@mainahq/core 0.2.0

package/src/verify/__tests__/proof.test.ts

@@ -0,0 +1,97 @@
+import { describe, expect, it } from "bun:test";
+import { formatVerificationProof, type VerificationProof } from "../proof";
+
+describe("formatVerificationProof", () => {
+	const baseProof: VerificationProof = {
+		pipeline: [
+			{ tool: "slop", findings: 0, duration: 234, skipped: false },
+			{ tool: "semgrep", findings: 0, duration: 1200, skipped: false },
+			{ tool: "trivy", findings: 0, duration: 3400, skipped: false },
+			{ tool: "secretlint", findings: 0, duration: 890, skipped: false },
+			{ tool: "sonarqube", findings: 0, duration: 0, skipped: true },
+			{ tool: "ai-review", findings: 0, duration: 2100, skipped: false },
+		],
+		pipelinePassed: true,
+		pipelineDuration: 9100,
+		tests: { passed: 980, failed: 0, files: 87 },
+		review: {
+			stage1Passed: true,
+			stage1Findings: 0,
+			stage2Passed: true,
+			stage2Findings: 1,
+		},
+		slop: { findings: 0 },
+		visual: { pages: 2, regressions: 0 },
+		workflowSummary: "# Workflow: feature/018\n\n## plan\nScaffolded.",
+	};
+
+	it("should include pipeline section with tool table", () => {
+		const md = formatVerificationProof(baseProof);
+		expect(md).toContain("## Verification Proof");
+		expect(md).toContain("Pipeline:");
+		expect(md).toContain("| slop |");
+		expect(md).toContain("| semgrep |");
+		expect(md).toContain("skipped");
+	});
+
+	it("should include test results", () => {
+		const md = formatVerificationProof(baseProof);
+		expect(md).toContain("Tests: 980 pass, 0 fail");
+	});
+
+	it("should include code review results", () => {
+		const md = formatVerificationProof(baseProof);
+		expect(md).toContain("Code Review");
+		expect(md).toContain("spec compliance");
+		expect(md).toContain("code quality");
+	});
+
+	it("should include slop results", () => {
+		const md = formatVerificationProof(baseProof);
+		expect(md).toContain("Slop: clean");
+	});
+
+	it("should include visual results", () => {
+		const md = formatVerificationProof(baseProof);
+		expect(md).toContain("Visual: 2 page(s)");
+	});
+
+	it("should include workflow context", () => {
+		const md = formatVerificationProof(baseProof);
+		expect(md).toContain("Workflow Context");
+		expect(md).toContain("feature/018");
+	});
+
+	it("should use collapsible details tags", () => {
+		const md = formatVerificationProof(baseProof);
+		expect(md).toContain("<details>");
+		expect(md).toContain("</details>");
+	});
+
+	it("should handle missing optional sections", () => {
+		const minimal: VerificationProof = {
+			pipeline: [],
+			pipelinePassed: true,
+			pipelineDuration: 0,
+			tests: null,
+			review: null,
+			slop: null,
+			visual: null,
+			workflowSummary: null,
+		};
+		const md = formatVerificationProof(minimal);
+		expect(md).toContain("## Verification Proof");
+		expect(md).not.toContain("Tests:");
+		expect(md).not.toContain("Visual:");
+	});
+
+	it("should show failure icons when checks fail", () => {
+		const failed: VerificationProof = {
+			...baseProof,
+			pipelinePassed: false,
+			tests: { passed: 978, failed: 2, files: 87 },
+		};
+		const md = formatVerificationProof(failed);
+		expect(md).toContain("❌");
+	});
+});

package/src/verify/__tests__/secretlint.test.ts

@@ -0,0 +1,190 @@
+import { describe, expect, it } from "bun:test";
+import { parseSecretlintOutput, runSecretlint } from "../secretlint";
+
+// ─── parseSecretlintOutput ─────────────────────────────────────────────────
+
+describe("parseSecretlintOutput", () => {
+	it("should return empty array for empty output", () => {
+		const findings = parseSecretlintOutput("");
+		expect(findings).toEqual([]);
+	});
+
+	it("should parse a single secret finding", () => {
+		const output = JSON.stringify([
+			{
+				filePath: "src/config.ts",
+				messages: [
+					{
+						ruleId: "@secretlint/secretlint-rule-preset-recommend",
+						message: "Found AWS Access Key ID",
+						range: [10, 30],
+						loc: {
+							start: { line: 5, column: 10 },
+							end: { line: 5, column: 30 },
+						},
+						severity: 2,
+					},
+				],
+			},
+		]);
+
+		const findings = parseSecretlintOutput(output);
+		expect(findings.length).toBe(1);
+		expect(findings[0]?.tool).toBe("secretlint");
+		expect(findings[0]?.file).toBe("src/config.ts");
+		expect(findings[0]?.line).toBe(5);
+		expect(findings[0]?.column).toBe(10);
+		expect(findings[0]?.message).toBe("Found AWS Access Key ID");
+		expect(findings[0]?.severity).toBe("error");
+		expect(findings[0]?.ruleId).toBe(
+			"@secretlint/secretlint-rule-preset-recommend",
+		);
+	});
+
+	it("should map severity levels correctly", () => {
+		const makeOutput = (severity: number) =>
+			JSON.stringify([
+				{
+					filePath: "file.ts",
+					messages: [
+						{
+							ruleId: "rule",
+							message: "msg",
+							loc: {
+								start: { line: 1, column: 0 },
+								end: { line: 1, column: 10 },
+							},
+							severity,
+						},
+					],
+				},
+			]);
+
+		// severity 2 = error, 1 = warning, 0 = info
+		expect(parseSecretlintOutput(makeOutput(2))[0]?.severity).toBe("error");
+		expect(parseSecretlintOutput(makeOutput(1))[0]?.severity).toBe("warning");
+		expect(parseSecretlintOutput(makeOutput(0))[0]?.severity).toBe("info");
+	});
+
+	it("should handle multiple files with multiple messages", () => {
+		const output = JSON.stringify([
+			{
+				filePath: "a.ts",
+				messages: [
+					{
+						ruleId: "rule-a",
+						message: "Secret A",
+						loc: {
+							start: { line: 1, column: 0 },
+							end: { line: 1, column: 10 },
+						},
+						severity: 2,
+					},
+					{
+						ruleId: "rule-b",
+						message: "Secret B",
+						loc: {
+							start: { line: 5, column: 3 },
+							end: { line: 5, column: 20 },
+						},
+						severity: 1,
+					},
+				],
+			},
+			{
+				filePath: "b.ts",
+				messages: [
+					{
+						ruleId: "rule-c",
+						message: "Secret C",
+						loc: {
+							start: { line: 10, column: 0 },
+							end: { line: 10, column: 30 },
+						},
+						severity: 2,
+					},
+				],
+			},
+		]);
+
+		const findings = parseSecretlintOutput(output);
+		expect(findings.length).toBe(3);
+		expect(findings[0]?.file).toBe("a.ts");
+		expect(findings[1]?.file).toBe("a.ts");
+		expect(findings[2]?.file).toBe("b.ts");
+	});
+
+	it("should handle files with empty messages array", () => {
+		const output = JSON.stringify([
+			{
+				filePath: "clean.ts",
+				messages: [],
+			},
+		]);
+		const findings = parseSecretlintOutput(output);
+		expect(findings).toEqual([]);
+	});
+
+	it("should return empty array for invalid JSON", () => {
+		const findings = parseSecretlintOutput("not valid json {{{");
+		expect(findings).toEqual([]);
+	});
+
+	it("should return empty array for malformed structure", () => {
+		const findings = parseSecretlintOutput(
+			JSON.stringify({ unexpected: true }),
+		);
+		expect(findings).toEqual([]);
+	});
+
+	it("should handle messages with missing loc gracefully", () => {
+		const output = JSON.stringify([
+			{
+				filePath: "file.ts",
+				messages: [
+					{
+						ruleId: "rule-x",
+						message: "No loc info",
+						severity: 2,
+					},
+				],
+			},
+		]);
+		const findings = parseSecretlintOutput(output);
+		expect(findings.length).toBe(1);
+		expect(findings[0]?.line).toBe(0);
+		expect(findings[0]?.column).toBeUndefined();
+	});
+});
+
+// ─── runSecretlint ─────────────────────────────────────────────────────────
+
+describe("runSecretlint", () => {
+	it("should skip when secretlint is not installed", async () => {
+		const result = await runSecretlint();
+		if (result.skipped) {
+			expect(result.findings).toEqual([]);
+			expect(result.skipped).toBe(true);
+		} else {
+			expect(Array.isArray(result.findings)).toBe(true);
+			expect(result.skipped).toBe(false);
+		}
+	});
+
+	it("should return correct result shape", async () => {
+		const result = await runSecretlint();
+		expect(result).toHaveProperty("findings");
+		expect(result).toHaveProperty("skipped");
+		expect(Array.isArray(result.findings)).toBe(true);
+		expect(typeof result.skipped).toBe("boolean");
+	});
+
+	it("should accept options without crashing", async () => {
+		const result = await runSecretlint({
+			files: ["nonexistent-file.ts"],
+			cwd: "/tmp",
+		});
+		expect(result).toHaveProperty("findings");
+		expect(result).toHaveProperty("skipped");
+	});
+});

package/src/verify/__tests__/semgrep.test.ts

@@ -0,0 +1,217 @@
+import { describe, expect, it } from "bun:test";
+import { parseSarif, runSemgrep } from "../semgrep";
+
+// ─── parseSarif ────────────────────────────────────────────────────────────
+
+describe("parseSarif", () => {
+	it("should return empty array for empty SARIF", () => {
+		const sarif = JSON.stringify({
+			runs: [{ results: [] }],
+		});
+		const findings = parseSarif(sarif);
+		expect(findings).toEqual([]);
+	});
+
+	it("should parse a single finding from SARIF", () => {
+		const sarif = JSON.stringify({
+			runs: [
+				{
+					results: [
+						{
+							ruleId: "javascript.express.security.audit.xss",
+							message: { text: "Found potential XSS vulnerability" },
+							locations: [
+								{
+									physicalLocation: {
+										artifactLocation: { uri: "src/api.ts" },
+										region: { startLine: 42, startColumn: 10 },
+									},
+								},
+							],
+							level: "error",
+						},
+					],
+				},
+			],
+		});
+
+		const findings = parseSarif(sarif);
+		expect(findings.length).toBe(1);
+		expect(findings[0]?.tool).toBe("semgrep");
+		expect(findings[0]?.file).toBe("src/api.ts");
+		expect(findings[0]?.line).toBe(42);
+		expect(findings[0]?.column).toBe(10);
+		expect(findings[0]?.message).toBe("Found potential XSS vulnerability");
+		expect(findings[0]?.severity).toBe("error");
+		expect(findings[0]?.ruleId).toBe("javascript.express.security.audit.xss");
+	});
+
+	it("should map SARIF levels to severity correctly", () => {
+		const makeSarif = (level: string) =>
+			JSON.stringify({
+				runs: [
+					{
+						results: [
+							{
+								ruleId: "rule1",
+								message: { text: "msg" },
+								locations: [
+									{
+										physicalLocation: {
+											artifactLocation: { uri: "file.ts" },
+											region: { startLine: 1 },
+										},
+									},
+								],
+								level,
+							},
+						],
+					},
+				],
+			});
+
+		expect(parseSarif(makeSarif("error"))[0]?.severity).toBe("error");
+		expect(parseSarif(makeSarif("warning"))[0]?.severity).toBe("warning");
+		expect(parseSarif(makeSarif("note"))[0]?.severity).toBe("info");
+		expect(parseSarif(makeSarif("none"))[0]?.severity).toBe("info");
+		expect(parseSarif(makeSarif("unknown-level"))[0]?.severity).toBe("warning");
+	});
+
+	it("should handle multiple runs with multiple results", () => {
+		const sarif = JSON.stringify({
+			runs: [
+				{
+					results: [
+						{
+							ruleId: "rule-a",
+							message: { text: "Issue A" },
+							locations: [
+								{
+									physicalLocation: {
+										artifactLocation: { uri: "a.ts" },
+										region: { startLine: 10 },
+									},
+								},
+							],
+							level: "warning",
+						},
+					],
+				},
+				{
+					results: [
+						{
+							ruleId: "rule-b",
+							message: { text: "Issue B" },
+							locations: [
+								{
+									physicalLocation: {
+										artifactLocation: { uri: "b.ts" },
+										region: { startLine: 20, startColumn: 5 },
+									},
+								},
+							],
+							level: "error",
+						},
+					],
+				},
+			],
+		});
+
+		const findings = parseSarif(sarif);
+		expect(findings.length).toBe(2);
+		expect(findings[0]?.file).toBe("a.ts");
+		expect(findings[1]?.file).toBe("b.ts");
+	});
+
+	it("should handle results with no locations gracefully", () => {
+		const sarif = JSON.stringify({
+			runs: [
+				{
+					results: [
+						{
+							ruleId: "rule-x",
+							message: { text: "No location" },
+							locations: [],
+							level: "warning",
+						},
+					],
+				},
+			],
+		});
+
+		const findings = parseSarif(sarif);
+		expect(findings.length).toBe(1);
+		expect(findings[0]?.file).toBe("");
+		expect(findings[0]?.line).toBe(0);
+	});
+
+	it("should return empty array for invalid JSON", () => {
+		const findings = parseSarif("not valid json {{{");
+		expect(findings).toEqual([]);
+	});
+
+	it("should return empty array for malformed SARIF structure", () => {
+		const findings = parseSarif(JSON.stringify({ unexpected: true }));
+		expect(findings).toEqual([]);
+	});
+
+	it("should handle results with missing region fields", () => {
+		const sarif = JSON.stringify({
+			runs: [
+				{
+					results: [
+						{
+							ruleId: "rule-y",
+							message: { text: "Partial location" },
+							locations: [
+								{
+									physicalLocation: {
+										artifactLocation: { uri: "partial.ts" },
+									},
+								},
+							],
+							level: "error",
+						},
+					],
+				},
+			],
+		});
+
+		const findings = parseSarif(sarif);
+		expect(findings.length).toBe(1);
+		expect(findings[0]?.file).toBe("partial.ts");
+		expect(findings[0]?.line).toBe(0);
+		expect(findings[0]?.column).toBeUndefined();
+	});
+});
+
+// ─── runSemgrep ────────────────────────────────────────────────────────────
+
+describe("runSemgrep", () => {
+	it("should return skipped when availability is false", async () => {
+		const result = await runSemgrep({ available: false });
+		expect(result.findings).toEqual([]);
+		expect(result.skipped).toBe(true);
+	});
+
+	it("should return correct result shape", async () => {
+		// Use available: false to avoid running the actual tool in tests
+		const result = await runSemgrep({ available: false });
+		expect(result).toHaveProperty("findings");
+		expect(result).toHaveProperty("skipped");
+		expect(Array.isArray(result.findings)).toBe(true);
+		expect(typeof result.skipped).toBe("boolean");
+	});
+
+	it("should accept options without crashing", async () => {
+		const result = await runSemgrep({
+			files: ["nonexistent-file.ts"],
+			config: "auto",
+			cwd: "/tmp",
+			available: false,
+		});
+		// Should not throw
+		expect(result).toHaveProperty("findings");
+		expect(result).toHaveProperty("skipped");
+	});
+});