From adf3c3af4b869479a0e53500da217b3527d040ed Mon Sep 17 00:00:00 2001 From: Ben Vinegar Date: Thu, 5 Mar 2026 21:28:40 -0500 Subject: [PATCH 1/2] broker: accept org IDs in deprecated workspace aliases --- .env.schema | 7 ++++--- bin/broker-register.test.mjs | 13 +++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/.env.schema b/.env.schema index 9d90b2e..8b6b9a7 100644 --- a/.env.schema +++ b/.env.schema @@ -145,11 +145,12 @@ GATEWAY_BROKER_ORG_ID= # @sensitive=false @type=string SLACK_BROKER_ORG_ID= -# Deprecated workspace/team ID aliases (still accepted for migration) -# @sensitive=false @type=string(startsWith=T) +# Deprecated workspace/team ID aliases (still accepted for migration). +# May contain either legacy Slack workspace IDs (T...) or broker org IDs (org_...). +# @sensitive=false @type=string GATEWAY_BROKER_WORKSPACE_ID= -# @sensitive=false @type=string(startsWith=T) +# @sensitive=false @type=string SLACK_BROKER_WORKSPACE_ID= # Gateway server X25519 private key (base64, preferred) diff --git a/bin/broker-register.test.mjs b/bin/broker-register.test.mjs index d76374c..85120c7 100644 --- a/bin/broker-register.test.mjs +++ b/bin/broker-register.test.mjs @@ -266,6 +266,19 @@ test("runRegistration integration path succeeds against live local HTTP server", } }); +test("env schema accepts org IDs for deprecated workspace aliases", () => { + const schemaPath = path.resolve(".env.schema"); + const lines = fs.readFileSync(schemaPath, "utf8").split(/\r?\n/); + + const gatewayWorkspaceIndex = lines.findIndex((line) => line.startsWith("GATEWAY_BROKER_WORKSPACE_ID=")); + assert.notEqual(gatewayWorkspaceIndex, -1, "GATEWAY_BROKER_WORKSPACE_ID missing from .env.schema"); + assert.equal(lines[gatewayWorkspaceIndex - 1].trim(), "# @sensitive=false @type=string"); + + const slackWorkspaceIndex = lines.findIndex((line) => line.startsWith("SLACK_BROKER_WORKSPACE_ID=")); + assert.notEqual(slackWorkspaceIndex, -1, "SLACK_BROKER_WORKSPACE_ID missing from .env.schema"); + assert.equal(lines[slackWorkspaceIndex - 1].trim(), "# @sensitive=false @type=string"); +}); + test("runRegistration does not write SLACK_BOT_TOKEN even when broker returns encrypted_bot_token", async () => { const fetchImpl = async (url) => { if (String(url).endsWith("/api/broker-pubkey")) { From 8223059f36378b62ce340d7a1443e7a4a05ffd24 Mon Sep 17 00:00:00 2001 From: Ben Vinegar Date: Thu, 5 Mar 2026 21:35:17 -0500 Subject: [PATCH 2/2] tests: anchor env schema path to test file --- bin/broker-register.test.mjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/broker-register.test.mjs b/bin/broker-register.test.mjs index 85120c7..35e6fb9 100644 --- a/bin/broker-register.test.mjs +++ b/bin/broker-register.test.mjs @@ -4,7 +4,7 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; import { createServer } from "node:http"; -import { pathToFileURL } from "node:url"; +import { fileURLToPath, pathToFileURL } from "node:url"; import { parseArgs, normalizeBrokerUrl, @@ -267,7 +267,7 @@ test("runRegistration integration path succeeds against live local HTTP server", }); test("env schema accepts org IDs for deprecated workspace aliases", () => { - const schemaPath = path.resolve(".env.schema"); + const schemaPath = fileURLToPath(new URL("../.env.schema", import.meta.url)); const lines = fs.readFileSync(schemaPath, "utf8").split(/\r?\n/); const gatewayWorkspaceIndex = lines.findIndex((line) => line.startsWith("GATEWAY_BROKER_WORKSPACE_ID="));