profiles.openai:default.key",
          pathSegments: ["profiles", "openai:default", "key"],
          ref: { source: "env", provider: "default", id: "OPENAI_API_KEY" },
        },
      ],
    });
    expect(withoutAgent).toBe(false);

    const withAgent = isSecretsApplyPlan({
      version: 1,
      protocolVersion: 1,
      generatedAt: "2026-02-28T00:00:00.000Z",
      generatedBy: "manual",
      targets: [
        {
          type: "auth-profiles.api_key.key",
          path: "profiles.openai:default.key",
          pathSegments: ["profiles", "openai:default", "key"],
          agentId: "main",
          ref: { source: "env", provider: "default", id: "OPENAI_API_KEY" },
        },
      ],
    });
    expect(withAgent).toBe(true);
  });

  it("accepts valid exec secret ref ids in plans", () => {
    for (const id of VALID_EXEC_SECRET_REF_IDS) {
      const isValid = isSecretsApplyPlan({
        version: 1,
        protocolVersion: 1,
        generatedAt: "2026-03-10T00:00:00.000Z",
        generatedBy: "manual",
        targets: [
          {
            type: "talk.apiKey",
            path: "talk.apiKey",
            pathSegments: ["talk", "apiKey"],
            ref: { source: "exec", provider: "vault", id },
          },
        ],
      });
      expect(isValid, `expected valid plan exec ref id: ${id}`).toBe(true);
    }
  });

  it("rejects invalid exec secret ref ids in plans", () => {
    for (const id of INVALID_EXEC_SECRET_REF_IDS) {
      const isValid = isSecretsApplyPlan({
        version: 1,
        protocolVersion: 1,
        generatedAt: "2026-03-10T00:00:00.000Z",
        generatedBy: "manual",
        targets: [
          {
            type: "talk.apiKey",
            path: "talk.apiKey",
            pathSegments: ["talk", "apiKey"],
            ref: { source: "exec", provider: "vault", id },
          },
        ],
      });
      expect(isValid, `expected invalid plan exec ref id: ${id}`).toBe(false);
    }
  });
});