gitmost/apps/server/src/integrations/ai/ai-settings.service.spec.ts

import { AiSettingsService } from './ai-settings.service';

// Unit tests for the partial-merge behaviour of AiSettingsService.update and the
// key-fallback behaviour of resolve. Constructed directly with stub deps (no
// Nest graph): we assert exactly which repo calls fire for a given partial DTO,
// proving the realtime STT fields merge in without clobbering chat fields and
// that an empty patch writes nothing.

interface Deps {
  updateAiProviderSettings: jest.Mock;
  readProviderResult?: Record<string, unknown>;
  getMaskedResult?: unknown;
}

function buildService(deps: Deps) {
  const workspaceRepo = {
    updateAiProviderSettings: deps.updateAiProviderSettings,
    // findById feeds the private readProvider() (target-driver resolution).
    findById: jest.fn().mockResolvedValue({
      settings: { ai: { provider: deps.readProviderResult ?? {} } },
    }),
  };
  const aiProviderCredentialsRepo = {
    find: jest.fn(),
    upsert: jest.fn(),
    clearKey: jest.fn(),
    upsertEmbeddingKey: jest.fn(),
    clearEmbeddingKey: jest.fn(),
    upsertSttKey: jest.fn(),
    clearSttKey: jest.fn(),
  };
  const secretBox = {
    encryptSecret: jest.fn((v: string) => `enc(${v})`),
    decryptSecret: jest.fn((v: string) => `dec(${v})`),
  };
  const pageEmbeddingRepo = { countIndexedPages: jest.fn().mockResolvedValue(0) };
  const pageRepo = { countEmbeddablePages: jest.fn().mockResolvedValue(0) };

  const service = new AiSettingsService(
    workspaceRepo as any,
    {} as any, // aiAgentRoleRepo
    aiProviderCredentialsRepo as any,
    pageEmbeddingRepo as any,
    pageRepo as any,
    secretBox as any,
    {} as any, // aiQueue
  );

  // getMasked is exercised at the end of update(); stub it so update() resolves
  // without a second repo round-trip we don't care about here.
  jest
    .spyOn(service, 'getMasked')
    .mockResolvedValue((deps.getMaskedResult ?? {}) as any);

  return { service, workspaceRepo, aiProviderCredentialsRepo, secretBox };
}

describe('AiSettingsService.update partial merge', () => {
  it('a DTO with only realtime fields patches exactly those keys', async () => {
    const updateAiProviderSettings = jest.fn().mockResolvedValue(undefined);
    const { service } = buildService({ updateAiProviderSettings });

    await service.update('w1', {
      sttRealtimeModel: 'gpt-4o-realtime',
      sttRealtimeBaseUrl: 'https://api.example.com/v1',
    });

    expect(updateAiProviderSettings).toHaveBeenCalledTimes(1);
    const [, patch] = updateAiProviderSettings.mock.calls[0];
    expect(Object.keys(patch).sort()).toEqual(
      ['sttRealtimeBaseUrl', 'sttRealtimeModel'].sort(),
    );
  });

  it('a DTO with chatModel does NOT clobber realtime fields (only chatModel patched)', async () => {
    const updateAiProviderSettings = jest.fn().mockResolvedValue(undefined);
    const { service } = buildService({ updateAiProviderSettings });

    await service.update('w1', { chatModel: 'gpt-4o' });

    const [, patch] = updateAiProviderSettings.mock.calls[0];
    expect(patch).toEqual({ chatModel: 'gpt-4o' });
    expect(patch).not.toHaveProperty('sttRealtimeModel');
    expect(patch).not.toHaveProperty('sttRealtimeBaseUrl');
  });

  it('an empty patch never calls updateAiProviderSettings', async () => {
    const updateAiProviderSettings = jest.fn().mockResolvedValue(undefined);
    const { service } = buildService({ updateAiProviderSettings });

    await service.update('w1', {});

    expect(updateAiProviderSettings).not.toHaveBeenCalled();
  });
});

describe('AiSettingsService.resolve STT key fallback', () => {
  it('uses the STT-specific key when sttApiKeyEnc is present (decrypt)', async () => {
    const { service, aiProviderCredentialsRepo, secretBox } = buildService({
      updateAiProviderSettings: jest.fn(),
      readProviderResult: { driver: 'openai', chatModel: 'gpt-4o' },
    });
    aiProviderCredentialsRepo.find.mockResolvedValue({
      apiKeyEnc: 'CHAT',
      sttApiKeyEnc: 'STT',
    });

    const cfg = await service.resolve('w1');

    expect(cfg?.sttApiKey).toBe('dec(STT)');
    expect(secretBox.decryptSecret).toHaveBeenCalledWith('STT');
  });

  it('falls back to the chat apiKey when sttApiKeyEnc is absent', async () => {
    const { service, aiProviderCredentialsRepo } = buildService({
      updateAiProviderSettings: jest.fn(),
      readProviderResult: { driver: 'openai', chatModel: 'gpt-4o' },
    });
    aiProviderCredentialsRepo.find.mockResolvedValue({
      apiKeyEnc: 'CHAT',
      // no sttApiKeyEnc
    });

    const cfg = await service.resolve('w1');

    // sttApiKey === the resolved chat apiKey (dec(CHAT)).
    expect(cfg?.sttApiKey).toBe('dec(CHAT)');
    expect(cfg?.apiKey).toBe('dec(CHAT)');
  });
});