@kirrosh/apitool 0.4.3 → 0.5.1

package/src/mcp/tools/save-test-suite.ts

@@ -5,6 +5,147 @@ import { join, dirname } from "node:path";
 import { existsSync, mkdirSync } from "node:fs";
 import YAML from "yaml";
 
+export interface SaveResult {
+  saved: boolean;
+  filePath?: string;
+  suite?: { name: unknown; tests: number; base_url: unknown };
+  hint?: string;
+  coverage?: Record<string, unknown>;
+  error?: string;
+  detected?: string[];
+}
+
+export async function validateAndSave(
+  filePath: string,
+  content: string,
+  overwrite: boolean | undefined,
+  dbPath?: string,
+): Promise<{ result: SaveResult; isError: boolean }> {
+  // Parse YAML
+  let parsed: unknown;
+  try {
+    parsed = YAML.parse(content);
+  } catch (err) {
+    return {
+      result: {
+        saved: false,
+        error: `YAML parse error: ${(err as Error).message}`,
+        hint: "Check YAML syntax — indentation, colons, and quoting",
+      },
+      isError: true,
+    };
+  }
+
+  // Validate against test suite schema
+  try {
+    validateSuite(parsed);
+  } catch (err) {
+    const message = (err as Error).message;
+    let hint = "Check the test suite structure matches the expected format";
+    if (message.includes("status")) {
+      hint = "Status codes must be numbers, not strings (e.g. status: 200, not status: \"200\")";
+    } else if (message.includes("exists")) {
+      hint = "exists must be boolean true/false, not string \"true\"/\"false\"";
+    } else if (message.includes("tests")) {
+      hint = "Suite must have a 'tests' array with at least one test step";
+    }
+    return {
+      result: { saved: false, error: `Validation: ${message}`, hint },
+      isError: true,
+    };
+  }
+
+  // Detect hardcoded credentials — long opaque strings in auth headers
+  const credentialPattern = /Authorization\s*:\s*["']?(Basic|Bearer)\s+([A-Za-z0-9+/=_\-]{20,})["']?/g;
+  const credMatches = [...content.matchAll(credentialPattern)];
+  const suspiciousCredentials = credMatches.filter(m => {
+    const value = m[2]!;
+    return !value.startsWith("{{") && !value.endsWith("}}");
+  });
+  if (suspiciousCredentials.length > 0) {
+    return {
+      result: {
+        saved: false,
+        error: "Hardcoded credentials detected in Authorization header(s)",
+        hint: "Never put literal API keys or tokens in YAML files. Store them in the environment instead: use manage_environment(action: \"set\", name: \"default\", collectionName: \"...\", variables: {\"api_key\": \"...\"}) and reference as {{api_key}} in headers.",
+        detected: suspiciousCredentials.map(m => `${m[1]} <redacted>`),
+      },
+      isError: true,
+    };
+  }
+
+  // Resolve path
+  const resolvedPath = filePath.startsWith("/") || /^[a-zA-Z]:/.test(filePath)
+    ? filePath
+    : join(process.cwd(), filePath);
+
+  // Check existing file
+  if (!overwrite && existsSync(resolvedPath)) {
+    return {
+      result: {
+        saved: false,
+        error: `File already exists: ${resolvedPath}`,
+        hint: "Use overwrite: true to replace the existing file",
+      },
+      isError: true,
+    };
+  }
+
+  // Create directories
+  const dir = dirname(resolvedPath);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+
+  // Write original YAML content (preserve formatting/comments)
+  await Bun.write(resolvedPath, content);
+
+  // Extract summary info
+  const suite = parsed as Record<string, unknown>;
+  const tests = (suite.tests as unknown[]) ?? [];
+
+  const result: SaveResult = {
+    saved: true,
+    filePath: resolvedPath,
+    suite: {
+      name: suite.name,
+      tests: tests.length,
+      base_url: suite.base_url ?? null,
+    },
+    hint: "After tests are ready, ask the user if they want to set up CI/CD with ci_init to run tests automatically on push.",
+  };
+
+  // Attempt to compute coverage hint
+  try {
+    const testDir = dirname(resolvedPath);
+    const { findCollectionByTestPath } = await import("../../db/queries.ts");
+    const { getDb } = await import("../../db/schema.ts");
+    getDb(dbPath);
+    const collection = findCollectionByTestPath(testDir);
+    if (collection?.openapi_spec) {
+      const { readOpenApiSpec, extractEndpoints } = await import("../../core/generator/openapi-reader.ts");
+      const { scanCoveredEndpoints, filterUncoveredEndpoints } = await import("../../core/generator/coverage-scanner.ts");
+
+      const doc = await readOpenApiSpec(collection.openapi_spec);
+      const allEndpoints = extractEndpoints(doc);
+      const covered = await scanCoveredEndpoints(testDir);
+      const uncovered = filterUncoveredEndpoints(allEndpoints, covered);
+
+      const total = allEndpoints.length;
+      const coveredCount = total - uncovered.length;
+      const percentage = total > 0 ? Math.round((coveredCount / total) * 100) : 0;
+
+      const coverage: Record<string, unknown> = { percentage, covered: coveredCount, total, uncoveredCount: uncovered.length };
+      if (percentage < 80 && uncovered.length > 0) {
+        coverage.suggestion = `Use generate_missing_tests to cover ${uncovered.length} remaining endpoint${uncovered.length > 1 ? "s" : ""}`;
+      }
+      result.coverage = coverage;
+    }
+  } catch { /* silently skip coverage if unavailable */ }
+
+  return { result, isError: false };
+}
+
 export function registerSaveTestSuiteTool(server: McpServer, dbPath?: string) {
   server.registerTool("save_test_suite", {
     description: "Save a YAML test suite file with validation. Parses and validates the YAML content " +
@@ -17,144 +158,59 @@ export function registerSaveTestSuiteTool(server: McpServer, dbPath?: string) {
     },
   }, async ({ filePath, content, overwrite }) => {
     try {
-      // Parse YAML
-      let parsed: unknown;
-      try {
-        parsed = YAML.parse(content);
-      } catch (err) {
-        return {
-          content: [{ type: "text" as const, text: JSON.stringify({
-            saved: false,
-            error: `YAML parse error: ${(err as Error).message}`,
-            hint: "Check YAML syntax — indentation, colons, and quoting",
-          }, null, 2) }],
-          isError: true,
-        };
-      }
-
-      // Validate against test suite schema
-      try {
-        validateSuite(parsed);
-      } catch (err) {
-        const message = (err as Error).message;
-        // Extract Zod error details
-        let hint = "Check the test suite structure matches the expected format";
-        if (message.includes("status")) {
-          hint = "Status codes must be numbers, not strings (e.g. status: 200, not status: \"200\")";
-        } else if (message.includes("exists")) {
-          hint = "exists must be boolean true/false, not string \"true\"/\"false\"";
-        } else if (message.includes("tests")) {
-          hint = "Suite must have a 'tests' array with at least one test step";
-        }
-
-        return {
-          content: [{ type: "text" as const, text: JSON.stringify({
-            saved: false,
-            error: `Validation: ${message}`,
-            hint,
-          }, null, 2) }],
-          isError: true,
-        };
-      }
-
-      // Detect hardcoded credentials — long opaque strings in auth headers
-      const credentialPattern = /Authorization\s*:\s*["']?(Basic|Bearer)\s+([A-Za-z0-9+/=_\-]{20,})["']?/g;
-      const credMatches = [...content.matchAll(credentialPattern)];
-      const suspiciousCredentials = credMatches.filter(m => {
-        const value = m[2]!;
-        // Allow {{variable}} references — flag only literal tokens
-        return !value.startsWith("{{") && !value.endsWith("}}");
-      });
-      if (suspiciousCredentials.length > 0) {
-        return {
-          content: [{ type: "text" as const, text: JSON.stringify({
-            saved: false,
-            error: "Hardcoded credentials detected in Authorization header(s)",
-            hint: "Never put literal API keys or tokens in YAML files. Store them in the environment instead: use manage_environment(action: \"set\", name: \"default\", collectionName: \"...\", variables: {\"api_key\": \"...\"}) and reference as {{api_key}} in headers.",
-            detected: suspiciousCredentials.map(m => `${m[1]} <redacted>`),
-          }, null, 2) }],
-          isError: true,
-        };
-      }
+      const { result, isError } = await validateAndSave(filePath, content, overwrite, dbPath);
+      return {
+        content: [{ type: "text" as const, text: JSON.stringify(result, null, 2) }],
+        ...(isError ? { isError: true } : {}),
+      };
+    } catch (err) {
+      return {
+        content: [{ type: "text" as const, text: JSON.stringify({
+          saved: false,
+          error: (err as Error).message,
+        }, null, 2) }],
+        isError: true,
+      };
+    }
+  });
+}
 
-      // Resolve path
-      const resolvedPath = filePath.startsWith("/") || /^[a-zA-Z]:/.test(filePath)
-        ? filePath
-        : join(process.cwd(), filePath);
-
-      // Check existing file
-      if (!overwrite && existsSync(resolvedPath)) {
-        return {
-          content: [{ type: "text" as const, text: JSON.stringify({
-            saved: false,
-            error: `File already exists: ${resolvedPath}`,
-            hint: "Use overwrite: true to replace the existing file",
-          }, null, 2) }],
-          isError: true,
-        };
-      }
+export function registerSaveTestSuitesTool(server: McpServer, dbPath?: string) {
+  server.registerTool("save_test_suites", {
+    description: "Save multiple YAML test suite files in a single call. Each file is validated before writing. " +
+      "Returns per-file results. Use when you have generated multiple suites at once.",
+    inputSchema: {
+      files: z.array(z.object({
+        filePath: z.string().describe("Path for saving the YAML test file"),
+        content: z.string().describe("YAML content of the test suite"),
+      })).describe("Array of files to save"),
+      overwrite: z.optional(z.boolean()).describe("Overwrite existing files (default: false)"),
+    },
+  }, async ({ files, overwrite }) => {
+    try {
+      const results: Array<SaveResult & { filePath: string; inputPath: string }> = [];
+      let hasErrors = false;
 
-      // Create directories
-      const dir = dirname(resolvedPath);
-      if (!existsSync(dir)) {
-        mkdirSync(dir, { recursive: true });
+      for (const file of files) {
+        const { result, isError } = await validateAndSave(file.filePath, file.content, overwrite, dbPath);
+        results.push({ ...result, inputPath: file.filePath, filePath: result.filePath ?? file.filePath });
+        if (isError) hasErrors = true;
       }
 
-      // Write original YAML content (preserve formatting/comments)
-      await Bun.write(resolvedPath, content);
-
-      // Extract summary info
-      const suite = parsed as Record<string, unknown>;
-      const tests = (suite.tests as unknown[]) ?? [];
-
-      const result: Record<string, unknown> = {
-        saved: true,
-        filePath: resolvedPath,
-        suite: {
-          name: suite.name,
-          tests: tests.length,
-          base_url: suite.base_url ?? null,
-        },
+      const summary = {
+        total: files.length,
+        saved: results.filter(r => r.saved).length,
+        failed: results.filter(r => !r.saved).length,
+        files: results,
       };
 
-      // CI hint
-      result.hint = "After tests are ready, ask the user if they want to set up CI/CD with ci_init to run tests automatically on push.";
-
-      // Attempt to compute coverage hint
-      try {
-        const testDir = dirname(resolvedPath);
-        const { findCollectionByTestPath } = await import("../../db/queries.ts");
-        const { getDb } = await import("../../db/schema.ts");
-        getDb(dbPath);
-        const collection = findCollectionByTestPath(testDir);
-        if (collection?.openapi_spec) {
-          const { readOpenApiSpec, extractEndpoints } = await import("../../core/generator/openapi-reader.ts");
-          const { scanCoveredEndpoints, filterUncoveredEndpoints } = await import("../../core/generator/coverage-scanner.ts");
-
-          const doc = await readOpenApiSpec(collection.openapi_spec);
-          const allEndpoints = extractEndpoints(doc);
-          const covered = await scanCoveredEndpoints(testDir);
-          const uncovered = filterUncoveredEndpoints(allEndpoints, covered);
-
-          const total = allEndpoints.length;
-          const coveredCount = total - uncovered.length;
-          const percentage = total > 0 ? Math.round((coveredCount / total) * 100) : 0;
-
-          const coverage: Record<string, unknown> = { percentage, covered: coveredCount, total, uncoveredCount: uncovered.length };
-          if (percentage < 80 && uncovered.length > 0) {
-            coverage.suggestion = `Use generate_missing_tests to cover ${uncovered.length} remaining endpoint${uncovered.length > 1 ? "s" : ""}`;
-          }
-          result.coverage = coverage;
-        }
-      } catch { /* silently skip coverage if unavailable */ }
-
       return {
-        content: [{ type: "text" as const, text: JSON.stringify(result, null, 2) }],
+        content: [{ type: "text" as const, text: JSON.stringify(summary, null, 2) }],
+        ...(hasErrors ? { isError: true } : {}),
       };
     } catch (err) {
       return {
         content: [{ type: "text" as const, text: JSON.stringify({
-          saved: false,
           error: (err as Error).message,
         }, null, 2) }],
         isError: true,

package/src/mcp/tools/set-work-dir.ts

@@ -0,0 +1,38 @@
+import { z } from "zod";
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { resolve, join } from "node:path";
+import { existsSync } from "node:fs";
+import { resetDb } from "../../db/schema.ts";
+
+export function registerSetWorkDirTool(server: McpServer) {
+  server.registerTool("set_work_dir", {
+    description:
+      "Set the working directory for this MCP session. " +
+      "Call this FIRST before any other tool when using a shared MCP server (npx). " +
+      "Determines where apitool.db and relative test paths resolve to. " +
+      "Pass the absolute path to your project root (same as workspace root in your editor).",
+    inputSchema: {
+      workDir: z.string().describe(
+        "Absolute path to project root (e.g. /home/user/myproject or C:/Users/user/myproject)"
+      ),
+    },
+  }, async ({ workDir }) => {
+    const resolved = resolve(workDir);
+    if (!existsSync(resolved)) {
+      return {
+        content: [{ type: "text" as const, text: JSON.stringify({ error: `Directory not found: ${resolved}` }, null, 2) }],
+        isError: true,
+      };
+    }
+    process.chdir(resolved);
+    resetDb();
+    const dbPath = join(resolved, "apitool.db");
+    return {
+      content: [{ type: "text" as const, text: JSON.stringify({
+        workDir: resolved,
+        apitool_db: dbPath,
+        hint: "Working directory set. All relative paths and apitool.db will now resolve from this directory.",
+      }, null, 2) }],
+    };
+  });
+}

package/src/mcp/tools/setup-api.ts

@@ -1,6 +1,21 @@
 import { z } from "zod";
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { dirname, isAbsolute, join, resolve } from "node:path";
+import { existsSync } from "node:fs";
 import { setupApi } from "../../core/setup-api.ts";
+import { resetDb } from "../../db/schema.ts";
+
+function findProjectRoot(fromPath: string): string | null {
+  let current = existsSync(fromPath) ? fromPath : dirname(fromPath);
+  while (true) {
+    if (existsSync(join(current, ".git")) || existsSync(join(current, "package.json"))) {
+      return current;
+    }
+    const parent = dirname(current);
+    if (parent === current) return null;
+    current = parent;
+  }
+}
 
 export function registerSetupApiTool(server: McpServer, dbPath?: string) {
   server.registerTool("setup_api", {
@@ -27,6 +42,17 @@ export function registerSetupApiTool(server: McpServer, dbPath?: string) {
           };
         }
       }
+
+      // Auto-chdir to project root when dir is an absolute path
+      if (dir && isAbsolute(resolve(dir))) {
+        const resolvedDir = resolve(dir);
+        const root = findProjectRoot(resolvedDir);
+        if (root && root !== process.cwd()) {
+          process.chdir(root);
+          resetDb();
+        }
+      }
+
       const result = await setupApi({
         name,
         spec: specPath,

package/src/web/routes/dashboard.ts

@@ -11,7 +11,7 @@ import {
   getRunById,
   getCollectionById,
 } from "../../db/queries.ts";
-import type { CollectionSummary } from "../../db/queries.ts";
+import type { CollectionRecord, CollectionSummary } from "../../db/queries.ts";
 
 const dashboard = new Hono();
 
@@ -79,7 +79,7 @@ dashboard.get("/panels/coverage", async (c) => {
   const collection = getCollectionById(collectionId);
   if (!collection?.openapi_spec) return c.html("");
 
-  return c.html(await renderCoveragePanel(collection));
+  return c.html(await renderCoveragePanel(collection as CollectionRecord & { openapi_spec: string }));
 });
 
 dashboard.get("/panels/history", (c) => {
@@ -134,7 +134,7 @@ function renderPage(collections: CollectionSummary[], selectedId: number | null)
     </div>`;
 }
 
-function renderCollectionContent(collection: CollectionSummary, envRecords: { id: number; name: string; collection_id: number | null }[]): string {
+function renderCollectionContent(collection: CollectionRecord, envRecords: { id: number; name: string; collection_id: number | null }[]): string {
   // Auto-select: prefer first scoped env, then first env if only one
   const defaultEnv = envRecords.find(e => e.collection_id !== null)?.name
     ?? (envRecords.length === 1 ? envRecords[0]!.name : null);
@@ -237,7 +237,7 @@ async function renderRunResults(runId: number): Promise<string> {
   return header + suitesHtml + autoExpandFailedScript();
 }
 
-async function renderCoveragePanel(collection: CollectionSummary & { openapi_spec: string }): Promise<string> {
+async function renderCoveragePanel(collection: CollectionRecord & { openapi_spec: string }): Promise<string> {
   try {
     const { readOpenApiSpec, extractEndpoints } = await import("../../core/generator/openapi-reader.ts");
     const { scanCoveredEndpoints, filterUncoveredEndpoints } = await import("../../core/generator/coverage-scanner.ts");

package/src/web/server.ts

@@ -58,7 +58,7 @@ export function createApp(options?: { dev?: boolean }) {
       return c.body(content);
     }
     if (file === "htmx.min.js") {
-      const content = await Bun.file(htmxJsPath).text();
+      const content = await Bun.file(htmxJsPath as unknown as string).text();
       c.header("Content-Type", "application/javascript; charset=utf-8");
       c.header("Cache-Control", "public, max-age=86400");
       return c.body(content);

package/tests/agent/tools/manage-environment.test.ts

@@ -1,7 +1,7 @@
 import { describe, test, expect, mock, beforeEach, afterAll } from "bun:test";
 
 const mockListEnvRecords = mock(() => [
-  { id: 1, name: "staging", variables: { base_url: "https://staging.api.com" } },
+  { id: 1, name: "staging", collection_id: null, variables: { base_url: "https://staging.api.com" } },
 ]);
 const mockGetEnv = mock((): unknown => ({ base_url: "https://staging.api.com", api_key: "sk-123" }));
 const mockUpsertEnv = mock(() => {});
@@ -37,7 +37,7 @@ describe("manageEnvironmentTool", () => {
   test("list action returns environments", async () => {
     const result = await manageEnvironmentTool.execute!({ action: "list" }, toolOpts);
     expect(result).toEqual({
-      environments: [{ id: 1, name: "staging", variables: { base_url: "https://staging.api.com" } }],
+      environments: [{ id: 1, name: "staging", collection_id: null, variables: { base_url: "https://staging.api.com" } }],
     });
   });
 

package/tests/core/generator/schema-utils.test.ts

@@ -70,7 +70,7 @@ describe("compressSchema", () => {
   });
 
   test("handles array without items", () => {
-    expect(compressSchema({ type: "array" })).toBe("[]");
+    expect(compressSchema({ type: "array" } as any)).toBe("[]");
   });
 
   test("handles schema without type", () => {

package/tests/core/runner/root-body-assertions.test.ts

@@ -6,7 +6,7 @@ function makeResponse(body: unknown, status = 200): HttpResponse {
   return {
     status,
     headers: { "content-type": "application/json" },
-    body_raw: JSON.stringify(body),
+    body: JSON.stringify(body),
     body_parsed: body,
     duration_ms: 50,
   };

package/tests/db/chat-schema.test.ts

@@ -5,7 +5,7 @@ describe("DB schema v3 — chat tables", () => {
   test("migration sets user_version to 3", () => {
     const db = getDb();
     const row = db.query("PRAGMA user_version").get() as { user_version: number };
-    expect(row.user_version).toBe(5);
+    expect(row.user_version).toBe(6);
   });
 
   test("chat_sessions table exists", () => {

package/tests/db/schema.test.ts

@@ -97,7 +97,7 @@ describe("getDb / schema", () => {
     dbPath = tmpDb();
     const db = getDb(dbPath);
     const row = db.query("PRAGMA user_version").get() as { user_version: number };
-    expect(row.user_version).toBe(5);
+    expect(row.user_version).toBe(6);
   });
 
   test("closeDb resets singleton so next call opens fresh db", () => {

package/tests/integration/auth-flow.test.ts

@@ -1,7 +1,6 @@
 import { describe, test, expect, beforeAll, afterAll } from "bun:test";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
 import { readOpenApiSpec, extractEndpoints, extractSecuritySchemes } from "../../src/core/generator/openapi-reader.ts";
-import { generateSuites, writeSuites } from "../../src/core/generator/skeleton.ts";
 import { parseFile } from "../../src/core/parser/yaml-parser.ts";
 import { runSuite } from "../../src/core/runner/executor.ts";
 import { tmpdir } from "os";
@@ -157,61 +156,7 @@ describe("Auth flow integration", () => {
     expect(spec.components.securitySchemes.bearerAuth).toBeDefined();
   });
 
-  test("generate auth-aware tests from live spec, then run them", async () => {
-    // Fetch and save spec
-    const res = await fetch(`${TEST_BASE}/doc`);
-    const spec = await res.json();
-    const specPath = join(tmpDir, "spec.json");
-    await writeFile(specPath, JSON.stringify(spec));
-
-    // Generate skeleton
-    const doc = await readOpenApiSpec(specPath);
-    const endpoints = extractEndpoints(doc);
-    const securitySchemes = extractSecuritySchemes(doc);
-    const suites = generateSuites(endpoints, TEST_BASE, securitySchemes);
-
-    const outputDir = join(tmpDir, "generated");
-    const { written } = await writeSuites(suites, outputDir);
-
-    // Find the pets suite (has auth + CRUD)
-    const petsFile = written.find((f) => f.includes("pets"))!;
-    expect(petsFile).toBeDefined();
-
-    // Write env file with auth credentials
-    const envPath = join(outputDir, ".env.yaml");
-    await writeFile(envPath, "auth_username: admin\nauth_password: admin\n");
-
-    // Parse and run the generated tests
-    const suite = await parseFile(petsFile);
-
-    // Login step should be generated first
-    expect(suite.tests[0]!.name).toBe("Auth: Login");
-
-    // Suite headers should include Bearer auth
-    expect(suite.headers?.Authorization).toBe("Bearer {{auth_token}}");
-
-    // Load env vars
-    const envText = await Bun.file(envPath).text();
-    const env = Bun.YAML.parse(envText) as Record<string, string>;
-
-    const result = await runSuite(suite, env);
-
-    // Login should pass and capture token
-    const loginResult = result.steps[0]!;
-    expect(loginResult.status).toBe("pass");
-    expect(loginResult.captures.auth_token).toBeDefined();
-    expect(typeof loginResult.captures.auth_token).toBe("string");
-
-    // Create pet should pass (uses captured token)
-    const createResult = result.steps.find((s) => s.name === "Create a pet");
-    expect(createResult?.status).toBe("pass");
-    expect(createResult?.response?.status).toBe(201);
-
-    // List pets should pass
-    const listResult = result.steps.find((s) => s.name === "List all pets");
-    expect(listResult?.status).toBe("pass");
-    expect(listResult?.response?.status).toBe(200);
-
-    expect(result.passed).toBeGreaterThanOrEqual(3);
-  }, 30000);
+  test.skip("generate auth-aware tests from live spec, then run them", () => {
+    // skeleton.ts was removed; this test needs to be rewritten
+  });
 });

package/tests/mcp/setup-api.test.ts

@@ -69,7 +69,7 @@ describe("setupApi", () => {
   });
 
   test("duplicate name throws error", async () => {
-    mockFindCollectionByNameOrId.mockImplementation(() => ({ id: 1, name: "petstore" }));
+    mockFindCollectionByNameOrId.mockImplementation(() => ({ id: 1, name: "petstore" }) as any);
 
     await expect(setupApi({
       name: "petstore",