@lumenflow/cli 2.2.2 → 2.3.2

package/dist/__tests__/merge-block.test.js

@@ -0,0 +1,220 @@
+/**
+ * @file merge-block.test.ts
+ * Tests for merge block functionality (WU-1171)
+ *
+ * Tests the LUMENFLOW:START/END block insertion and update logic
+ * that enables safe, idempotent merging of LumenFlow config into existing files.
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+// Import the functions we'll implement
+import { detectLineEnding, extractMergeBlock, insertMergeBlock, updateMergeBlock, } from '../merge-block.js';
+describe('merge-block', () => {
+    let tempDir;
+    beforeEach(() => {
+        tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'merge-block-test-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tempDir, { recursive: true, force: true });
+    });
+    describe('detectLineEnding', () => {
+        it('should detect LF line endings', () => {
+            const content = 'line1\nline2\nline3\n';
+            expect(detectLineEnding(content)).toBe('\n');
+        });
+        it('should detect CRLF line endings', () => {
+            const content = 'line1\r\nline2\r\nline3\r\n';
+            expect(detectLineEnding(content)).toBe('\r\n');
+        });
+        it('should default to LF for empty content', () => {
+            expect(detectLineEnding('')).toBe('\n');
+        });
+        it('should default to LF for content without line endings', () => {
+            expect(detectLineEnding('single line')).toBe('\n');
+        });
+        it('should use majority line ending when mixed', () => {
+            const content = 'line1\r\nline2\r\nline3\n';
+            // 2 CRLF vs 1 LF, should detect CRLF
+            expect(detectLineEnding(content)).toBe('\r\n');
+        });
+    });
+    describe('extractMergeBlock', () => {
+        it('should extract content between LUMENFLOW:START and LUMENFLOW:END markers', () => {
+            const content = `# My Project
+
+<!-- LUMENFLOW:START -->
+This is LumenFlow content.
+<!-- LUMENFLOW:END -->
+
+Other content
+`;
+            const result = extractMergeBlock(content);
+            expect(result.found).toBe(true);
+            expect(result.content).toBe('This is LumenFlow content.');
+            expect(result.startIndex).toBeGreaterThan(0);
+            expect(result.endIndex).toBeGreaterThan(result.startIndex);
+        });
+        it('should return not found when no markers exist', () => {
+            const content = '# My Project\n\nNo LumenFlow content here.';
+            const result = extractMergeBlock(content);
+            expect(result.found).toBe(false);
+            expect(result.content).toBeUndefined();
+        });
+        it('should handle malformed markers (only START)', () => {
+            const content = `# My Project
+
+<!-- LUMENFLOW:START -->
+Incomplete block
+`;
+            const result = extractMergeBlock(content);
+            expect(result.found).toBe(false);
+            expect(result.malformed).toBe(true);
+            expect(result.malformedReason).toBe('missing-end');
+        });
+        it('should handle malformed markers (only END)', () => {
+            const content = `# My Project
+
+Some content
+<!-- LUMENFLOW:END -->
+`;
+            const result = extractMergeBlock(content);
+            expect(result.found).toBe(false);
+            expect(result.malformed).toBe(true);
+            expect(result.malformedReason).toBe('missing-start');
+        });
+        it('should handle multiple START markers', () => {
+            const content = `<!-- LUMENFLOW:START -->
+First block
+<!-- LUMENFLOW:START -->
+Second start
+<!-- LUMENFLOW:END -->
+`;
+            const result = extractMergeBlock(content);
+            expect(result.malformed).toBe(true);
+            expect(result.malformedReason).toBe('multiple-start');
+        });
+    });
+    describe('insertMergeBlock', () => {
+        it('should append block to end of file', () => {
+            const originalContent = '# My Project\n\nExisting content.\n';
+            const blockContent = 'LumenFlow configuration goes here.';
+            const result = insertMergeBlock(originalContent, blockContent);
+            expect(result).toContain('<!-- LUMENFLOW:START -->');
+            expect(result).toContain(blockContent);
+            expect(result).toContain('<!-- LUMENFLOW:END -->');
+            expect(result.startsWith('# My Project')).toBe(true);
+        });
+        it('should preserve original line endings (LF)', () => {
+            const originalContent = '# My Project\nExisting content.\n';
+            const blockContent = 'New content';
+            const result = insertMergeBlock(originalContent, blockContent);
+            // Should not contain CRLF
+            expect(result).not.toContain('\r\n');
+            expect(result).toContain('\n');
+        });
+        it('should preserve original line endings (CRLF)', () => {
+            const originalContent = '# My Project\r\nExisting content.\r\n';
+            const blockContent = 'New content';
+            const result = insertMergeBlock(originalContent, blockContent);
+            // Should contain CRLF
+            expect(result).toContain('\r\n');
+        });
+        it('should add blank line before block if not present', () => {
+            const originalContent = '# My Project\nNo trailing newline';
+            const blockContent = 'New content';
+            const result = insertMergeBlock(originalContent, blockContent);
+            // Should have separation between original and block
+            expect(result).toMatch(/No trailing newline\n\n<!-- LUMENFLOW:START -->/);
+        });
+    });
+    describe('updateMergeBlock', () => {
+        it('should replace existing block content', () => {
+            const originalContent = `# My Project
+
+<!-- LUMENFLOW:START -->
+Old LumenFlow content.
+<!-- LUMENFLOW:END -->
+
+Other content
+`;
+            const newBlockContent = 'New LumenFlow content.';
+            const result = updateMergeBlock(originalContent, newBlockContent);
+            expect(result.content).toContain('New LumenFlow content.');
+            expect(result.content).not.toContain('Old LumenFlow content.');
+            expect(result.content).toContain('Other content');
+            expect(result.updated).toBe(true);
+        });
+        it('should preserve content before and after the block', () => {
+            const originalContent = `# Header
+
+Before the block.
+
+<!-- LUMENFLOW:START -->
+Old content
+<!-- LUMENFLOW:END -->
+
+After the block.
+`;
+            const newBlockContent = 'Updated content';
+            const result = updateMergeBlock(originalContent, newBlockContent);
+            expect(result.content).toContain('# Header');
+            expect(result.content).toContain('Before the block.');
+            expect(result.content).toContain('After the block.');
+        });
+        it('should preserve original line endings when updating', () => {
+            const originalContent = `# Project\r\n\r\n<!-- LUMENFLOW:START -->\r\nOld\r\n<!-- LUMENFLOW:END -->\r\n`;
+            const newBlockContent = 'New';
+            const result = updateMergeBlock(originalContent, newBlockContent);
+            // All line endings in result should be CRLF
+            const lfCount = (result.content.match(/(?<!\r)\n/g) || []).length;
+            expect(lfCount).toBe(0); // No standalone LF
+        });
+        it('should insert block when no existing block (append mode)', () => {
+            const originalContent = '# Project\n\nNo block here.\n';
+            const newBlockContent = 'New content';
+            const result = updateMergeBlock(originalContent, newBlockContent);
+            expect(result.content).toContain('<!-- LUMENFLOW:START -->');
+            expect(result.content).toContain(newBlockContent);
+            expect(result.updated).toBe(true);
+            expect(result.wasInserted).toBe(true);
+        });
+        it('should warn and append fresh block on malformed markers', () => {
+            const originalContent = `# Project
+
+<!-- LUMENFLOW:START -->
+Incomplete block without end marker
+`;
+            const newBlockContent = 'Fresh content';
+            const result = updateMergeBlock(originalContent, newBlockContent);
+            expect(result.warning).toContain('malformed');
+            expect(result.content).toContain('<!-- LUMENFLOW:START -->');
+            expect(result.content).toContain('Fresh content');
+            expect(result.content).toContain('<!-- LUMENFLOW:END -->');
+        });
+    });
+    describe('idempotency', () => {
+        it('should produce identical output when run twice with same input', () => {
+            const originalContent = '# My Project\n\nSome content.\n';
+            const blockContent = 'LumenFlow configuration';
+            // First merge
+            const firstResult = updateMergeBlock(originalContent, blockContent);
+            // Second merge with same block content
+            const secondResult = updateMergeBlock(firstResult.content, blockContent);
+            expect(firstResult.content).toBe(secondResult.content);
+        });
+        it('should not modify file when block content is unchanged', () => {
+            const existingContent = `# Project
+
+<!-- LUMENFLOW:START -->
+Same content
+<!-- LUMENFLOW:END -->
+`;
+            const blockContent = 'Same content';
+            const result = updateMergeBlock(existingContent, blockContent);
+            expect(result.unchanged).toBe(true);
+            expect(result.content).toBe(existingContent);
+        });
+    });
+});

package/dist/__tests__/release.test.js

@@ -135,6 +135,67 @@ describe('release command integration', () => {
         expect(typeof module.updatePackageVersions).toBe('function');
     });
 });
+/**
+ * WU-1296: Tests for release flow trunk protection compatibility
+ *
+ * Verifies:
+ * - RELEASE_WU_TOOL constant is exported for pre-push hook bypass
+ * - withReleaseEnv helper sets LUMENFLOW_WU_TOOL=release during execution
+ * - Environment is properly restored after execution (including on error)
+ */
+describe('WU-1296: release flow trunk protection compatibility', () => {
+    it('should export RELEASE_WU_TOOL constant for pre-push hook bypass', async () => {
+        const { RELEASE_WU_TOOL } = await import('../release.js');
+        expect(RELEASE_WU_TOOL).toBe('release');
+    });
+    it('should export withReleaseEnv helper for setting LUMENFLOW_WU_TOOL', async () => {
+        const { withReleaseEnv } = await import('../release.js');
+        expect(typeof withReleaseEnv).toBe('function');
+    });
+    it('withReleaseEnv should set and restore LUMENFLOW_WU_TOOL', async () => {
+        const { withReleaseEnv } = await import('../release.js');
+        // Save original value
+        const originalValue = process.env.LUMENFLOW_WU_TOOL;
+        let capturedValue;
+        await withReleaseEnv(async () => {
+            capturedValue = process.env.LUMENFLOW_WU_TOOL;
+        });
+        expect(capturedValue).toBe('release');
+        expect(process.env.LUMENFLOW_WU_TOOL).toBe(originalValue);
+    });
+    it('withReleaseEnv should restore LUMENFLOW_WU_TOOL even on error', async () => {
+        const { withReleaseEnv } = await import('../release.js');
+        // Save original value
+        const originalValue = process.env.LUMENFLOW_WU_TOOL;
+        try {
+            await withReleaseEnv(async () => {
+                throw new Error('Test error');
+            });
+        }
+        catch {
+            // Expected to throw
+        }
+        expect(process.env.LUMENFLOW_WU_TOOL).toBe(originalValue);
+    });
+    it('withReleaseEnv should preserve existing LUMENFLOW_WU_TOOL value', async () => {
+        const { withReleaseEnv } = await import('../release.js');
+        // Set a specific value before running
+        const testValue = 'wu-done';
+        process.env.LUMENFLOW_WU_TOOL = testValue;
+        try {
+            let capturedValue;
+            await withReleaseEnv(async () => {
+                capturedValue = process.env.LUMENFLOW_WU_TOOL;
+            });
+            expect(capturedValue).toBe('release');
+            expect(process.env.LUMENFLOW_WU_TOOL).toBe(testValue);
+        }
+        finally {
+            // Cleanup
+            delete process.env.LUMENFLOW_WU_TOOL;
+        }
+    });
+});
 /**
  * WU-1077: Tests for release script bug fixes
  *

package/dist/__tests__/safe-git.test.js

@@ -0,0 +1,191 @@
+/* eslint-disable sonarjs/no-os-command-from-path -- Test file needs to execute git commands */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { execFileSync } from 'node:child_process';
+import path from 'node:path';
+import fs from 'node:fs';
+import os from 'node:os';
+const CLI_SAFE_GIT_PATH = path.resolve(__dirname, '../../bin/safe-git');
+const SCRIPTS_SAFE_GIT_PATH = path.resolve(__dirname, '../../../../../scripts/safe-git');
+// Constants for duplicate strings
+const SHOULD_HAVE_THROWN = 'Should have thrown an error';
+const GIT_CMD = 'git';
+const USER_EMAIL_CONFIG = 'user.email';
+const USER_NAME_CONFIG = 'user.name';
+const TEST_EMAIL = 'test@test.com';
+const TEST_USERNAME = 'Test';
+const FORCE_BYPASSES_LOG = 'force-bypasses.log';
+// Create a temporary directory for testing to avoid polluting the real .beacon directory
+const createTempDir = () => {
+    return fs.mkdtempSync(path.join(os.tmpdir(), 'safe-git-test-'));
+};
+describe('safe-git', () => {
+    // We mock child_process execution where possible, but for integration testing a script
+    // we often execute it directly. Since safe-git is a shell script, we executed it.
+    it('should fail when running "worktree remove" (CLI wrapper)', () => {
+        try {
+            execFileSync(CLI_SAFE_GIT_PATH, ['worktree', 'remove', 'some-path'], { stdio: 'pipe' });
+            expect.fail(SHOULD_HAVE_THROWN);
+        }
+        catch (error) {
+            const err = error;
+            expect(err.status).toBe(1);
+            expect(err.stderr.toString()).toContain("BLOCKED: Manual 'git worktree remove' is unsafe");
+        }
+    });
+    it('should fail when running "worktree remove" (scripts wrapper)', () => {
+        try {
+            execFileSync(SCRIPTS_SAFE_GIT_PATH, ['worktree', 'remove', 'some-path'], { stdio: 'pipe' });
+            expect.fail(SHOULD_HAVE_THROWN);
+        }
+        catch (error) {
+            const err = error;
+            expect(err.status).toBe(1);
+            expect(err.stderr.toString()).toContain('Manual');
+            expect(err.stderr.toString()).toContain('worktree remove');
+        }
+    });
+    it('should fail when running "reset --hard" (scripts wrapper)', () => {
+        try {
+            execFileSync(SCRIPTS_SAFE_GIT_PATH, ['reset', '--hard', 'HEAD'], { stdio: 'pipe' });
+            expect.fail(SHOULD_HAVE_THROWN);
+        }
+        catch (error) {
+            const err = error;
+            expect(err.status).toBe(1);
+            expect(err.stderr.toString()).toContain('reset --hard');
+        }
+    });
+    it('should fail when running "clean -fd" (scripts wrapper)', () => {
+        try {
+            execFileSync(SCRIPTS_SAFE_GIT_PATH, ['clean', '-fd'], { stdio: 'pipe' });
+            expect.fail(SHOULD_HAVE_THROWN);
+        }
+        catch (error) {
+            const err = error;
+            expect(err.status).toBe(1);
+            expect(err.stderr.toString()).toContain('clean -fd');
+        }
+    });
+    it('should fail when running "push --force" (scripts wrapper)', () => {
+        try {
+            execFileSync(SCRIPTS_SAFE_GIT_PATH, ['push', '--force'], { stdio: 'pipe' });
+            expect.fail(SHOULD_HAVE_THROWN);
+        }
+        catch (error) {
+            const err = error;
+            expect(err.status).toBe(1);
+            expect(err.stderr.toString()).toContain('push --force');
+        }
+    });
+    it('should pass through safe commands', () => {
+        // We verify it calls git by mocking git or checking output.
+        // Since we can't easily mock the system git in a real shell script execution without PATH manip,
+        // we'll check that it runs git --version correctly.
+        const output = execFileSync(CLI_SAFE_GIT_PATH, ['--version'], { encoding: 'utf-8' });
+        expect(output).toContain('git version');
+    });
+    describe('LUMENFLOW_FORCE bypass', () => {
+        let tempDir;
+        beforeEach(() => {
+            tempDir = createTempDir();
+        });
+        afterEach(() => {
+            // Clean up temp directory
+            fs.rmSync(tempDir, { recursive: true, force: true });
+        });
+        it('should bypass blocked commands when LUMENFLOW_FORCE=1', () => {
+            // Using git --version as a safe test with force flag
+            // The key is that the env var should be respected and not block
+            const output = execFileSync(SCRIPTS_SAFE_GIT_PATH, ['--version'], {
+                encoding: 'utf-8',
+                env: { ...process.env, LUMENFLOW_FORCE: '1' },
+            });
+            expect(output).toContain('git version');
+        });
+        it('should log bypass to force-bypasses.log when LUMENFLOW_FORCE=1', () => {
+            // We need to test that a blocked command, when forced, writes to the audit log
+            // Since reset --hard is dangerous, we use a mock approach
+            // The script should create the audit log entry before executing
+            // Create a temporary git repo for this test
+            const testRepo = path.join(tempDir, 'test-repo');
+            fs.mkdirSync(testRepo, { recursive: true });
+            execFileSync(GIT_CMD, ['init'], { cwd: testRepo, stdio: 'pipe' });
+            execFileSync(GIT_CMD, ['config', USER_EMAIL_CONFIG, TEST_EMAIL], {
+                cwd: testRepo,
+                stdio: 'pipe',
+            });
+            execFileSync(GIT_CMD, ['config', USER_NAME_CONFIG, TEST_USERNAME], {
+                cwd: testRepo,
+                stdio: 'pipe',
+            });
+            // Create a file and commit
+            fs.writeFileSync(path.join(testRepo, 'test.txt'), 'test');
+            execFileSync(GIT_CMD, ['add', '.'], { cwd: testRepo, stdio: 'pipe' });
+            execFileSync(GIT_CMD, ['commit', '-m', 'init'], { cwd: testRepo, stdio: 'pipe' });
+            // Run safe-git with force to reset --hard (should succeed with log)
+            execFileSync(SCRIPTS_SAFE_GIT_PATH, ['reset', '--hard', 'HEAD'], {
+                cwd: testRepo,
+                encoding: 'utf-8',
+                env: { ...process.env, LUMENFLOW_FORCE: '1' },
+            });
+            // Check that the force bypass log exists and contains the entry
+            const bypassLog = path.join(testRepo, '.beacon', FORCE_BYPASSES_LOG);
+            expect(fs.existsSync(bypassLog)).toBe(true);
+            const logContent = fs.readFileSync(bypassLog, 'utf-8');
+            expect(logContent).toContain('reset --hard');
+            expect(logContent).toContain('BYPASSED');
+        });
+        it('should include LUMENFLOW_FORCE_REASON in audit log when provided', () => {
+            const testRepo = path.join(tempDir, 'test-repo-reason');
+            fs.mkdirSync(testRepo, { recursive: true });
+            execFileSync(GIT_CMD, ['init'], { cwd: testRepo, stdio: 'pipe' });
+            execFileSync(GIT_CMD, ['config', USER_EMAIL_CONFIG, TEST_EMAIL], {
+                cwd: testRepo,
+                stdio: 'pipe',
+            });
+            execFileSync(GIT_CMD, ['config', USER_NAME_CONFIG, TEST_USERNAME], {
+                cwd: testRepo,
+                stdio: 'pipe',
+            });
+            fs.writeFileSync(path.join(testRepo, 'test.txt'), 'test');
+            execFileSync(GIT_CMD, ['add', '.'], { cwd: testRepo, stdio: 'pipe' });
+            execFileSync(GIT_CMD, ['commit', '-m', 'init'], { cwd: testRepo, stdio: 'pipe' });
+            const testReason = 'user-approved: testing bypass';
+            execFileSync(SCRIPTS_SAFE_GIT_PATH, ['reset', '--hard', 'HEAD'], {
+                cwd: testRepo,
+                encoding: 'utf-8',
+                env: { ...process.env, LUMENFLOW_FORCE: '1', LUMENFLOW_FORCE_REASON: testReason },
+            });
+            const bypassLog = path.join(testRepo, '.beacon', FORCE_BYPASSES_LOG);
+            const logContent = fs.readFileSync(bypassLog, 'utf-8');
+            expect(logContent).toContain(testReason);
+        });
+        it('should print warning when LUMENFLOW_FORCE used without REASON', () => {
+            const testRepo = path.join(tempDir, 'test-repo-no-reason');
+            fs.mkdirSync(testRepo, { recursive: true });
+            execFileSync(GIT_CMD, ['init'], { cwd: testRepo, stdio: 'pipe' });
+            execFileSync(GIT_CMD, ['config', USER_EMAIL_CONFIG, TEST_EMAIL], {
+                cwd: testRepo,
+                stdio: 'pipe',
+            });
+            execFileSync(GIT_CMD, ['config', USER_NAME_CONFIG, TEST_USERNAME], {
+                cwd: testRepo,
+                stdio: 'pipe',
+            });
+            fs.writeFileSync(path.join(testRepo, 'test.txt'), 'test');
+            execFileSync(GIT_CMD, ['add', '.'], { cwd: testRepo, stdio: 'pipe' });
+            execFileSync(GIT_CMD, ['commit', '-m', 'init'], { cwd: testRepo, stdio: 'pipe' });
+            // Execute with LUMENFLOW_FORCE=1 but no reason
+            execFileSync(SCRIPTS_SAFE_GIT_PATH, ['reset', '--hard', 'HEAD'], {
+                cwd: testRepo,
+                encoding: 'utf-8',
+                env: { ...process.env, LUMENFLOW_FORCE: '1' },
+                stdio: ['pipe', 'pipe', 'pipe'],
+            });
+            // Check the bypasslog for the NO_REASON marker
+            const bypassLog = path.join(testRepo, '.beacon', FORCE_BYPASSES_LOG);
+            const logContent = fs.readFileSync(bypassLog, 'utf-8');
+            expect(logContent).toContain('NO_REASON');
+        });
+    });
+});