fix: Incomplete authentication on AI Agent endpoint (GHSA-qwc3-h9mg-4582)

[mtrezza]

Pull Request

• Report security issues confidentially.
• Any contribution is under this license.

Issue

Fixes security vulnerability GHSA-qwc3-h9mg-4582.

Tasks

• Add tests

Summary by CodeRabbit

• New Features

  • Per-app conversation histories and app-scoped context for model requests
  • Agent endpoint routed through authentication + CSRF middleware with centralized handler
  • Per-app read-only handling that uses read-only credentials when applicable

• Bug Fixes

  • Enforced per-app access control with explicit 403 for unauthorized access
  • Robust read-only enforcement (write permissions cleared, credentials substituted)
  • Validation for missing message/model/app and clearer 400/401/403 errors; improved debug app reporting

• Tests

  • Comprehensive authorization and CSRF tests for agent endpoint across roles and app scopes

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Extracts agent POST handling into a new agentHandler, enforces per-app access and read-only semantics, builds a shallow non-mutating appContext (resolving master/readOnly keys via cache), recomputes effectivePermissions for read-only, validates inputs/configs, and forwards requests to the OpenAI caller behind auth+CSRF middleware.

Changes

Cohort / File(s)	Summary
Agent endpoint & access control Parse-Dashboard/app.js	Moved inline agent route into agentHandler, mounted via auth→CSRF middleware. Adds per-app access checks, read-only detection, appContext shallow copy with resolved master/readOnly keys (via ConfigKeyCache), robust input/config validation, explicit 400/401/403 responses, and updated debug payload reporting appContext.appId.
Permissions, histories & OpenAI flow Parse-Dashboard/app.js	Recomputes effectivePermissions as empty for read-only, enforces executeDatabaseFunction permission checks, restricts to OpenAI provider/models, integrates per-app conversation histories, and forwards requests using appContext and adjusted permissions.
Agent endpoint tests src/lib/tests/AgentAuth.test.js	Adds comprehensive tests for agent endpoint auth/CSRF/per-app permissions including session mocks for admin, readonly, appadmin, and appreadonly roles; verifies 401/403 behavior and read-only enforcement across apps.

Sequence Diagram

sequenceDiagram
    participant Client as Client
    participant Router as Router (auth, csrf)
    participant Agent as agentHandler
    participant Cache as ConfigKeyCache
    participant Authz as Access Control
    participant OpenAI as OpenAI Service

    Client->>Router: POST /apps/:appId/agent (message, modelName, appId)
    Router->>Agent: pass if auth & CSRF OK
    Agent->>Authz: verify user access to appId & permissions
    alt access denied
        Authz-->>Client: 401/403
    else access granted
        Agent->>Cache: resolve masterKey / readOnlyMasterKey (cache key varies)
        Agent->>Agent: build shallow appContext, set effectivePermissions (empty if read-only)
        Agent->>OpenAI: call with appContext & effectivePermissions
        OpenAI-->>Client: response
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• parse-community/parse-dashboard#2954: Modifies the agent endpoint and related OpenAI/agent functions; likely overlaps in agent handling and key resolution.
• parse-community/parse-dashboard#3188: Changes CSRF/middleware wiring used by the agent route; directly related to the new middleware chain.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description uses the template but leaves key sections (Issue and Approach) empty without describing the actual changes, though it does mark tests as added.	Complete the Issue section with a link or description of the security problem, and fill the Approach section with a summary of how authentication and per-app access control were implemented.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding incomplete authentication to the AI Agent endpoint, which aligns with the core security fix implemented in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Parse-Dashboard/app.js`:
- Around line 250-258: The agent endpoint fails to resolve function-typed master
keys and mutates appConfig: ensure both read-only and non-read-only paths create
a shallow copy (use appContext = { ...appConfig }) and resolve function-typed
keys before passing to Parse by calling ConfigKeyCache.get() for masterKey and
readOnlyMasterKey (respecting masterKeyTtl semantics) so that
appContext.masterKey is a resolved string when used in
Parse.initialize(appContext.appId, undefined, appContext.masterKey).
- Around line 201-207: The POST handler for '/apps/:appId/agent' is missing CSRF
validation; update the route to apply the same CSRF middleware used in /login by
adding Authentication.csrfProtection to the route middleware chain for the
'/apps/:appId/agent' POST handler (so the check runs before the async handler
and after session/auth), ensuring existing authentication logic (req.user and
users check) remains intact.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Parse-Dashboard/app.js`:
- Around line 245-257: The cache key collision occurs because when isReadOnly is
true you assign appConfig.readOnlyMasterKey into appContext.masterKey but still
call ConfigKeyCache.get(..., 'masterKey', ...), causing read-only and regular
master keys to share the same cache slot; update the call to ConfigKeyCache.get
to use a distinct key name (e.g., 'readOnlyMasterKey') when isReadOnly is true
(while keeping 'masterKey' for normal requests), and apply the same change to
the analogous code in the config endpoint that also calls ConfigKeyCache.get for
master keys.
- Around line 328-340: The dashboard SPA cannot get a CSRF token because the
splat route that serves the dashboard bundle doesn’t run
Authentication.csrfProtection, so frontend POSTs to the agent endpoint
(app.post('/apps/:appId/agent') handled by agentHandler) always 403 under
csrfSynchronisedProtection; fix by either running Authentication.csrfProtection
on the dashboard splat route so the rendered bundle can embed req.csrfToken(),
or add a small GET endpoint (e.g. /csrf-token) that invokes
Authentication.csrfProtection and returns req.csrfToken() to the SPA before it
posts to /apps/:appId/agent, ensuring the SPA can send the token in
req.body._csrf or x-csrf-token as expected.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

Parse-Dashboard/app.js (4)

273-275: Fragile placeholder API key detection.

apiKey.includes('xxx') will match legitimate API keys that happen to contain the substring xxx. A more targeted check would test for the exact placeholder value or check that the key matches a known format (e.g., OpenAI keys start with sk-).

🔧 Suggested improvement

-        if (apiKey === 'xxxxx' || apiKey.includes('xxx')) {
+        if (apiKey === 'xxxxx' || apiKey === 'your-api-key-here' || apiKey.startsWith('sk-xxx')) {
           return res.status(400).json({ error: 'Please replace the placeholder API key with your actual API key' });
         }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Parse-Dashboard/app.js` around lines 273 - 275, The current placeholder
detection uses apiKey.includes('xxx') which can falsely match valid keys; update
the check in the if block that references apiKey so it only rejects exact
placeholder values (e.g., 'xxxxx') or keys that don't match the expected
provider format—for example require the key to start with the expected prefix
like 'sk-' for OpenAI—so change the condition to validate either exact
placeholder equality OR a format/prefix test on apiKey and return the 400 only
when the key is exactly the placeholder or fails the format check.

---

312-312: substr is deprecated; prefer substring or slice.

String.prototype.substr is a legacy method. The codebase also uses crypto.randomUUID() elsewhere — consider using that for consistency.

♻️ Suggested fix

-        const finalConversationId = conversationId || `conv_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+        const finalConversationId = conversationId || `conv_${Date.now()}_${crypto.randomUUID().slice(0, 9)}`;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Parse-Dashboard/app.js` at line 312, Replace the legacy substr usage when
building finalConversationId: instead of using
Math.random().toString(36).substr(...), generate a stable unique ID with
crypto.randomUUID() and concatenate it with Date.now(); update the
finalConversationId expression (the variable named finalConversationId that
falls back from conversationId) to use `crypto.randomUUID()` (or use
String.prototype.slice/substring if you must) and ensure the environment
provides crypto (import from 'crypto' if not global).

---

227-230: App lookup uses URL-friendly name, but appId param name implies a Parse appId.

The route parameter is :appId, but line 227 matches against appNameForURL || appName, not the actual appId field. This naming mismatch could confuse maintainers and API consumers. If the parameter represents a URL-friendly app name, consider renaming it to :appSlug or :appName in the route definition, or document the lookup behavior inline.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Parse-Dashboard/app.js` around lines 227 - 230, The lookup uses
config.apps.find(a => (a.appNameForURL || a.appName) === appId) but the route
parameter is named appId, which is misleading; either change the route parameter
to a URL-friendly name (e.g. :appSlug or :appName) and update any references to
request param accordingly, or change the lookup to compare against the actual
Parse appId field (e.g. a.appId) so the variable name matches behavior; update
the route definition or the find predicate and adjust any tests/docs to reflect
the chosen name.

---

325-329: Error response leaks full internal error messages to clients.

Line 327 returns error.message verbatim to the HTTP response. For unexpected errors (database connection strings, internal stack details, etc.), this can expose sensitive server internals. Consider logging the full error server-side and returning a generic message for 500-level errors, while keeping specific messages for known/expected error types.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Parse-Dashboard/app.js` around lines 325 - 329, The catch block currently
returns error.message directly to clients (res.status(500).json({ error: `Error:
${errorMessage}` })), which can leak sensitive internals; change it to log the
full error server-side (e.g., logger.error or console.error(error)) and return a
generic 500 response like "Internal server error" while preserving specific
messages only for known/expected error types (inspect error.constructor/name or
use instanceof checks and map those to safe client messages). Ensure you update
the catch block where res.status and error.message are used so logging records
the full error but the HTTP response contains a non-sensitive, generic message.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Parse-Dashboard/app.js`:
- Around line 202-206: The code mutates the global Parse singleton (via
Parse.initialize, Parse.serverURL, Parse.masterKey) inside
executeDatabaseFunction which races across concurrent requests from
makeOpenAIRequest; change executeDatabaseFunction to avoid touching the global
Parse singleton by creating and using an isolated Parse client per request (or
switch to direct REST API calls) and thread that client through
makeOpenAIRequest and any tool functions instead of calling Parse.initialize
globally; update all callers to accept the per-request Parse client (or a
short-lived REST helper) so each agent request uses its own Parse configuration
and no global state is mutated.

---

Duplicate comments:
In `@Parse-Dashboard/app.js`:
- Around line 332-342: The SPA lacks a CSRF token source so POSTs to
app.post('/apps/:appId/agent') (which uses Authentication.csrfProtection) get
403; add a small authenticated GET endpoint (e.g., app.get('/csrf-token',
authMiddleware, Authentication.csrfProtection, tokenHandler)) that calls
req.csrfToken() and returns it as JSON, or alternatively apply
Authentication.csrfProtection to the splat/dashboard route and render
req.csrfToken() into the served page; reference Authentication.csrfProtection,
app.post('/apps/:appId/agent') and the splat/dashboard route when making the
change.

---

Nitpick comments:
In `@Parse-Dashboard/app.js`:
- Around line 273-275: The current placeholder detection uses
apiKey.includes('xxx') which can falsely match valid keys; update the check in
the if block that references apiKey so it only rejects exact placeholder values
(e.g., 'xxxxx') or keys that don't match the expected provider format—for
example require the key to start with the expected prefix like 'sk-' for
OpenAI—so change the condition to validate either exact placeholder equality OR
a format/prefix test on apiKey and return the 400 only when the key is exactly
the placeholder or fails the format check.
- Line 312: Replace the legacy substr usage when building finalConversationId:
instead of using Math.random().toString(36).substr(...), generate a stable
unique ID with crypto.randomUUID() and concatenate it with Date.now(); update
the finalConversationId expression (the variable named finalConversationId that
falls back from conversationId) to use `crypto.randomUUID()` (or use
String.prototype.slice/substring if you must) and ensure the environment
provides crypto (import from 'crypto' if not global).
- Around line 227-230: The lookup uses config.apps.find(a => (a.appNameForURL ||
a.appName) === appId) but the route parameter is named appId, which is
misleading; either change the route parameter to a URL-friendly name (e.g.
:appSlug or :appName) and update any references to request param accordingly, or
change the lookup to compare against the actual Parse appId field (e.g. a.appId)
so the variable name matches behavior; update the route definition or the find
predicate and adjust any tests/docs to reflect the chosen name.
- Around line 325-329: The catch block currently returns error.message directly
to clients (res.status(500).json({ error: `Error: ${errorMessage}` })), which
can leak sensitive internals; change it to log the full error server-side (e.g.,
logger.error or console.error(error)) and return a generic 500 response like
"Internal server error" while preserving specific messages only for
known/expected error types (inspect error.constructor/name or use instanceof
checks and map those to safe client messages). Ensure you update the catch block
where res.status and error.message are used so logging records the full error
but the HTTP response contains a non-sensitive, generic message.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

src/lib/tests/AgentAuth.test.js (3)

364-374: Missing access-denied test for appreadonly on an unassigned app.

The suite tests that appadmin is denied SecretApp (line 310), but there is no symmetric test confirming that appreadonly is also denied SecretApp. Since appreadonly only has testAppId in its apps list, a request to /apps/SecretApp/agent should return 403. Without this test, a regression in per-app access enforcement for read-only users could go undetected.

💡 Suggested additional test

it('returns 403 when per-app read-only user tries to access an unassigned app', async () => {
  const res = await makeRequest(port, {
    method: 'POST',
    path: '/apps/SecretApp/agent',
    body: agentBody(),
    cookie: appreadonlyCookie,
    headers: { 'X-CSRF-Token': CSRF_TOKEN },
  });
  expect(res.status).toBe(403);
});

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/tests/AgentAuth.test.js` around lines 364 - 374, Add a test that
verifies a per-app read-only user (appreadonlyCookie) is denied access to an
unassigned app by calling makeRequest with method 'POST', path
'/apps/SecretApp/agent', body from agentBody(), and header 'X-CSRF-Token' set to
CSRF_TOKEN, then assert res.status === 403; place it alongside the existing
per-app access tests so it mirrors the existing appadmin denial check but uses
appreadonlyCookie to confirm read-only users can't access apps not in their apps
list.

---

29-57: bodyStr computed but unused in req.write.

JSON.stringify(body) is called twice — once for the Content-Length header (line 30) and again inside req.write (line 56). Use the already-computed bodyStr for the write to avoid duplicate serialization.

♻️ Proposed refactor

 if (body) {
   const bodyStr = JSON.stringify(body);
   options.headers['Content-Type'] = 'application/json';
   options.headers['Content-Length'] = Buffer.byteLength(bodyStr);
 }
 // ...
 if (body) {
-  req.write(JSON.stringify(body));
+  req.write(bodyStr);
 }

Since bodyStr is declared inside the if (body) block on line 29, hoist it to the outer scope (or restructure the two blocks) so the variable is accessible in the second if:

+let bodyStr;
 if (body) {
-  const bodyStr = JSON.stringify(body);
+  bodyStr = JSON.stringify(body);
   options.headers['Content-Type'] = 'application/json';
   options.headers['Content-Length'] = Buffer.byteLength(bodyStr);
 }
 // ...
 if (body) {
-  req.write(JSON.stringify(body));
+  req.write(bodyStr);
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/tests/AgentAuth.test.js` around lines 29 - 57, The test helper
currently serializes body twice (JSON.stringify called for Content-Length and
again in req.write); hoist or declare a variable (bodyStr) in the outer scope,
set bodyStr = JSON.stringify(body) inside the existing if (body) block, use
Buffer.byteLength(bodyStr) to set options.headers['Content-Length'], and replace
the second JSON.stringify(body) used in req.write with req.write(bodyStr) so the
same serialized string is reused; update references to options.headers and
req.write accordingly.

---

270-281: Prefer a positive assertion over dual negative assertions.

The comment on line 278 explicitly states 500 expected since authentication passes but the OpenAI call fails with the fake API key. Asserting toBe(500) is more precise and would catch regressions where the handler returns, say, 400 or 200 due to a future logic change — both of which would silently pass the current dual-negative guard. The same pattern applies to lines 306–307, 334–335, 356–357, and 372–373.

♻️ Proposed refactor (example for lines 279-280; apply similarly to other "allowed" tests)

-    expect(res.status).not.toBe(401);
-    expect(res.status).not.toBe(403);
+    // Auth passes; OpenAI call fails with fake key → 500
+    expect(res.status).toBe(500);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/tests/AgentAuth.test.js` around lines 270 - 281, Replace the dual
negative assertions that check authentication succeeded
(expect(res.status).not.toBe(401); expect(res.status).not.toBe(403);) with a
single positive assertion expecting the known failure status
(expect(res.status).toBe(500)) in the test "allows authenticated full admin to
reach the agent handler" (the test that calls makeRequest with agentBody(),
adminCookie and CSRF_TOKEN); do the same replacement for the other "allowed"
tests that currently assert .not.toBe(401)/.not.toBe(403) so each explicitly
asserts the expected 500 status returned from the OpenAI call failure.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/tests/AgentAuth.test.js`:
- Around line 338-358: The test name is misleading: it claims server-side
behavior (masterKey -> readOnlyMasterKey swap and clearing write permissions)
that the HTTP assertions in the test do not verify; rename the test to something
accurate (e.g., "allows read-only user to submit write permissions without being
rejected at the auth layer") and/or add a unit test that exercises agentHandler
with a spy/mock of the downstream caller (e.g., the OpenAI/Parse API caller used
by agentHandler) to capture forwarded keys and permissions; specifically, in
tests that use makeRequest, agentBody, readonlyCookie and CSRF_TOKEN either
rename the existing it(...) string to match what is actually asserted or add a
new unit test that stubs the OpenAI caller or Parse client and asserts that
agentHandler swapped masterKey to readOnlyMasterKey and replaced permissions
with {} before forwarding.
- Around line 72-75: MockSessionStore.get currently does JSON.parse(sess)
directly which can throw synchronously; wrap the parse in a try/catch inside
get(sid, callback) so any SyntaxError from JSON.parse is caught and forwarded to
callback(err) (e.g., callback(err) or callback(err, null)) instead of letting it
escape, and return callback(null, parsed) on success; reference the
MockSessionStore.get implementation and this.sessions[sid] when applying the
change.
- Line 14: The test imports cookieSignature from an internal transitive path
which is fragile; add "cookie-signature" to devDependencies in package.json and
change the import in AgentAuth.test.js from
require('express-session/node_modules/cookie-signature') to
require('cookie-signature') (update any variable name cookieSignature
accordingly) so the module is resolved from the top-level node_modules.

---

Nitpick comments:
In `@src/lib/tests/AgentAuth.test.js`:
- Around line 364-374: Add a test that verifies a per-app read-only user
(appreadonlyCookie) is denied access to an unassigned app by calling makeRequest
with method 'POST', path '/apps/SecretApp/agent', body from agentBody(), and
header 'X-CSRF-Token' set to CSRF_TOKEN, then assert res.status === 403; place
it alongside the existing per-app access tests so it mirrors the existing
appadmin denial check but uses appreadonlyCookie to confirm read-only users
can't access apps not in their apps list.
- Around line 29-57: The test helper currently serializes body twice
(JSON.stringify called for Content-Length and again in req.write); hoist or
declare a variable (bodyStr) in the outer scope, set bodyStr =
JSON.stringify(body) inside the existing if (body) block, use
Buffer.byteLength(bodyStr) to set options.headers['Content-Length'], and replace
the second JSON.stringify(body) used in req.write with req.write(bodyStr) so the
same serialized string is reused; update references to options.headers and
req.write accordingly.
- Around line 270-281: Replace the dual negative assertions that check
authentication succeeded (expect(res.status).not.toBe(401);
expect(res.status).not.toBe(403);) with a single positive assertion expecting
the known failure status (expect(res.status).toBe(500)) in the test "allows
authenticated full admin to reach the agent handler" (the test that calls
makeRequest with agentBody(), adminCookie and CSRF_TOKEN); do the same
replacement for the other "allowed" tests that currently assert
.not.toBe(401)/.not.toBe(403) so each explicitly asserts the expected 500 status
returned from the OpenAI call failure.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check whether cookie-signature is a declared (dev)dependency in package.json
# and whether it exists at the top-level node_modules.

echo "=== package.json dependency entries ==="
rg '"cookie-signature"' package.json

echo ""
echo "=== Top-level node_modules ==="
fd -t d "^cookie-signature$" node_modules --max-depth 1

echo ""
echo "=== Nested under express-session ==="
fd -t d "^cookie-signature$" node_modules/express-session/node_modules --max-depth 1

echo ""
echo "=== Full node_modules tree for cookie-signature ==="
fd -t d "^cookie-signature$" node_modules

Repository: parse-community/parse-dashboard

Length of output: 583

---

🏁 Script executed:

#!/bin/bash
# Read package.json to check for cookie-signature declaration
echo "=== package.json (full content for dependency check) ==="
cat package.json | jq '.dependencies, .devDependencies' 2>/dev/null || cat package.json | grep -A 50 '"dependencies"' | head -100

echo ""
echo "=== Line 14 of AgentAuth.test.js ==="
sed -n '1,20p' src/lib/tests/AgentAuth.test.js

Repository: parse-community/parse-dashboard

Length of output: 3531

---

🏁 Script executed:

#!/bin/bash
echo "=== Usages of cookieSignature in AgentAuth.test.js ==="
rg 'cookieSignature' src/lib/tests/AgentAuth.test.js -n

Repository: parse-community/parse-dashboard

Length of output: 282

---

Fix fragile import from transitive dependency's internal node_modules.

require('express-session/node_modules/cookie-signature') imports from an undocumented, internal dependency path. With standard npm hoisting (npm's default behavior), cookie-signature resolves to node_modules/cookie-signature, not nested under express-session. This will cause a runtime MODULE_NOT_FOUND error when the test file loads.

Add cookie-signature as a devDependency in package.json and update the import:

Diff

-const cookieSignature = require('express-session/node_modules/cookie-signature');
+const cookieSignature = require('cookie-signature');

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const cookieSignature = require('express-session/node_modules/cookie-signature');
	const cookieSignature = require('cookie-signature');

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/tests/AgentAuth.test.js` at line 14, The test imports cookieSignature
from an internal transitive path which is fragile; add "cookie-signature" to
devDependencies in package.json and change the import in AgentAuth.test.js from
require('express-session/node_modules/cookie-signature') to
require('cookie-signature') (update any variable name cookieSignature
accordingly) so the module is resolved from the top-level node_modules.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

JSON.parse in MockSessionStore.get can throw synchronously, violating callback convention.

If sess is somehow a non-JSON value, JSON.parse(sess) throws a SyntaxError that escapes the function uncaught rather than being forwarded as callback(err). The Node.js store contract expects errors to be surfaced via the callback.

🛡️ Proposed fix

 get(sid, callback) {
   const sess = this.sessions[sid];
-  callback(null, sess ? JSON.parse(sess) : null);
+  if (!sess) return callback(null, null);
+  try {
+    callback(null, JSON.parse(sess));
+  } catch (err) {
+    callback(err);
+  }
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	get(sid, callback) {
	const sess = this.sessions[sid];
	callback(null, sess ? JSON.parse(sess) : null);
	}
	get(sid, callback) {
	const sess = this.sessions[sid];
	if (!sess) return callback(null, null);
	try {
	callback(null, JSON.parse(sess));
	} catch (err) {
	callback(err);
	}
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/tests/AgentAuth.test.js` around lines 72 - 75, MockSessionStore.get
currently does JSON.parse(sess) directly which can throw synchronously; wrap the
parse in a try/catch inside get(sid, callback) so any SyntaxError from
JSON.parse is caught and forwarded to callback(err) (e.g., callback(err) or
callback(err, null)) instead of letting it escape, and return callback(null,
parsed) on success; reference the MockSessionStore.get implementation and
this.sessions[sid] when applying the change.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Test name asserts server-side behavior (readOnlyMasterKey swap) that the assertions cannot verify.

The test asserts only that the response is not 401 or 403, which only proves that authentication/authorization passed. The claimed invariant — that the server swaps masterKey → readOnlyMasterKey and clears write permissions — is invisible at the HTTP boundary. If that server-side logic were silently removed, this test would still pass.

Options:

1. Rename the test to accurately describe what is actually being asserted (allows read-only user to submit write permissions without being rejected at the auth layer).
2. Add deeper coverage (e.g., a spy/mock on the OpenAI caller or the Parse API caller to capture which key is forwarded) in a unit test for agentHandler alongside this integration test.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/tests/AgentAuth.test.js` around lines 338 - 358, The test name is
misleading: it claims server-side behavior (masterKey -> readOnlyMasterKey swap
and clearing write permissions) that the HTTP assertions in the test do not
verify; rename the test to something accurate (e.g., "allows read-only user to
submit write permissions without being rejected at the auth layer") and/or add a
unit test that exercises agentHandler with a spy/mock of the downstream caller
(e.g., the OpenAI/Parse API caller used by agentHandler) to capture forwarded
keys and permissions; specifically, in tests that use makeRequest, agentBody,
readonlyCookie and CSRF_TOKEN either rename the existing it(...) string to match
what is actually asserted or add a new unit test that stubs the OpenAI caller or
Parse client and asserts that agentHandler swapped masterKey to
readOnlyMasterKey and replaced permissions with {} before forwarding.

[parseplatformorg]

🎉 This change has been released in version 9.0.0-alpha.8

[parseplatformorg]

🎉 This change has been released in version 9.0.0