@auxiora/browser 1.0.0 → 1.3.0

package/tests/browser-actions.test.ts

@@ -1,185 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { BrowserManager } from '../src/browser-manager.js';
-
-// --- Mock factories ---
-
-function createMockPage(overrides: Record<string, any> = {}) {
-  return {
-    isClosed: vi.fn().mockReturnValue(false),
-    close: vi.fn().mockResolvedValue(undefined),
-    goto: vi.fn().mockResolvedValue(undefined),
-    title: vi.fn().mockResolvedValue('Test Page'),
-    url: vi.fn().mockReturnValue('https://example.com'),
-    content: vi.fn().mockResolvedValue('<html><body><h1>Hello</h1></body></html>'),
-    click: vi.fn().mockResolvedValue(undefined),
-    fill: vi.fn().mockResolvedValue(undefined),
-    screenshot: vi.fn().mockResolvedValue(Buffer.from('fake-png')),
-    $: vi.fn().mockResolvedValue(null),
-    $$eval: vi.fn().mockResolvedValue([]),
-    evaluate: vi.fn().mockResolvedValue({}),
-    waitForSelector: vi.fn().mockResolvedValue(undefined),
-    setViewportSize: vi.fn().mockResolvedValue(undefined),
-    setDefaultNavigationTimeout: vi.fn(),
-    setDefaultTimeout: vi.fn(),
-    keyboard: {
-      press: vi.fn().mockResolvedValue(undefined),
-    },
-    ...overrides,
-  };
-}
-
-function createMockContext(overrides: Record<string, any> = {}) {
-  const mockPage = createMockPage();
-  return {
-    newPage: vi.fn().mockResolvedValue(mockPage),
-    close: vi.fn().mockResolvedValue(undefined),
-    _mockPage: mockPage,
-    ...overrides,
-  };
-}
-
-function createMockBrowser(overrides: Record<string, any> = {}) {
-  const mockContext = createMockContext();
-  return {
-    isConnected: vi.fn().mockReturnValue(true),
-    newContext: vi.fn().mockResolvedValue(mockContext),
-    close: vi.fn().mockResolvedValue(undefined),
-    _mockContext: mockContext,
-    ...overrides,
-  };
-}
-
-// --- Tests ---
-
-describe('BrowserManager Actions', () => {
-  let mockBrowser: ReturnType<typeof createMockBrowser>;
-  let mockPage: ReturnType<typeof createMockPage>;
-  let browserFactory: ReturnType<typeof vi.fn>;
-  let manager: BrowserManager;
-
-  beforeEach(async () => {
-    mockBrowser = createMockBrowser();
-    mockPage = mockBrowser._mockContext._mockPage;
-    browserFactory = vi.fn().mockResolvedValue(mockBrowser);
-    manager = new BrowserManager({
-      browserFactory,
-      config: { screenshotDir: '' } as any,
-    });
-  });
-
-  describe('navigate', () => {
-    it('should return page info after navigation', async () => {
-      const result = await manager.navigate('s1', 'https://example.com');
-      expect(result.url).toBe('https://example.com');
-      expect(result.title).toBe('Test Page');
-      expect(result.content).toBeDefined();
-      expect(mockPage.goto).toHaveBeenCalledWith('https://example.com', { waitUntil: 'domcontentloaded' });
-    });
-
-    it('should reject blocked URLs', async () => {
-      await expect(
-        manager.navigate('s1', 'https://evil.com', )
-      ).resolves.toBeDefined(); // not blocked by default
-
-      const blockedManager = new BrowserManager({
-        browserFactory,
-        config: { blockedUrls: ['evil.com'], screenshotDir: '' } as any,
-      });
-      await expect(
-        blockedManager.navigate('s1', 'https://evil.com')
-      ).rejects.toThrow('blocked');
-    });
-
-    it('should reject private IPs', async () => {
-      await expect(
-        manager.navigate('s1', 'http://127.0.0.1')
-      ).rejects.toThrow('private');
-    });
-  });
-
-  describe('click', () => {
-    it('should call page.click with selector and timeout', async () => {
-      await manager.click('s1', '#btn');
-      expect(mockPage.click).toHaveBeenCalledWith('#btn', expect.objectContaining({ timeout: expect.any(Number) }));
-    });
-  });
-
-  describe('type', () => {
-    it('should fill input with text', async () => {
-      await manager.type('s1', '#input', 'hello');
-      expect(mockPage.fill).toHaveBeenCalledWith('#input', 'hello');
-      expect(mockPage.keyboard.press).not.toHaveBeenCalled();
-    });
-
-    it('should press Enter when requested', async () => {
-      await manager.type('s1', '#input', 'hello', true);
-      expect(mockPage.fill).toHaveBeenCalledWith('#input', 'hello');
-      expect(mockPage.keyboard.press).toHaveBeenCalledWith('Enter');
-    });
-  });
-
-  describe('extract', () => {
-    it('should return elements by selector', async () => {
-      const mockElements = [
-        { text: 'Hello', tagName: 'h1', attributes: { class: 'title' } },
-      ];
-      mockPage.$$eval.mockResolvedValue(mockElements);
-
-      const result = await manager.extract('s1', 'h1');
-      expect(result.selector).toBe('h1');
-      expect(result.elements).toEqual(mockElements);
-    });
-  });
-
-  describe('wait', () => {
-    it('should wait for selector', async () => {
-      await manager.wait('s1', '.loaded');
-      expect(mockPage.waitForSelector).toHaveBeenCalledWith('.loaded', expect.objectContaining({ timeout: expect.any(Number) }));
-    });
-
-    it('should wait for fixed delay', async () => {
-      const start = Date.now();
-      await manager.wait('s1', 50);
-      const elapsed = Date.now() - start;
-      expect(elapsed).toBeGreaterThanOrEqual(40); // allow small timing margin
-    });
-  });
-
-  describe('runScript', () => {
-    it('should return JSON result', async () => {
-      mockPage.evaluate.mockResolvedValue({ answer: 42 });
-      const result = await manager.runScript('s1', 'document.title');
-      expect(result).toBe('{"answer":42}');
-    });
-
-    it('should reject oversized results', async () => {
-      const bigObj = { data: 'x'.repeat(200_000) };
-      mockPage.evaluate.mockResolvedValue(bigObj);
-      await expect(manager.runScript('s1', 'big()')).rejects.toThrow('Result too large');
-    });
-  });
-
-  describe('screenshot', () => {
-    it('should capture full-page screenshot as base64', async () => {
-      const fakeBuffer = Buffer.from('png-data');
-      mockPage.screenshot.mockResolvedValue(fakeBuffer);
-
-      const result = await manager.screenshot('s1');
-      expect(result.base64).toBe(fakeBuffer.toString('base64'));
-      expect(mockPage.screenshot).toHaveBeenCalledWith(expect.objectContaining({ fullPage: true, type: 'png' }));
-    });
-  });
-
-  describe('browse', () => {
-    it('should return mutation message for write tasks', async () => {
-      const result = await manager.browse('s1', 'Click the login button');
-      expect(result.result).toContain('interactions');
-      expect(result.steps).toEqual([]);
-    });
-
-    it('should handle read tasks', async () => {
-      const result = await manager.browse('s1', 'Find the pricing information');
-      expect(result.result).toContain('Browse task queued');
-    });
-  });
-});

package/tests/browser-manager.test.ts

@@ -1,142 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { BrowserManager } from '../src/browser-manager.js';
-
-// --- Mock factories ---
-
-function createMockPage(overrides: Record<string, any> = {}) {
-  return {
-    isClosed: vi.fn().mockReturnValue(false),
-    close: vi.fn().mockResolvedValue(undefined),
-    goto: vi.fn().mockResolvedValue(undefined),
-    title: vi.fn().mockResolvedValue('Test Page'),
-    url: vi.fn().mockReturnValue('https://example.com'),
-    content: vi.fn().mockResolvedValue('<html><body><h1>Hello</h1></body></html>'),
-    click: vi.fn().mockResolvedValue(undefined),
-    fill: vi.fn().mockResolvedValue(undefined),
-    screenshot: vi.fn().mockResolvedValue(Buffer.from('fake-png')),
-    $: vi.fn().mockResolvedValue(null),
-    $$eval: vi.fn().mockResolvedValue([]),
-    evaluate: vi.fn().mockResolvedValue({}),
-    waitForSelector: vi.fn().mockResolvedValue(undefined),
-    setViewportSize: vi.fn().mockResolvedValue(undefined),
-    setDefaultNavigationTimeout: vi.fn(),
-    setDefaultTimeout: vi.fn(),
-    keyboard: {
-      press: vi.fn().mockResolvedValue(undefined),
-    },
-    ...overrides,
-  };
-}
-
-function createMockContext(overrides: Record<string, any> = {}) {
-  const mockPage = createMockPage();
-  return {
-    newPage: vi.fn().mockResolvedValue(mockPage),
-    close: vi.fn().mockResolvedValue(undefined),
-    _mockPage: mockPage,
-    ...overrides,
-  };
-}
-
-function createMockBrowser(overrides: Record<string, any> = {}) {
-  const mockContext = createMockContext();
-  return {
-    isConnected: vi.fn().mockReturnValue(true),
-    newContext: vi.fn().mockResolvedValue(mockContext),
-    close: vi.fn().mockResolvedValue(undefined),
-    _mockContext: mockContext,
-    ...overrides,
-  };
-}
-
-// --- Tests ---
-
-describe('BrowserManager', () => {
-  let mockBrowser: ReturnType<typeof createMockBrowser>;
-  let browserFactory: ReturnType<typeof vi.fn>;
-  let manager: BrowserManager;
-
-  beforeEach(() => {
-    mockBrowser = createMockBrowser();
-    browserFactory = vi.fn().mockResolvedValue(mockBrowser);
-    manager = new BrowserManager({
-      browserFactory,
-      config: { screenshotDir: '' } as any,
-    });
-  });
-
-  describe('launch and shutdown', () => {
-    it('should launch browser on first use', async () => {
-      await manager.launch();
-      expect(browserFactory).toHaveBeenCalledTimes(1);
-      expect(mockBrowser.newContext).toHaveBeenCalledTimes(1);
-    });
-
-    it('should not re-launch if already running', async () => {
-      await manager.launch();
-      await manager.launch();
-      expect(browserFactory).toHaveBeenCalledTimes(1);
-    });
-
-    it('should close all pages and browser on shutdown', async () => {
-      await manager.launch();
-      const page = await manager.getPage('session-1');
-      await manager.shutdown();
-
-      expect(page.close).toHaveBeenCalled();
-      expect(mockBrowser.close).toHaveBeenCalled();
-      expect(manager.getPageCount()).toBe(0);
-    });
-  });
-
-  describe('page lifecycle', () => {
-    it('should create new page for new session', async () => {
-      const page = await manager.getPage('session-1');
-      expect(page).toBeDefined();
-      expect(page.setViewportSize).toHaveBeenCalled();
-      expect(manager.getPageCount()).toBe(1);
-    });
-
-    it('should reuse existing page for same session', async () => {
-      const page1 = await manager.getPage('session-1');
-      const page2 = await manager.getPage('session-1');
-      expect(page1).toBe(page2);
-      expect(manager.getPageCount()).toBe(1);
-    });
-
-    it('should close a specific page', async () => {
-      const page = await manager.getPage('session-1');
-      await manager.closePage('session-1');
-      expect(page.close).toHaveBeenCalled();
-      expect(manager.getPageCount()).toBe(0);
-    });
-
-    it('should enforce max concurrent pages', async () => {
-      const limitedManager = new BrowserManager({
-        browserFactory,
-        config: { maxConcurrentPages: 2, screenshotDir: '' } as any,
-      });
-
-      await limitedManager.getPage('s1');
-      await limitedManager.getPage('s2');
-      await expect(limitedManager.getPage('s3')).rejects.toThrow('Max concurrent pages');
-    });
-  });
-
-  describe('crash recovery', () => {
-    it('should re-launch browser if disconnected', async () => {
-      await manager.getPage('session-1');
-      expect(browserFactory).toHaveBeenCalledTimes(1);
-
-      // Simulate browser crash
-      mockBrowser.isConnected.mockReturnValue(false);
-
-      // Create a new mock browser for re-launch
-      const newMockBrowser = createMockBrowser();
-      browserFactory.mockResolvedValue(newMockBrowser);
-
-      await manager.getPage('session-2');
-      expect(browserFactory).toHaveBeenCalledTimes(2);
-    });
-  });
-});

package/tests/integration.test.ts

@@ -1,141 +0,0 @@
-import { describe, it, expect, afterEach, vi } from 'vitest';
-import { BrowserManager } from '../src/browser-manager.js';
-import { DEFAULT_BROWSER_CONFIG } from '../src/types.js';
-import { validateUrl } from '../src/url-validator.js';
-
-function createMockPage(overrides: any = {}) {
-  return {
-    goto: vi.fn().mockResolvedValue(undefined),
-    title: vi.fn().mockResolvedValue(overrides.title || 'Test Page'),
-    content: vi.fn().mockResolvedValue(
-      overrides.html || '<html><body><h1>Test</h1><p>Content here</p></body></html>'
-    ),
-    url: vi.fn().mockReturnValue(overrides.url || 'https://example.com'),
-    click: vi.fn().mockResolvedValue(undefined),
-    fill: vi.fn().mockResolvedValue(undefined),
-    keyboard: { press: vi.fn().mockResolvedValue(undefined) },
-    screenshot: vi.fn().mockResolvedValue(Buffer.from('screenshot-data')),
-    $: vi.fn().mockResolvedValue(null),
-    $$eval: vi.fn().mockResolvedValue(
-      overrides.elements || [
-        { text: 'Story 1', tagName: 'a', attributes: { href: '/story/1' } },
-        { text: 'Story 2', tagName: 'a', attributes: { href: '/story/2' } },
-      ]
-    ),
-    waitForSelector: vi.fn().mockResolvedValue(undefined),
-    evaluate: vi.fn().mockResolvedValue(overrides.evalResult || null),
-    close: vi.fn().mockResolvedValue(undefined),
-    isClosed: vi.fn().mockReturnValue(false),
-    setViewportSize: vi.fn().mockResolvedValue(undefined),
-    setDefaultNavigationTimeout: vi.fn(),
-    setDefaultTimeout: vi.fn(),
-  };
-}
-
-function createMockBrowser(page: any) {
-  const context = {
-    newPage: vi.fn().mockResolvedValue(page),
-    close: vi.fn().mockResolvedValue(undefined),
-  };
-  return {
-    newContext: vi.fn().mockResolvedValue(context),
-    isConnected: vi.fn().mockReturnValue(true),
-    close: vi.fn().mockResolvedValue(undefined),
-    contexts: vi.fn().mockReturnValue([context]),
-  };
-}
-
-describe('Browser integration', () => {
-  let manager: BrowserManager;
-
-  afterEach(async () => {
-    if (manager) await manager.shutdown();
-  });
-
-  it('should navigate then extract then screenshot flow', async () => {
-    const mockPage = createMockPage({
-      title: 'Hacker News',
-      url: 'https://news.ycombinator.com',
-    });
-    const mockBrowser = createMockBrowser(mockPage);
-
-    manager = new BrowserManager({
-      config: { ...DEFAULT_BROWSER_CONFIG, screenshotDir: '' },
-      browserFactory: vi.fn().mockResolvedValue(mockBrowser),
-    });
-
-    // Navigate
-    const navResult = await manager.navigate('s1', 'https://news.ycombinator.com');
-    expect(navResult.title).toBe('Hacker News');
-    expect(navResult.url).toBe('https://news.ycombinator.com');
-
-    // Extract
-    const extractResult = await manager.extract('s1', '.storylink');
-    expect(extractResult.elements).toHaveLength(2);
-    expect(extractResult.elements[0].text).toBe('Story 1');
-
-    // Screenshot
-    const screenshotResult = await manager.screenshot('s1');
-    expect(screenshotResult.base64).toBeDefined();
-    expect(screenshotResult.base64.length).toBeGreaterThan(0);
-  });
-
-  it('should isolate multi-session pages', async () => {
-    const page1 = createMockPage({ title: 'Page 1', url: 'https://site1.com' });
-    const page2 = createMockPage({ title: 'Page 2', url: 'https://site2.com' });
-
-    let callCount = 0;
-    const context = {
-      newPage: vi.fn().mockImplementation(async () => {
-        callCount++;
-        return callCount === 1 ? page1 : page2;
-      }),
-      close: vi.fn().mockResolvedValue(undefined),
-    };
-
-    const mockBrowser = {
-      newContext: vi.fn().mockResolvedValue(context),
-      isConnected: vi.fn().mockReturnValue(true),
-      close: vi.fn().mockResolvedValue(undefined),
-      contexts: vi.fn().mockReturnValue([context]),
-    };
-
-    manager = new BrowserManager({
-      config: DEFAULT_BROWSER_CONFIG,
-      browserFactory: vi.fn().mockResolvedValue(mockBrowser),
-    });
-
-    const nav1 = await manager.navigate('session-a', 'https://site1.com');
-    const nav2 = await manager.navigate('session-b', 'https://site2.com');
-
-    expect(nav1.title).toBe('Page 1');
-    expect(nav2.title).toBe('Page 2');
-    expect(manager.getPageCount()).toBe(2);
-  });
-
-  it('should enforce URL validation throughout the stack', () => {
-    expect(validateUrl('file:///etc/passwd')).not.toBeNull();
-    expect(validateUrl('javascript:alert(1)')).not.toBeNull();
-    expect(validateUrl('http://127.0.0.1')).not.toBeNull();
-    expect(validateUrl('http://10.0.0.1:8080')).not.toBeNull();
-
-    expect(validateUrl('https://example.com')).toBeNull();
-    expect(validateUrl('https://news.ycombinator.com')).toBeNull();
-  });
-
-  it('should handle browse mutation detection', async () => {
-    const mockPage = createMockPage();
-    const mockBrowser = createMockBrowser(mockPage);
-
-    manager = new BrowserManager({
-      config: DEFAULT_BROWSER_CONFIG,
-      browserFactory: vi.fn().mockResolvedValue(mockBrowser),
-    });
-
-    const mutationResult = await manager.browse('s1', 'click the buy button');
-    expect(mutationResult.result).toContain('primitive browser tools');
-
-    const readResult = await manager.browse('s1', 'get the price of BTC');
-    expect(readResult.result).toBeDefined();
-  });
-});

package/tests/types.test.ts

@@ -1,72 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import type { BrowserConfig, PageInfo, BrowseStep } from '../src/types.js';
-import { DEFAULT_BROWSER_CONFIG, BLOCKED_PROTOCOLS } from '../src/types.js';
-import { isPrivateIP, parseIPv4ToNumber, isNumericHostname, normalizeIPv6 } from '../src/url-validator.js';
-
-describe('Browser types', () => {
-  it('should provide sensible default config', () => {
-    expect(DEFAULT_BROWSER_CONFIG.headless).toBe(true);
-    expect(DEFAULT_BROWSER_CONFIG.viewport).toEqual({ width: 1280, height: 720 });
-    expect(DEFAULT_BROWSER_CONFIG.navigationTimeout).toBe(30_000);
-    expect(DEFAULT_BROWSER_CONFIG.actionTimeout).toBe(10_000);
-    expect(DEFAULT_BROWSER_CONFIG.maxConcurrentPages).toBe(10);
-    expect(DEFAULT_BROWSER_CONFIG.screenshotDir).toBe('screenshots');
-  });
-
-  it('should block dangerous protocols', () => {
-    expect(BLOCKED_PROTOCOLS).toContain('file:');
-    expect(BLOCKED_PROTOCOLS).toContain('javascript:');
-    expect(BLOCKED_PROTOCOLS).not.toContain('https:');
-  });
-
-  it('should detect private IPv4 addresses numerically', () => {
-    expect(isPrivateIP('127.0.0.1')).toBe(true);
-    expect(isPrivateIP('10.0.0.1')).toBe(true);
-    expect(isPrivateIP('192.168.1.1')).toBe(true);
-    expect(isPrivateIP('169.254.169.254')).toBe(true);
-    expect(isPrivateIP('172.16.0.1')).toBe(true);
-    expect(isPrivateIP('172.31.255.255')).toBe(true);
-    expect(isPrivateIP('0.0.0.0')).toBe(true);
-    // Public IPs should not be private
-    expect(isPrivateIP('8.8.8.8')).toBe(false);
-    expect(isPrivateIP('172.32.0.1')).toBe(false);
-    expect(isPrivateIP('1.1.1.1')).toBe(false);
-  });
-
-  it('should detect private IPv6 addresses', () => {
-    expect(isPrivateIP('::1')).toBe(true);
-    expect(isPrivateIP('::ffff:127.0.0.1')).toBe(true);
-    expect(isPrivateIP('::ffff:10.0.0.1')).toBe(true);
-    expect(isPrivateIP('fe80::1')).toBe(true);
-    expect(isPrivateIP('fd00::1')).toBe(true);
-  });
-
-  it('should detect numeric hostname encodings', () => {
-    expect(isNumericHostname('2130706433')).toBe(true);
-    expect(isNumericHostname('0x7f000001')).toBe(true);
-    expect(isNumericHostname('0177.0.0.1')).toBe(true);
-    expect(isNumericHostname('example.com')).toBe(false);
-    expect(isNumericHostname('127.0.0.1')).toBe(false); // standard dotted-decimal is not "numeric encoding"
-  });
-
-  it('should have correct TypeScript types (compile check)', () => {
-    const config: BrowserConfig = {
-      ...DEFAULT_BROWSER_CONFIG,
-      headless: false,
-    };
-    expect(config.headless).toBe(false);
-
-    const pageInfo: PageInfo = {
-      url: 'https://example.com',
-      title: 'Example',
-    };
-    expect(pageInfo.url).toBe('https://example.com');
-
-    const step: BrowseStep = {
-      action: 'navigate',
-      params: { url: 'https://example.com' },
-      result: 'Navigated to Example',
-    };
-    expect(step.action).toBe('navigate');
-  });
-});

package/tests/url-validator.test.ts

@@ -1,151 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { validateUrl } from '../src/url-validator.js';
-
-describe('URL Validator', () => {
-  describe('valid URLs', () => {
-    it('should allow https URLs', () => {
-      expect(validateUrl('https://example.com')).toBeNull();
-    });
-
-    it('should allow http URLs', () => {
-      expect(validateUrl('http://example.com')).toBeNull();
-    });
-
-    it('should allow URLs with paths', () => {
-      expect(validateUrl('https://example.com/path/to/page')).toBeNull();
-    });
-
-    it('should allow URLs with query params', () => {
-      expect(validateUrl('https://example.com?q=search&page=1')).toBeNull();
-    });
-  });
-
-  describe('blocked protocols', () => {
-    it('should block file:// protocol', () => {
-      const error = validateUrl('file:///etc/passwd');
-      expect(error).toContain('protocol');
-    });
-
-    it('should block javascript: protocol', () => {
-      const error = validateUrl('javascript:alert(1)');
-      expect(error).toContain('protocol');
-    });
-
-    it('should block data: protocol', () => {
-      const error = validateUrl('data:text/html,<script>alert(1)</script>');
-      expect(error).toContain('protocol');
-    });
-  });
-
-  describe('private IP blocking', () => {
-    it('should block localhost', () => {
-      const error = validateUrl('http://localhost:3000');
-      expect(error).toContain('private');
-    });
-
-    it('should block 127.0.0.1', () => {
-      const error = validateUrl('http://127.0.0.1');
-      expect(error).toContain('private');
-    });
-
-    it('should block 10.x.x.x', () => {
-      const error = validateUrl('http://10.0.0.1');
-      expect(error).toContain('private');
-    });
-
-    it('should block 192.168.x.x', () => {
-      const error = validateUrl('http://192.168.1.1');
-      expect(error).toContain('private');
-    });
-
-    it('should block 169.254.x.x (link-local)', () => {
-      const error = validateUrl('http://169.254.169.254');
-      expect(error).toContain('private');
-    });
-
-    it('should block 172.16-31.x.x', () => {
-      expect(validateUrl('http://172.16.0.1')).toContain('private');
-      expect(validateUrl('http://172.31.255.255')).toContain('private');
-    });
-
-    it('should allow 172.32.x.x (not private)', () => {
-      expect(validateUrl('http://172.32.0.1')).toBeNull();
-    });
-
-    it('should block 0.0.0.0', () => {
-      const error = validateUrl('http://0.0.0.0');
-      expect(error).toContain('private');
-    });
-  });
-
-  describe('SSRF bypass prevention', () => {
-    it('should block decimal IP encoding (2130706433 = 127.0.0.1)', () => {
-      // Node URL constructor normalizes to 127.0.0.1, caught by private IP check
-      const error = validateUrl('http://2130706433');
-      expect(error).toBeTruthy();
-      expect(error).toContain('private');
-    });
-
-    it('should block hex IP encoding (0x7f000001 = 127.0.0.1)', () => {
-      // Node URL constructor normalizes to 127.0.0.1, caught by private IP check
-      const error = validateUrl('http://0x7f000001');
-      expect(error).toBeTruthy();
-      expect(error).toContain('private');
-    });
-
-    it('should block octal IP encoding (0177.0.0.1 = 127.0.0.1)', () => {
-      // Node URL constructor normalizes to 127.0.0.1, caught by private IP check
-      const error = validateUrl('http://0177.0.0.1');
-      expect(error).toBeTruthy();
-      expect(error).toContain('private');
-    });
-
-    it('should block IPv6 loopback (::1)', () => {
-      const error = validateUrl('http://[::1]');
-      expect(error).toContain('private');
-    });
-
-    it('should block IPv6-mapped 127.0.0.1 (::ffff:127.0.0.1)', () => {
-      const error = validateUrl('http://[::ffff:127.0.0.1]');
-      expect(error).toContain('private');
-    });
-
-    it('should block IPv6-mapped 10.0.0.1 (::ffff:10.0.0.1)', () => {
-      const error = validateUrl('http://[::ffff:10.0.0.1]');
-      expect(error).toContain('private');
-    });
-
-    it('should block subdomain of localhost', () => {
-      const error = validateUrl('http://foo.localhost:3000');
-      expect(error).toContain('private');
-    });
-  });
-
-  describe('invalid URLs', () => {
-    it('should reject empty string', () => {
-      const error = validateUrl('');
-      expect(error).toBeTruthy();
-    });
-
-    it('should reject malformed URLs', () => {
-      const error = validateUrl('not a url');
-      expect(error).toBeTruthy();
-    });
-  });
-
-  describe('allowlist/blocklist', () => {
-    it('should allow private IPs when in allowlist', () => {
-      const error = validateUrl('http://localhost:3000', {
-        allowedUrls: ['localhost'],
-      });
-      expect(error).toBeNull();
-    });
-
-    it('should block URLs in blocklist', () => {
-      const error = validateUrl('https://evil.com/page', {
-        blockedUrls: ['evil.com'],
-      });
-      expect(error).toContain('blocked');
-    });
-  });
-});