Merge branch 'codex/production-intelligence-terminal' into codex/issue-15-fetch-metrics

test/acled-source.test.mjs

@@ -0,0 +1,95 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { authenticate, briefing, resetAcledSessionCache } from '../apis/sources/acled.mjs';
+
+function jsonResponse(status, body, ok = status >= 200 && status < 300) {
+  return {
+    ok,
+    status,
+    headers: { getSetCookie: () => [] },
+    json: async () => body,
+    text: async () => JSON.stringify(body),
+  };
+}
+
+test('ACLED reports missing credentials without network access', async () => {
+  resetAcledSessionCache();
+  let calls = 0;
+  const data = await briefing({
+    env: {},
+    fetchImpl: async () => {
+      calls++;
+      throw new Error('unexpected network access');
+    },
+  });
+
+  assert.equal(calls, 0);
+  assert.equal(data.status, 'no_credentials');
+  assert.equal(data.error, 'missing_acled_credentials');
+  assert.deepEqual(data.missing, ['ACLED_EMAIL', 'ACLED_PASSWORD']);
+});
+
+test('ACLED accepts ACLED_USER as email alias and returns empty valid result', async () => {
+  resetAcledSessionCache();
+  const urls = [];
+  const data = await briefing({
+    env: { ACLED_USER: 'analyst@example.test', ACLED_PASSWORD: 'secret' },
+    fetchImpl: async url => {
+      urls.push(String(url));
+      if (String(url).includes('/oauth/token')) {
+        return jsonResponse(200, { access_token: 'token' });
+      }
+      return jsonResponse(200, { status: 200, data: [] });
+    },
+  });
+
+  assert.equal(data.status, 'ok');
+  assert.equal(data.totalEvents, 0);
+  assert.ok(urls.some(url => url.includes('/oauth/token')));
+  assert.ok(urls.some(url => url.includes('/api/acled/read')));
+});
+
+test('ACLED classifies auth failure without exposing credentials', async () => {
+  resetAcledSessionCache();
+  const result = await authenticate({
+    env: { ACLED_EMAIL: 'analyst@example.test', ACLED_PASSWORD: 'super-secret' },
+    fetchImpl: async url => {
+      if (String(url).includes('/oauth/token')) {
+        return jsonResponse(401, { error: 'invalid_grant' }, false);
+      }
+      return {
+        ok: false,
+        status: 403,
+        headers: { getSetCookie: () => [] },
+        text: async () => 'forbidden',
+      };
+    },
+  });
+
+  assert.equal(result.status, 'auth_failed');
+  assert.equal(result.error, 'acled_auth_failed');
+  assert.equal(result.diagnostics.length, 2);
+  assert.doesNotMatch(JSON.stringify(result), /super-secret/);
+});
+
+test('ACLED classifies data access denied distinctly from auth failure', async () => {
+  resetAcledSessionCache();
+  const data = await briefing({
+    env: { ACLED_EMAIL: 'analyst@example.test', ACLED_PASSWORD: 'secret' },
+    fetchImpl: async url => {
+      if (String(url).includes('/oauth/token')) {
+        return jsonResponse(200, { access_token: 'token' });
+      }
+      return {
+        ok: false,
+        status: 403,
+        headers: { getSetCookie: () => [] },
+        text: async () => 'terms not accepted',
+      };
+    },
+  });
+
+  assert.equal(data.status, 'access_denied');
+  assert.equal(data.error, 'acled_data_http_403');
+  assert.match(data.hint, /Accept ACLED terms/);
+});

test/fetch-utils.test.mjs

@@ -1,5 +1,6 @@
 import test from 'node:test';
 import assert from 'node:assert/strict';
+import { readFileSync } from 'node:fs';
 import { safeFetch, safeFetchText, getFetchMetrics } from '../apis/utils/fetch.mjs';
 
 test('safeFetch reports HTML as degraded JSON response', async () => {
@@ -98,3 +99,18 @@ test('safeFetchText returns text and byte count', async () => {
     globalThis.fetch = originalFetch;
   }
 });
+
+test('scenario watchlist feature is wired into sweep, briefing, and dashboard', () => {
+  const scenarios = readFileSync(new URL('../lib/scenarios.mjs', import.meta.url), 'utf8');
+  const server = readFileSync(new URL('../server.mjs', import.meta.url), 'utf8');
+  const html = readFileSync(new URL('../dashboard/public/jarvis.html', import.meta.url), 'utf8');
+  const readme = readFileSync(new URL('../README.md', import.meta.url), 'utf8');
+  assert.match(scenarios, /DEFAULT_SCENARIOS/);
+  assert.match(scenarios, /runsDir, 'scenarios\.json'/);
+  assert.match(scenarios, /scenario-state\.json/);
+  assert.match(scenarios, /watching.*building.*confirmed/s);
+  assert.match(server, /evaluateScenarios\(synthesized, delta, RUNS_DIR\)/);
+  assert.match(server, /\*Scenario Watchlist\*/);
+  assert.match(html, /Scenario Watchlist/);
+  assert.match(readme, /runs\/scenarios\.json/);
+});

test/reddit-source.test.mjs

@@ -0,0 +1,109 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { briefing, getHot, getRedditConfig, getToken } from '../apis/sources/reddit.mjs';
+
+test('Reddit reports missing OAuth credentials without network access', async () => {
+  let calls = 0;
+  const data = await briefing({
+    env: {},
+    delayMs: 0,
+    fetchImpl: async () => {
+      calls++;
+      throw new Error('unexpected network access');
+    },
+  });
+
+  assert.equal(calls, 0);
+  assert.equal(data.status, 'no_credentials');
+  assert.equal(data.error, 'missing_reddit_oauth_credentials');
+  assert.deepEqual(data.missing, ['REDDIT_CLIENT_ID', 'REDDIT_CLIENT_SECRET']);
+});
+
+test('Reddit hot posts require OAuth token and never use public JSON fallback', async () => {
+  const originalFetch = globalThis.fetch;
+  let calledUrl = null;
+  globalThis.fetch = async url => {
+    calledUrl = url;
+    throw new Error('unexpected public fallback');
+  };
+
+  try {
+    const data = await getHot('worldnews');
+    assert.equal(calledUrl, null);
+    assert.equal(data.status, 'no_credentials');
+    assert.equal(data.error, 'reddit_oauth_required');
+  } finally {
+    globalThis.fetch = originalFetch;
+  }
+});
+
+test('Reddit classifies OAuth HTTP failure without exposing secrets', async () => {
+  const result = await getToken({
+    env: { REDDIT_CLIENT_ID: 'client-id', REDDIT_CLIENT_SECRET: 'client-secret' },
+    fetchImpl: async () => ({
+      ok: false,
+      status: 401,
+      text: async () => 'invalid client',
+    }),
+  });
+
+  assert.equal(result.ok, false);
+  assert.equal(result.status, 'auth_failed');
+  assert.equal(result.error, 'reddit_oauth_http_401');
+  assert.doesNotMatch(JSON.stringify(result), /client-secret/);
+});
+
+test('Reddit fetches hot posts through oauth.reddit.com when configured', async () => {
+  const originalFetch = globalThis.fetch;
+  const urls = [];
+  globalThis.fetch = async url => {
+    urls.push(String(url));
+    if (String(url).includes('/api/v1/access_token')) {
+      return {
+        ok: true,
+        status: 200,
+        json: async () => ({ access_token: 'test-token' }),
+      };
+    }
+    return {
+      ok: true,
+      status: 200,
+      headers: { get: () => 'application/json' },
+      text: async () => JSON.stringify({
+        data: {
+          children: [
+            {
+              data: {
+                title: 'Market stress headline',
+                score: 42,
+                num_comments: 7,
+                url: 'https://example.test/post',
+                created_utc: 1700000000,
+              },
+            },
+          ],
+        },
+      }),
+    };
+  };
+
+  try {
+    const data = await briefing({
+      env: { REDDIT_CLIENT_ID: 'client-id', REDDIT_CLIENT_SECRET: 'client-secret' },
+      subreddits: ['worldnews'],
+      delayMs: 0,
+    });
+
+    assert.equal(data.status, 'ok');
+    assert.equal(data.subreddits.worldnews[0].title, 'Market stress headline');
+    assert.ok(urls.some(url => url === 'https://www.reddit.com/api/v1/access_token'));
+    assert.ok(urls.some(url => url.startsWith('https://oauth.reddit.com/r/worldnews/hot')));
+    assert.equal(urls.some(url => url.includes('hot.json')), false);
+  } finally {
+    globalThis.fetch = originalFetch;
+  }
+});
+
+test('Reddit config reports partial credential state', () => {
+  assert.deepEqual(getRedditConfig({ REDDIT_CLIENT_ID: 'id' }).missing, ['REDDIT_CLIENT_SECRET']);
+});