@m-kopa/launchpad-cli 0.23.0

package/skills/marquee-share/tests/cli.test.ts

@@ -0,0 +1,281 @@
+// Tests for the CLI dispatcher of the Marquee share skill (Task 5).
+//
+// `run()` from `src/cli.ts` is the testable core: every side effect
+// (argv, stdin, the filesystem, the auth/upload operations, and the
+// two output streams) is injected. These tests drive `run()` with
+// fakes only — they never open a browser, touch the network, or read
+// the real session file. This matches the injection style of
+// `tests/flow.test.ts` and `tests/upload.test.ts`.
+//
+// What is pinned:
+//   * Subcommand routing — `login`/`logout`/`share` reach the right
+//     operation; unknown / missing commands print usage + fail.
+//   * The `share` path reads its document (from a file arg AND from
+//     stdin), wraps+uploads it, and prints ONLY the `view_url` to
+//     stdout — nothing else on the success path.
+//   * Errors from the upload layer surface as a clean stderr line and
+//     a non-zero exit code, never a stack, never a token.
+
+import { describe, expect, test, vi } from "vitest";
+import { run, type RunDeps } from "../src/cli.js";
+import type { ShareInput, ShareResult } from "../src/upload/index.js";
+
+const VIEW_URL = "https://marquee.launchpad.m-kopa.us/v/abc123def456ghi7";
+
+/** Captures everything written to the two line sinks. */
+interface Sinks {
+  out: string[];
+  err: string[];
+}
+
+/**
+ * Build a `RunDeps` with safe fakes. Every operation defaults to a
+ * spy that records its call; individual tests override what they
+ * care about. Nothing here touches the network, browser, or disk.
+ */
+function makeDeps(
+  argv: readonly string[],
+  overrides: Partial<RunDeps> = {},
+): { deps: RunDeps; sinks: Sinks } {
+  const sinks: Sinks = { out: [], err: [] };
+  const deps: RunDeps = {
+    argv,
+    stdout: (line) => sinks.out.push(line),
+    stderr: (line) => sinks.err.push(line),
+    readStdin: vi.fn(async () => ""),
+    readFile: vi.fn(async () => ""),
+    login: vi.fn(async () => ({
+      version: 1 as const,
+      accessToken: "x",
+      refreshToken: "y",
+      accessTokenExpiresAt: Date.now() + 1000,
+      clientId: "cid",
+      tokenEndpoint: "https://auth.example/token",
+      resource: "https://marquee.launchpad.m-kopa.us",
+      issuedAt: new Date().toISOString(),
+    })),
+    logout: vi.fn(async () => true),
+    shareToMarquee: vi.fn(
+      async (_input: ShareInput): Promise<ShareResult> => ({
+        viewUrl: VIEW_URL,
+        id: "abc123def456ghi7",
+      }),
+    ),
+    ...overrides,
+  };
+  return { deps, sinks };
+}
+
+describe("run — subcommand routing", () => {
+  test("`login` invokes the auth login operation and exits 0", async () => {
+    const { deps } = makeDeps(["login"]);
+    const code = await run(deps);
+    expect(code).toBe(0);
+    expect(deps.login).toHaveBeenCalledTimes(1);
+    expect(deps.logout).not.toHaveBeenCalled();
+    expect(deps.shareToMarquee).not.toHaveBeenCalled();
+  });
+
+  test("`logout` invokes the auth logout operation and exits 0", async () => {
+    const { deps } = makeDeps(["logout"]);
+    const code = await run(deps);
+    expect(code).toBe(0);
+    expect(deps.logout).toHaveBeenCalledTimes(1);
+    expect(deps.login).not.toHaveBeenCalled();
+  });
+
+  test("`share` invokes the wrap+upload operation", async () => {
+    const { deps } = makeDeps(["share"], {
+      readStdin: vi.fn(async () => "<p>hello</p>"),
+    });
+    const code = await run(deps);
+    expect(code).toBe(0);
+    expect(deps.shareToMarquee).toHaveBeenCalledTimes(1);
+  });
+
+  test("an unknown command prints an error + usage and exits non-zero", async () => {
+    const { deps, sinks } = makeDeps(["frobnicate"]);
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(sinks.err.join("\n")).toContain("unknown command");
+    expect(sinks.err.join("\n")).toContain("Usage:");
+    expect(sinks.out).toHaveLength(0);
+  });
+
+  test("no command at all prints usage and exits non-zero", async () => {
+    const { deps, sinks } = makeDeps([]);
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(sinks.err.join("\n")).toContain("Usage:");
+  });
+
+  test("`--help` prints usage and exits 0", async () => {
+    const { deps, sinks } = makeDeps(["--help"]);
+    const code = await run(deps);
+    expect(code).toBe(0);
+    expect(sinks.err.join("\n")).toContain("Usage:");
+  });
+});
+
+describe("run — the share path reads input and prints the view_url", () => {
+  test("reads the document from stdin when no file arg is given", async () => {
+    const readStdin = vi.fn(async () => "<h1>From stdin</h1>");
+    const readFile = vi.fn(async () => "should-not-be-read");
+    const { deps } = makeDeps(["share"], { readStdin, readFile });
+    await run(deps);
+    expect(readStdin).toHaveBeenCalledTimes(1);
+    expect(readFile).not.toHaveBeenCalled();
+    expect(deps.shareToMarquee).toHaveBeenCalledWith(
+      expect.objectContaining({ contentHtml: "<h1>From stdin</h1>" }),
+    );
+  });
+
+  test("reads the document from a file argument when one is given", async () => {
+    const readStdin = vi.fn(async () => "should-not-be-read");
+    const readFile = vi.fn(async () => "<h1>From file</h1>");
+    const { deps } = makeDeps(["share", "report.html"], {
+      readStdin,
+      readFile,
+    });
+    await run(deps);
+    expect(readFile).toHaveBeenCalledWith("report.html");
+    expect(readStdin).not.toHaveBeenCalled();
+    expect(deps.shareToMarquee).toHaveBeenCalledWith(
+      expect.objectContaining({ contentHtml: "<h1>From file</h1>" }),
+    );
+  });
+
+  test("prints ONLY the view_url to stdout on success", async () => {
+    const { deps, sinks } = makeDeps(["share"], {
+      readStdin: vi.fn(async () => "<p>x</p>"),
+    });
+    const code = await run(deps);
+    expect(code).toBe(0);
+    // Exactly one line on stdout, and it is the URL — nothing else.
+    expect(sinks.out).toEqual([VIEW_URL]);
+  });
+
+  test("passes a --title through to the upload layer", async () => {
+    const { deps } = makeDeps(["share", "--title", "Quarterly Report"], {
+      readStdin: vi.fn(async () => "<p>x</p>"),
+    });
+    await run(deps);
+    expect(deps.shareToMarquee).toHaveBeenCalledWith(
+      expect.objectContaining({ title: "Quarterly Report" }),
+    );
+  });
+
+  test("--title=value form is also accepted", async () => {
+    const { deps } = makeDeps(["share", "--title=Inline Title", "doc.html"], {
+      readFile: vi.fn(async () => "<p>x</p>"),
+    });
+    await run(deps);
+    expect(deps.shareToMarquee).toHaveBeenCalledWith(
+      expect.objectContaining({
+        title: "Inline Title",
+        contentHtml: "<p>x</p>",
+      }),
+    );
+  });
+
+  test("defaults the title when --title is omitted", async () => {
+    const { deps } = makeDeps(["share"], {
+      readStdin: vi.fn(async () => "<p>x</p>"),
+    });
+    await run(deps);
+    expect(deps.shareToMarquee).toHaveBeenCalledWith(
+      expect.objectContaining({ title: "Shared via Marquee" }),
+    );
+  });
+
+  test("empty input is rejected before any upload is attempted", async () => {
+    const { deps, sinks } = makeDeps(["share"], {
+      readStdin: vi.fn(async () => "   \n  "),
+    });
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(deps.shareToMarquee).not.toHaveBeenCalled();
+    expect(sinks.err.join("\n")).toContain("empty");
+    expect(sinks.out).toHaveLength(0);
+  });
+});
+
+describe("run — errors surface cleanly", () => {
+  test("an upload failure exits non-zero with a stderr message, no stdout", async () => {
+    const { deps, sinks } = makeDeps(["share"], {
+      readStdin: vi.fn(async () => "<p>x</p>"),
+      shareToMarquee: vi.fn(async () => {
+        throw new Error("Marquee upload failed with HTTP 413");
+      }),
+    });
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(sinks.out).toHaveLength(0);
+    expect(sinks.err.join("\n")).toContain("error:");
+    expect(sinks.err.join("\n")).toContain("HTTP 413");
+  });
+
+  test("a missing file surfaces the read error cleanly", async () => {
+    const { deps, sinks } = makeDeps(["share", "nope.html"], {
+      readFile: vi.fn(async () => {
+        throw new Error("ENOENT: no such file or directory, open 'nope.html'");
+      }),
+    });
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(sinks.err.join("\n")).toContain("error:");
+    expect(deps.shareToMarquee).not.toHaveBeenCalled();
+  });
+
+  test("a thrown error never leaks a token-shaped string to any sink", async () => {
+    const secret = "SENTINEL-CLI-TOKEN-cafebabe";
+    const { deps, sinks } = makeDeps(["share"], {
+      readStdin: vi.fn(async () => "<p>x</p>"),
+      // A misbehaving dependency whose error carries the secret in
+      // fields the CLI must NOT surface — the `stack` and a custom
+      // property — while its `message` stays clean. The CLI prints
+      // only `error.message`; this test pins that it does not ALSO
+      // dump the error object, its stack, or its extra properties.
+      // (The real upload layer already strips secrets from messages
+      // — see upload.test.ts.) If the CLI ever widened to print the
+      // whole error, the sentinel would leak and this test would
+      // fail — which it could not do when the error carried no
+      // sentinel at all.
+      shareToMarquee: vi.fn(async () => {
+        const err = new Error("upload failed") as Error & {
+          tokenContext?: string;
+        };
+        err.stack = `Error: upload failed\n    at leak (${secret})`;
+        err.tokenContext = `Bearer ${secret}`;
+        throw err;
+      }),
+    });
+    await run(deps);
+    const all = [...sinks.out, ...sinks.err].join("\n");
+    expect(all).not.toContain(secret);
+  });
+
+  test("--title without a value is a clean usage error", async () => {
+    const { deps, sinks } = makeDeps(["share", "--title"], {
+      readStdin: vi.fn(async () => "<p>x</p>"),
+    });
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(sinks.err.join("\n")).toContain("--title requires a value");
+    expect(deps.shareToMarquee).not.toHaveBeenCalled();
+  });
+
+  test("an unknown option to share is rejected", async () => {
+    const { deps, sinks } = makeDeps(["share", "--bogus"]);
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(sinks.err.join("\n")).toContain("unknown option");
+  });
+
+  test("a second positional file argument is rejected", async () => {
+    const { deps, sinks } = makeDeps(["share", "a.html", "b.html"]);
+    const code = await run(deps);
+    expect(code).toBe(1);
+    expect(sinks.err.join("\n")).toContain("at most one file");
+  });
+});

package/skills/marquee-share/tests/config.test.ts

@@ -0,0 +1,119 @@
+// Config-loading tests for the Marquee share skill.
+//
+// Covers: the default resource URL, env overrides, trailing-slash
+// trimming, the URL-scheme policy (https any host; http loopback
+// only), and the blank/whitespace-only env override fall-back.
+
+import { describe, expect, test } from "vitest";
+import * as os from "node:os";
+import * as path from "node:path";
+import { loadConfig, DEFAULT_RESOURCE_URL } from "../src/config.js";
+
+const DEFAULT_SESSION_PATH = path.join(
+  os.homedir(),
+  ".marquee",
+  "session.json",
+);
+
+describe("loadConfig — defaults", () => {
+  test("uses bundled defaults when no env vars are set", () => {
+    const config = loadConfig({});
+    expect(config.resourceUrl).toBe(DEFAULT_RESOURCE_URL);
+    expect(config.sessionPath).toBe(DEFAULT_SESSION_PATH);
+  });
+});
+
+describe("loadConfig — overrides", () => {
+  test("MARQUEE_RESOURCE_URL overrides the resource URL", () => {
+    const config = loadConfig({
+      MARQUEE_RESOURCE_URL: "https://preview.example.com",
+    });
+    expect(config.resourceUrl).toBe("https://preview.example.com");
+  });
+
+  test("trims trailing slashes from the resource URL", () => {
+    const config = loadConfig({
+      MARQUEE_RESOURCE_URL: "https://preview.example.com///",
+    });
+    expect(config.resourceUrl).toBe("https://preview.example.com");
+  });
+
+  test("MARQUEE_SESSION_PATH overrides the session path", () => {
+    const config = loadConfig({ MARQUEE_SESSION_PATH: "/tmp/sess.json" });
+    expect(config.sessionPath).toBe("/tmp/sess.json");
+  });
+});
+
+describe("loadConfig — blank env overrides fall back to defaults", () => {
+  test("empty MARQUEE_RESOURCE_URL is treated as unset", () => {
+    expect(loadConfig({ MARQUEE_RESOURCE_URL: "" }).resourceUrl).toBe(
+      DEFAULT_RESOURCE_URL,
+    );
+  });
+
+  test("whitespace-only MARQUEE_RESOURCE_URL is treated as unset", () => {
+    expect(loadConfig({ MARQUEE_RESOURCE_URL: "   \t " }).resourceUrl).toBe(
+      DEFAULT_RESOURCE_URL,
+    );
+  });
+
+  test("empty MARQUEE_SESSION_PATH is treated as unset", () => {
+    expect(loadConfig({ MARQUEE_SESSION_PATH: "" }).sessionPath).toBe(
+      DEFAULT_SESSION_PATH,
+    );
+  });
+
+  test("whitespace-only MARQUEE_SESSION_PATH is treated as unset", () => {
+    expect(loadConfig({ MARQUEE_SESSION_PATH: "  " }).sessionPath).toBe(
+      DEFAULT_SESSION_PATH,
+    );
+  });
+
+  test("a surrounding-whitespace value is trimmed, not discarded", () => {
+    const config = loadConfig({
+      MARQUEE_RESOURCE_URL: "  https://preview.example.com  ",
+    });
+    expect(config.resourceUrl).toBe("https://preview.example.com");
+  });
+});
+
+describe("loadConfig — URL scheme policy", () => {
+  test("accepts https: for an arbitrary host", () => {
+    expect(
+      loadConfig({ MARQUEE_RESOURCE_URL: "https://marquee.example.com" })
+        .resourceUrl,
+    ).toBe("https://marquee.example.com");
+  });
+
+  test.each([
+    "http://localhost",
+    "http://localhost:8788",
+    "http://127.0.0.1:3000",
+    "http://app.localhost:8788",
+    "http://[::1]:8788",
+  ])("accepts http: for loopback host %s", (url) => {
+    expect(loadConfig({ MARQUEE_RESOURCE_URL: url }).resourceUrl).toBe(url);
+  });
+
+  test.each([
+    "http://marquee.example.com",
+    "http://192.168.1.10:8788",
+    "http://evil.test",
+  ])("rejects http: for non-loopback host %s", (url) => {
+    expect(() => loadConfig({ MARQUEE_RESOURCE_URL: url })).toThrow(
+      /must use https: for non-loopback hosts/,
+    );
+  });
+
+  test("rejects a non-http(s) scheme", () => {
+    expect(() =>
+      loadConfig({ MARQUEE_RESOURCE_URL: "ftp://files.example.com" }),
+    ).toThrow(/must use https:/);
+  });
+
+  test("rejects a malformed URL", () => {
+    expect(() =>
+      loadConfig({ MARQUEE_RESOURCE_URL: "not-a-url" }),
+    ).toThrow(/must be a valid absolute URL/);
+  });
+});