@cortexmemory/cli 0.27.1 → 0.27.3

package/templates/vercel-ai-quickstart/tests/integration/conversations.test.ts

@@ -0,0 +1,461 @@
+/**
+ * Integration Tests: Conversations API Routes
+ *
+ * Tests the conversations API routes with mocked Cortex SDK.
+ */
+
+import {
+  createMockCortex,
+  resetMockStores,
+  seedTestData,
+  type MockCortex,
+} from "../helpers/mock-cortex";
+
+// Mock the Cortex SDK module
+let mockCortex: MockCortex;
+
+jest.mock("../../lib/cortex", () => ({
+  getCortex: () => mockCortex,
+}));
+
+// Import route handlers after mocking
+import {
+  GET as conversationsGet,
+  POST as conversationsPost,
+  DELETE as conversationsDelete,
+} from "../../app/api/conversations/route";
+
+/**
+ * Helper to create a mock Request object
+ */
+function createRequest(
+  method: string,
+  options: {
+    body?: Record<string, unknown>;
+    searchParams?: Record<string, string>;
+  } = {}
+): Request {
+  const url = new URL("http://localhost:3000/api/conversations");
+
+  if (options.searchParams) {
+    Object.entries(options.searchParams).forEach(([key, value]) => {
+      url.searchParams.set(key, value);
+    });
+  }
+
+  const init: RequestInit = { method };
+  if (options.body) {
+    init.body = JSON.stringify(options.body);
+    init.headers = { "Content-Type": "application/json" };
+  }
+
+  return new Request(url.toString(), init);
+}
+
+/**
+ * Helper to parse JSON response
+ */
+async function parseResponse(response: Response): Promise<{
+  status: number;
+  data: Record<string, unknown>;
+}> {
+  const data = await response.json();
+  return { status: response.status, data };
+}
+
+describe("Conversations API Routes", () => {
+  beforeEach(() => {
+    resetMockStores();
+    mockCortex = createMockCortex();
+  });
+
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // GET /api/conversations
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("GET /api/conversations", () => {
+    it("should return 400 if userId is missing and no conversationId", async () => {
+      const request = createRequest("GET");
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(400);
+      expect(data.error).toBe("userId is required");
+    });
+
+    it("should return single conversation with messages when conversationId is provided", async () => {
+      // Seed conversation with messages
+      seedTestData.conversation("conv-with-messages", {
+        userId: "testuser",
+        title: "Test Conversation",
+        messages: [
+          { role: "user", content: "Hello" },
+          { role: "assistant", content: "Hi there!" },
+        ],
+      });
+
+      const request = createRequest("GET", {
+        searchParams: { conversationId: "conv-with-messages" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      expect(data.conversation).toBeDefined();
+      expect((data.conversation as { id: string }).id).toBe("conv-with-messages");
+      expect((data.conversation as { title: string }).title).toBe("Test Conversation");
+      expect(data.messages).toBeDefined();
+      expect((data.messages as unknown[]).length).toBe(2);
+    });
+
+    it("should return 404 when conversationId is not found", async () => {
+      const request = createRequest("GET", {
+        searchParams: { conversationId: "nonexistent-conv" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(404);
+      expect(data.error).toBe("Conversation not found");
+    });
+
+    it("should return empty array for user with no conversations", async () => {
+      const request = createRequest("GET", {
+        searchParams: { userId: "newuser" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      expect(data.conversations).toEqual([]);
+    });
+
+    it("should return conversations for user", async () => {
+      // Seed conversations
+      seedTestData.conversation("conv-1", {
+        userId: "testuser",
+        title: "First Chat",
+      });
+      seedTestData.conversation("conv-2", {
+        userId: "testuser",
+        title: "Second Chat",
+      });
+
+      const request = createRequest("GET", {
+        searchParams: { userId: "testuser" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      expect((data.conversations as unknown[]).length).toBe(2);
+
+      const conversations = data.conversations as {
+        id: string;
+        title: string;
+      }[];
+      expect(conversations.map((c) => c.id)).toContain("conv-1");
+      expect(conversations.map((c) => c.id)).toContain("conv-2");
+    });
+
+    it("should filter conversations by memorySpaceId", async () => {
+      // Seed conversations in different memory spaces
+      seedTestData.conversation("conv-1", {
+        userId: "testuser",
+        memorySpaceId: "space-a",
+        title: "Space A Chat",
+      });
+      seedTestData.conversation("conv-2", {
+        userId: "testuser",
+        memorySpaceId: "space-b",
+        title: "Space B Chat",
+      });
+
+      const request = createRequest("GET", {
+        searchParams: { userId: "testuser", memorySpaceId: "space-a" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      expect((data.conversations as unknown[]).length).toBe(1);
+      expect((data.conversations as { id: string }[])[0].id).toBe("conv-1");
+    });
+
+    it("should not return conversations from other users", async () => {
+      // Seed conversations for different users
+      seedTestData.conversation("conv-1", {
+        userId: "user-a",
+        title: "User A Chat",
+      });
+      seedTestData.conversation("conv-2", {
+        userId: "user-b",
+        title: "User B Chat",
+      });
+
+      const request = createRequest("GET", {
+        searchParams: { userId: "user-a" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      expect((data.conversations as unknown[]).length).toBe(1);
+      expect((data.conversations as { id: string }[])[0].id).toBe("conv-1");
+    });
+
+    it("should include conversation metadata in response", async () => {
+      seedTestData.conversation("conv-1", {
+        userId: "testuser",
+        title: "Test Chat Title",
+      });
+
+      const request = createRequest("GET", {
+        searchParams: { userId: "testuser" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      const conversation = (data.conversations as Record<string, unknown>[])[0];
+      expect(conversation.id).toBe("conv-1");
+      expect(conversation.title).toBe("Test Chat Title");
+      expect(conversation.createdAt).toBeDefined();
+      expect(conversation.updatedAt).toBeDefined();
+      expect(conversation.messageCount).toBeDefined();
+    });
+
+    it("should use default memorySpaceId if not provided", async () => {
+      const request = createRequest("GET", {
+        searchParams: { userId: "testuser" },
+      });
+      await conversationsGet(request);
+
+      expect(mockCortex.conversations.list).toHaveBeenCalledWith(
+        expect.objectContaining({
+          memorySpaceId: "quickstart-demo",
+          userId: "testuser",
+        })
+      );
+    });
+  });
+
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // POST /api/conversations
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("POST /api/conversations", () => {
+    it("should return 400 if userId is missing", async () => {
+      const request = createRequest("POST", {
+        body: { title: "New Chat" },
+      });
+      const response = await conversationsPost(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(400);
+      expect(data.error).toBe("userId is required");
+    });
+
+    it("should create conversation with generated ID", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser" },
+      });
+      const response = await conversationsPost(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      expect(data.success).toBe(true);
+      expect(data.conversation).toBeDefined();
+
+      const conversation = data.conversation as { id: string };
+      expect(conversation.id).toMatch(/^conv-\d+-[a-z0-9]+$/);
+    });
+
+    it("should create conversation with provided title", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser", title: "My Custom Title" },
+      });
+      const response = await conversationsPost(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      const conversation = data.conversation as { title: string };
+      expect(conversation.title).toBe("My Custom Title");
+    });
+
+    it("should use default title if not provided", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser" },
+      });
+      const response = await conversationsPost(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      const conversation = data.conversation as { title: string };
+      expect(conversation.title).toBe("New Chat");
+    });
+
+    it("should use provided memorySpaceId", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser", memorySpaceId: "custom-space" },
+      });
+      await conversationsPost(request);
+
+      expect(mockCortex.conversations.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          memorySpaceId: "custom-space",
+        })
+      );
+    });
+
+    it("should use default memorySpaceId if not provided", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser" },
+      });
+      await conversationsPost(request);
+
+      expect(mockCortex.conversations.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          memorySpaceId: "quickstart-demo",
+        })
+      );
+    });
+
+    it("should set conversation type to user-agent", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser" },
+      });
+      await conversationsPost(request);
+
+      expect(mockCortex.conversations.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          type: "user-agent",
+        })
+      );
+    });
+
+    it("should set participants with userId and agentId", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser" },
+      });
+      await conversationsPost(request);
+
+      expect(mockCortex.conversations.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          participants: {
+            userId: "testuser",
+            agentId: "quickstart-assistant",
+          },
+        })
+      );
+    });
+
+    it("should return conversation metadata", async () => {
+      const request = createRequest("POST", {
+        body: { userId: "testuser", title: "Test Chat" },
+      });
+      const response = await conversationsPost(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      const conversation = data.conversation as Record<string, unknown>;
+      expect(conversation.id).toBeDefined();
+      expect(conversation.title).toBe("Test Chat");
+      expect(conversation.createdAt).toBeDefined();
+      expect(conversation.updatedAt).toBeDefined();
+      expect(conversation.messageCount).toBe(0);
+    });
+  });
+
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // DELETE /api/conversations
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("DELETE /api/conversations", () => {
+    it("should return 400 if conversationId is missing", async () => {
+      const request = createRequest("DELETE");
+      const response = await conversationsDelete(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(400);
+      expect(data.error).toBe("conversationId is required");
+    });
+
+    it("should delete conversation and return success", async () => {
+      // Seed a conversation
+      seedTestData.conversation("conv-to-delete", {
+        userId: "testuser",
+        title: "Delete Me",
+      });
+
+      const request = createRequest("DELETE", {
+        searchParams: { conversationId: "conv-to-delete" },
+      });
+      const response = await conversationsDelete(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(200);
+      expect(data.success).toBe(true);
+    });
+
+    it("should call cortex.conversations.delete with correct ID", async () => {
+      const request = createRequest("DELETE", {
+        searchParams: { conversationId: "conv-123" },
+      });
+      await conversationsDelete(request);
+
+      expect(mockCortex.conversations.delete).toHaveBeenCalledWith("conv-123");
+    });
+  });
+
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // Edge Cases
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("edge cases", () => {
+    it("should handle SDK errors gracefully for GET", async () => {
+      mockCortex.conversations.list = jest
+        .fn()
+        .mockRejectedValue(new Error("SDK error"));
+
+      const request = createRequest("GET", {
+        searchParams: { userId: "testuser" },
+      });
+      const response = await conversationsGet(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(500);
+      expect(data.error).toBe("Failed to fetch conversations");
+    });
+
+    it("should handle SDK errors gracefully for POST", async () => {
+      mockCortex.conversations.create = jest
+        .fn()
+        .mockRejectedValue(new Error("SDK error"));
+
+      const request = createRequest("POST", {
+        body: { userId: "testuser" },
+      });
+      const response = await conversationsPost(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(500);
+      expect(data.error).toBe("Failed to create conversation");
+    });
+
+    it("should handle SDK errors gracefully for DELETE", async () => {
+      mockCortex.conversations.delete = jest
+        .fn()
+        .mockRejectedValue(new Error("SDK error"));
+
+      const request = createRequest("DELETE", {
+        searchParams: { conversationId: "conv-123" },
+      });
+      const response = await conversationsDelete(request);
+      const { status, data } = await parseResponse(response);
+
+      expect(status).toBe(500);
+      expect(data.error).toBe("Failed to delete conversation");
+    });
+  });
+});

package/templates/vercel-ai-quickstart/tests/unit/password.test.ts

@@ -0,0 +1,228 @@
+/**
+ * Unit Tests: Password Utilities
+ *
+ * Tests password hashing, verification, and session token generation.
+ */
+
+import {
+  hashPassword,
+  verifyPassword,
+  generateSessionToken,
+} from "../../lib/password";
+
+describe("Password Utilities", () => {
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // hashPassword
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("hashPassword", () => {
+    it("should return hash in salt:hash format", async () => {
+      const hash = await hashPassword("testpassword");
+
+      expect(hash).toContain(":");
+      const [salt, hashPart] = hash.split(":");
+      expect(salt).toBeDefined();
+      expect(hashPart).toBeDefined();
+      expect(salt.length).toBeGreaterThan(0);
+      expect(hashPart.length).toBeGreaterThan(0);
+    });
+
+    it("should produce different hashes for same password (unique salts)", async () => {
+      const hash1 = await hashPassword("samepassword");
+      const hash2 = await hashPassword("samepassword");
+
+      expect(hash1).not.toBe(hash2);
+
+      // Salts should be different
+      const [salt1] = hash1.split(":");
+      const [salt2] = hash2.split(":");
+      expect(salt1).not.toBe(salt2);
+    });
+
+    it("should produce base64-encoded output", async () => {
+      const hash = await hashPassword("testpassword");
+      const [salt, hashPart] = hash.split(":");
+
+      // Base64 regex pattern
+      const base64Pattern = /^[A-Za-z0-9+/]+=*$/;
+      expect(salt).toMatch(base64Pattern);
+      expect(hashPart).toMatch(base64Pattern);
+    });
+
+    it("should handle empty password", async () => {
+      const hash = await hashPassword("");
+
+      expect(hash).toContain(":");
+      const [salt, hashPart] = hash.split(":");
+      expect(salt.length).toBeGreaterThan(0);
+      expect(hashPart.length).toBeGreaterThan(0);
+    });
+
+    it("should handle special characters in password", async () => {
+      const hash = await hashPassword("p@$$w0rd!#$%^&*()");
+
+      expect(hash).toContain(":");
+      const verified = await verifyPassword("p@$$w0rd!#$%^&*()", hash);
+      expect(verified).toBe(true);
+    });
+
+    it("should handle unicode characters in password", async () => {
+      const hash = await hashPassword("пароль密码🔒");
+
+      expect(hash).toContain(":");
+      const verified = await verifyPassword("пароль密码🔒", hash);
+      expect(verified).toBe(true);
+    });
+
+    it("should handle very long passwords", async () => {
+      const longPassword = "a".repeat(1000);
+      const hash = await hashPassword(longPassword);
+
+      expect(hash).toContain(":");
+      const verified = await verifyPassword(longPassword, hash);
+      expect(verified).toBe(true);
+    });
+  });
+
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // verifyPassword
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("verifyPassword", () => {
+    it("should return true for correct password", async () => {
+      const password = "correctpassword";
+      const hash = await hashPassword(password);
+
+      const result = await verifyPassword(password, hash);
+
+      expect(result).toBe(true);
+    });
+
+    it("should return false for wrong password", async () => {
+      const hash = await hashPassword("correctpassword");
+
+      const result = await verifyPassword("wrongpassword", hash);
+
+      expect(result).toBe(false);
+    });
+
+    it("should return false for malformed hash (no colon)", async () => {
+      const result = await verifyPassword("password", "invalidhashformat");
+
+      expect(result).toBe(false);
+    });
+
+    it("should return false for malformed hash (empty parts)", async () => {
+      const result = await verifyPassword("password", ":");
+
+      expect(result).toBe(false);
+    });
+
+    it("should return false for malformed hash (only salt)", async () => {
+      const result = await verifyPassword("password", "somesalt:");
+
+      expect(result).toBe(false);
+    });
+
+    it("should return false for malformed hash (only hash)", async () => {
+      const result = await verifyPassword("password", ":somehash");
+
+      expect(result).toBe(false);
+    });
+
+    it("should return false for empty stored hash", async () => {
+      const result = await verifyPassword("password", "");
+
+      expect(result).toBe(false);
+    });
+
+    it("should return false for invalid base64 in salt", async () => {
+      const result = await verifyPassword("password", "!!!invalid!!!:validhash");
+
+      expect(result).toBe(false);
+    });
+
+    it("should be case-sensitive for passwords", async () => {
+      const hash = await hashPassword("Password");
+
+      const resultLower = await verifyPassword("password", hash);
+      const resultUpper = await verifyPassword("PASSWORD", hash);
+      const resultCorrect = await verifyPassword("Password", hash);
+
+      expect(resultLower).toBe(false);
+      expect(resultUpper).toBe(false);
+      expect(resultCorrect).toBe(true);
+    });
+
+    it("should handle whitespace in passwords", async () => {
+      const hash = await hashPassword("pass word");
+
+      const withSpace = await verifyPassword("pass word", hash);
+      const withoutSpace = await verifyPassword("password", hash);
+
+      expect(withSpace).toBe(true);
+      expect(withoutSpace).toBe(false);
+    });
+  });
+
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // generateSessionToken
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("generateSessionToken", () => {
+    it("should return 64-character hex string", () => {
+      const token = generateSessionToken();
+
+      expect(token).toHaveLength(64);
+      expect(token).toMatch(/^[0-9a-f]+$/);
+    });
+
+    it("should produce unique tokens on each call", () => {
+      const tokens = new Set<string>();
+
+      for (let i = 0; i < 100; i++) {
+        tokens.add(generateSessionToken());
+      }
+
+      expect(tokens.size).toBe(100);
+    });
+
+    it("should be lowercase hex", () => {
+      const token = generateSessionToken();
+
+      expect(token).toBe(token.toLowerCase());
+    });
+
+    it("should not contain non-hex characters", () => {
+      const token = generateSessionToken();
+
+      expect(token).not.toMatch(/[g-zG-Z]/);
+    });
+  });
+
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  // Integration: Hash and Verify Round-Trip
+  // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  describe("hash and verify round-trip", () => {
+    const testPasswords = [
+      "simple",
+      "with spaces",
+      "UPPERCASE",
+      "MixedCase123",
+      "!@#$%^&*()",
+      "12345678",
+      "日本語パスワード",
+      "emoji🔐🔑🔓",
+    ];
+
+    testPasswords.forEach((password) => {
+      it(`should round-trip password: "${password}"`, async () => {
+        const hash = await hashPassword(password);
+        const verified = await verifyPassword(password, hash);
+
+        expect(verified).toBe(true);
+      });
+    });
+  });
+});

package/templates/vercel-ai-quickstart/tsconfig.json

@@ -29,5 +29,5 @@
     ".next/types/**/*.ts",
     ".next/dev/types/**/*.ts"
   ],
-  "exclude": ["node_modules", "convex"]
+  "exclude": ["node_modules", "convex", "tests", "jest.config.js"]
 }