@danielblomma/cortex-mcp 2.0.6 → 2.0.8

package/scaffold/mcp/tests/workflow-synced-registry.test.mjs

@@ -0,0 +1,179 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+import {
+  loadSyncedWorkflows,
+  syncedWorkflowsCachePath,
+} from "../dist/core/workflow/synced-registry.js";
+import { runWorkflowStart } from "../dist/core/workflow/mcp-tools.js";
+import { SECURE_BUILD_WORKFLOW } from "../dist/core/workflow/default-workflows.js";
+
+function makeWorkspace() {
+  return fs.mkdtempSync(path.join(os.tmpdir(), "cortex-synced-registry-"));
+}
+
+const TINY_WORKFLOW = {
+  id: "tiny",
+  description: "Two-stage tests workflow",
+  version: 1,
+  stages: [
+    {
+      name: "plan",
+      artifact: "plan.md",
+      reads: [],
+      required_fields: [],
+      capability: "planner",
+      description: "Produce a plan.",
+    },
+    {
+      name: "review",
+      artifact: "review.md",
+      reads: ["plan"],
+      required_fields: ["approved"],
+      capability: "reviewer",
+      description: "Review the plan.",
+    },
+  ],
+};
+
+function writeCache(dir, payload) {
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(
+    syncedWorkflowsCachePath(dir),
+    JSON.stringify(payload, null, 2),
+    "utf8",
+  );
+}
+
+test("syncedWorkflowsCachePath: defaults to ~/.cortex/workflows.local.json", () => {
+  const expected = path.join(os.homedir(), ".cortex", "workflows.local.json");
+  assert.equal(syncedWorkflowsCachePath(), expected);
+});
+
+test("loadSyncedWorkflows: returns {} when cache is missing", () => {
+  const dir = makeWorkspace();
+  assert.deepEqual(loadSyncedWorkflows(dir), {});
+});
+
+test("loadSyncedWorkflows: returns {} when cache is unreadable JSON", () => {
+  const dir = makeWorkspace();
+  fs.writeFileSync(syncedWorkflowsCachePath(dir), "not valid json", "utf8");
+  assert.deepEqual(loadSyncedWorkflows(dir), {});
+});
+
+test("loadSyncedWorkflows: returns {} when 'workflows' key is missing", () => {
+  const dir = makeWorkspace();
+  writeCache(dir, { last_synced_at: "x" });
+  assert.deepEqual(loadSyncedWorkflows(dir), {});
+});
+
+test("loadSyncedWorkflows: drops entries whose definition fails schema", () => {
+  const dir = makeWorkspace();
+  writeCache(dir, {
+    workflows: {
+      "valid-one": {
+        workflow_id: "valid-one",
+        version: 1,
+        updated_at: "2026-05-06T12:00:00.000Z",
+        definition: TINY_WORKFLOW,
+      },
+      "broken-one": {
+        workflow_id: "broken-one",
+        version: 1,
+        updated_at: "2026-05-06T12:00:00.000Z",
+        definition: { id: "broken-one" /* missing stages */ },
+      },
+    },
+  });
+  const loaded = loadSyncedWorkflows(dir);
+  assert.deepEqual(Object.keys(loaded).sort(), ["valid-one"]);
+});
+
+test("loadSyncedWorkflows: returns valid workflow definitions keyed by workflow_id", () => {
+  const dir = makeWorkspace();
+  writeCache(dir, {
+    workflows: {
+      tiny: {
+        workflow_id: "tiny",
+        version: 1,
+        updated_at: "2026-05-06T12:00:00.000Z",
+        definition: TINY_WORKFLOW,
+      },
+    },
+  });
+  const loaded = loadSyncedWorkflows(dir);
+  assert.equal(loaded.tiny.id, "tiny");
+  assert.equal(loaded.tiny.stages.length, 2);
+});
+
+test("resolveWorkflow integration: synced workflow takes precedence over bundled default", () => {
+  // We can't easily intercept loadSyncedWorkflows() from inside
+  // mcp-tools.ts (it reads from a fixed home-dir path). Instead, exercise
+  // the explicit-registry path which mirrors what the merge would do
+  // and confirm the contract: passing a registry that includes the same
+  // id as a bundled default uses the registry version.
+  const cwd = makeWorkspace();
+  process.env.HOME = cwd; // sandbox the cache lookup
+  try {
+    const overridden = {
+      ...SECURE_BUILD_WORKFLOW,
+      description: "Org-overridden secure-build",
+    };
+    const registry = { "secure-build": overridden };
+    const result = runWorkflowStart(
+      {
+        task_id: "task-1",
+        task_description: "test",
+        workflow_id: "secure-build",
+      },
+      { cwd, workflows: registry },
+    );
+    assert.equal(result.state.workflow_id, "secure-build");
+    // The envelope renders the workflow description verbatim — confirms
+    // we got the org-overridden version and not the bundled one.
+    assert.match(result.envelope.prompt, /Org-overridden secure-build/);
+  } finally {
+    delete process.env.HOME;
+  }
+});
+
+test("resolveWorkflow integration: synced cache adds new workflow_ids beyond defaults", () => {
+  const cwd = makeWorkspace();
+  // Build a cache under a tmp HOME and point HOME at it, so that the
+  // home-dir-based loader picks it up.
+  const fakeHome = makeWorkspace();
+  process.env.HOME = fakeHome;
+  try {
+    fs.mkdirSync(path.join(fakeHome, ".cortex"), { recursive: true });
+    fs.writeFileSync(
+      path.join(fakeHome, ".cortex", "workflows.local.json"),
+      JSON.stringify({
+        workflows: {
+          tiny: {
+            workflow_id: "tiny",
+            version: 1,
+            updated_at: "2026-05-06T12:00:00.000Z",
+            definition: TINY_WORKFLOW,
+          },
+        },
+      }),
+      "utf8",
+    );
+
+    const result = runWorkflowStart(
+      {
+        task_id: "task-2",
+        task_description: "Use synced workflow",
+        workflow_id: "tiny",
+      },
+      { cwd },
+    );
+    assert.equal(result.state.workflow_id, "tiny");
+    assert.equal(result.state.current_stage, "plan");
+  } finally {
+    delete process.env.HOME;
+  }
+});

package/scaffold/mcp/tests/workflow-validators-override.test.mjs

@@ -0,0 +1,272 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+import {
+  createRun,
+  advanceStage,
+} from "../dist/core/workflow/run-lifecycle.js";
+import { composeStageEnvelope } from "../dist/core/workflow/envelope.js";
+import {
+  runWorkflowAdvance,
+  runWorkflowStart,
+} from "../dist/core/workflow/mcp-tools.js";
+
+function makeWorkspace() {
+  return fs.mkdtempSync(path.join(os.tmpdir(), "cortex-validators-"));
+}
+
+const WORKFLOW = {
+  id: "validated",
+  description: "One stage that requires two validators",
+  version: 1,
+  stages: [
+    {
+      name: "build",
+      artifact: "changes.md",
+      reads: [],
+      required_fields: [],
+      validators: [
+        { id: "tests-pass", description: "Test suite must pass" },
+        { id: "build-passes", description: "Build must succeed" },
+      ],
+      capability: "builder",
+      description: "Implement the change.",
+    },
+  ],
+};
+
+const REGISTRY = { validated: WORKFLOW };
+
+test("advanceStage: blocks when validators_passed misses required ids", () => {
+  const cwd = makeWorkspace();
+  createRun({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    taskDescription: "Test",
+  });
+
+  assert.throws(
+    () =>
+      advanceStage({
+        cwd,
+        taskId: "task-1",
+        workflow: WORKFLOW,
+        stageName: "build",
+        artifactName: "changes.md",
+        frontmatter: { stage: "build", status: "complete", references: [] },
+        body: "# Changes",
+        validatorsPassed: ["tests-pass"], // missing build-passes
+      }),
+    /Missing: build-passes/,
+  );
+});
+
+test("advanceStage: allows when validators_passed covers required ids", () => {
+  const cwd = makeWorkspace();
+  createRun({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    taskDescription: "Test",
+  });
+
+  const next = advanceStage({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    stageName: "build",
+    artifactName: "changes.md",
+    frontmatter: { stage: "build", status: "complete", references: [] },
+    body: "# Changes",
+    validatorsPassed: ["tests-pass", "build-passes"],
+  });
+  assert.equal(next.outcome, "complete");
+  assert.deepEqual(next.stages[0].validators_passed, ["tests-pass", "build-passes"]);
+});
+
+test("advanceStage: override.skipped_validators bypasses missing-validator block", () => {
+  const cwd = makeWorkspace();
+  createRun({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    taskDescription: "Test",
+  });
+
+  const next = advanceStage({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    stageName: "build",
+    artifactName: "changes.md",
+    frontmatter: { stage: "build", status: "complete", references: [] },
+    body: "# Changes",
+    validatorsPassed: ["tests-pass"],
+    override: {
+      reason: "Build infra is down on CI; skipping per ops-incident-2026-05-06",
+      skipped_validators: ["build-passes"],
+    },
+  });
+
+  assert.equal(next.outcome, "complete");
+  assert.equal(next.stages[0].override?.reason.includes("Build infra is down"), true);
+  assert.deepEqual(next.stages[0].override?.skipped_validators, ["build-passes"]);
+});
+
+test("advanceStage: blocked status is exempt from validator coverage check", () => {
+  const cwd = makeWorkspace();
+  createRun({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    taskDescription: "Test",
+  });
+
+  const next = advanceStage({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    stageName: "build",
+    artifactName: "changes.md",
+    frontmatter: { stage: "build", status: "blocked", references: [] },
+    body: "# Plan blocked\n\nMissing context.",
+    status: "blocked",
+    validatorsPassed: [], // exempt
+  });
+  assert.equal(next.outcome, "blocked");
+});
+
+test("advanceStage: override is stamped into the artifact frontmatter", () => {
+  const cwd = makeWorkspace();
+  createRun({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    taskDescription: "Test",
+  });
+
+  advanceStage({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    stageName: "build",
+    artifactName: "changes.md",
+    frontmatter: { stage: "build", status: "complete", references: [] },
+    body: "# Changes",
+    validatorsPassed: ["tests-pass"],
+    override: {
+      reason: "Hot fix, will follow up",
+      skipped_validators: ["build-passes"],
+    },
+  });
+
+  const text = fs.readFileSync(
+    path.join(cwd, ".agents", "task-1", "changes.md"),
+    "utf8",
+  );
+  assert.match(text, /override:/);
+  assert.match(text, /reason: Hot fix/);
+  assert.match(text, /- build-passes/);
+});
+
+test("composeStageEnvelope: renders VALIDATORS section when stage declares them", () => {
+  const cwd = makeWorkspace();
+  createRun({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+    taskDescription: "Test",
+  });
+
+  const env = composeStageEnvelope({
+    cwd,
+    taskId: "task-1",
+    workflow: WORKFLOW,
+  });
+
+  assert.match(env.prompt, /# VALIDATORS/);
+  assert.match(env.prompt, /`tests-pass` — Test suite must pass/);
+  assert.match(env.prompt, /`build-passes` — Build must succeed/);
+  assert.match(env.prompt, /`validators_passed: \[<id1>, <id2>, \.\.\.\]`/);
+  assert.deepEqual(env.validators.map((v) => v.id), ["tests-pass", "build-passes"]);
+});
+
+test("composeStageEnvelope: VALIDATORS section is empty when stage has none", () => {
+  const cwd = makeWorkspace();
+  const noValidators = {
+    ...WORKFLOW,
+    stages: [{ ...WORKFLOW.stages[0], validators: [] }],
+  };
+  createRun({
+    cwd,
+    taskId: "task-1",
+    workflow: noValidators,
+    taskDescription: "Test",
+  });
+
+  const env = composeStageEnvelope({
+    cwd,
+    taskId: "task-1",
+    workflow: noValidators,
+  });
+
+  assert.match(env.prompt, /No validators required for this stage/);
+  assert.equal(env.validators.length, 0);
+});
+
+test("runWorkflowAdvance MCP runner: forwards validators_passed + override", () => {
+  const cwd = makeWorkspace();
+  runWorkflowStart(
+    { task_id: "task-1", task_description: "x", workflow_id: "validated" },
+    { cwd, workflows: REGISTRY },
+  );
+
+  const result = runWorkflowAdvance(
+    {
+      task_id: "task-1",
+      stage: "build",
+      frontmatter: {},
+      body: "# Changes",
+      validators_passed: ["tests-pass"],
+      override: {
+        reason: "CI builder offline; manual verification done",
+        skipped_validators: ["build-passes"],
+        skipped_requirements: [],
+      },
+    },
+    { cwd, workflows: REGISTRY },
+  );
+
+  assert.equal(result.state.outcome, "complete");
+  assert.equal(
+    result.state.stages[0].override?.reason.includes("CI builder offline"),
+    true,
+  );
+});
+
+test("runWorkflowAdvance MCP runner: rejects missing validators without override", () => {
+  const cwd = makeWorkspace();
+  runWorkflowStart(
+    { task_id: "task-1", task_description: "x", workflow_id: "validated" },
+    { cwd, workflows: REGISTRY },
+  );
+
+  assert.throws(
+    () =>
+      runWorkflowAdvance(
+        {
+          task_id: "task-1",
+          stage: "build",
+          frontmatter: {},
+          body: "# Changes",
+          validators_passed: [],
+        },
+        { cwd, workflows: REGISTRY },
+      ),
+    /Missing: tests-pass, build-passes/,
+  );
+});