@malindar/whyline 0.1.0

package/tests/installClaude.test.ts

@@ -0,0 +1,157 @@
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import fs from "fs";
+import os from "os";
+import path from "path";
+import { runInstallClaude } from "../src/commands/install-claude.js";
+
+function makeGitDir(): string {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), "whyline-install-"));
+  // minimal .git so getRepoRoot succeeds
+  fs.mkdirSync(path.join(dir, ".git"));
+  return dir;
+}
+
+vi.mock("../src/git/git.js", () => ({
+  getRepoRoot: (cwd: string) => {
+    // return cwd if it contains a .git dir
+    if (fs.existsSync(path.join(cwd, ".git"))) return cwd;
+    return null;
+  },
+}));
+
+vi.mock("../src/git/repoId.js", () => ({
+  getRepoName: () => "my-test-repo",
+}));
+
+describe("install-claude — .mcp.json", () => {
+  let repoDir: string;
+
+  beforeEach(() => { repoDir = makeGitDir(); });
+
+  it("creates .mcp.json when absent", async () => {
+    await runInstallClaude({ repoPath: repoDir });
+    const mcp = JSON.parse(fs.readFileSync(path.join(repoDir, ".mcp.json"), "utf-8"));
+    expect(mcp.mcpServers.whyline).toEqual({ command: "whyline", args: ["mcp"] });
+  });
+
+  it("merges into existing .mcp.json without removing other servers", async () => {
+    const existing = { mcpServers: { "other-tool": { command: "other", args: [] } } };
+    fs.writeFileSync(path.join(repoDir, ".mcp.json"), JSON.stringify(existing));
+
+    await runInstallClaude({ repoPath: repoDir });
+
+    const mcp = JSON.parse(fs.readFileSync(path.join(repoDir, ".mcp.json"), "utf-8"));
+    expect(mcp.mcpServers["other-tool"]).toBeDefined();
+    expect(mcp.mcpServers.whyline).toEqual({ command: "whyline", args: ["mcp"] });
+  });
+
+  it("is idempotent — running twice does not duplicate or change .mcp.json", async () => {
+    await runInstallClaude({ repoPath: repoDir });
+    const after1 = fs.readFileSync(path.join(repoDir, ".mcp.json"), "utf-8");
+    await runInstallClaude({ repoPath: repoDir });
+    const after2 = fs.readFileSync(path.join(repoDir, ".mcp.json"), "utf-8");
+    expect(after1).toBe(after2);
+  });
+});
+
+describe("install-claude — CLAUDE.md", () => {
+  let repoDir: string;
+
+  beforeEach(() => { repoDir = makeGitDir(); });
+
+  it("creates CLAUDE.md with repo name header and Whyline section when absent", async () => {
+    await runInstallClaude({ repoPath: repoDir });
+    const content = fs.readFileSync(path.join(repoDir, "CLAUDE.md"), "utf-8");
+    expect(content).toContain("my-test-repo");
+    expect(content).toContain("## Whyline Memory");
+    expect(content).toContain(repoDir);
+  });
+
+  it("appends Whyline section to an existing CLAUDE.md that lacks it", async () => {
+    fs.writeFileSync(path.join(repoDir, "CLAUDE.md"), "# Existing project\n\nSome instructions.\n");
+    await runInstallClaude({ repoPath: repoDir });
+    const content = fs.readFileSync(path.join(repoDir, "CLAUDE.md"), "utf-8");
+    expect(content).toContain("Existing project");
+    expect(content).toContain("## Whyline Memory");
+  });
+
+  it("updates repoPath in existing CLAUDE.md that already has Whyline section", async () => {
+    const oldPath = "/old/path/to/repo";
+    const section = `# My repo\n\n## Whyline Memory\n\n- \`repoPath\`: \`${oldPath}\`\n`;
+    fs.writeFileSync(path.join(repoDir, "CLAUDE.md"), section);
+
+    await runInstallClaude({ repoPath: repoDir });
+
+    const content = fs.readFileSync(path.join(repoDir, "CLAUDE.md"), "utf-8");
+    expect(content).not.toContain(oldPath);
+    expect(content).toContain(repoDir);
+  });
+
+  it("is idempotent — running twice does not duplicate the section", async () => {
+    await runInstallClaude({ repoPath: repoDir });
+    const after1 = fs.readFileSync(path.join(repoDir, "CLAUDE.md"), "utf-8");
+    await runInstallClaude({ repoPath: repoDir });
+    const after2 = fs.readFileSync(path.join(repoDir, "CLAUDE.md"), "utf-8");
+    expect(after1).toBe(after2);
+    // should only appear once
+    expect(after2.split("## Whyline Memory").length - 1).toBe(1);
+  });
+});
+
+describe("install-claude — .claude/settings.local.json", () => {
+  let repoDir: string;
+
+  beforeEach(() => { repoDir = makeGitDir(); });
+
+  it("creates settings.local.json with all tool permissions", async () => {
+    await runInstallClaude({ repoPath: repoDir });
+    const settings = JSON.parse(
+      fs.readFileSync(path.join(repoDir, ".claude", "settings.local.json"), "utf-8")
+    );
+    expect(settings.permissions.allow).toContain("mcp__whyline__save_coding_memory");
+    expect(settings.permissions.allow).toContain("mcp__whyline__search_coding_memory");
+    expect(settings.permissions.allow).toContain("mcp__whyline__get_recent_memories");
+    expect(settings.enabledMcpjsonServers).toContain("whyline");
+  });
+
+  it("merges into existing settings.local.json without removing existing permissions", async () => {
+    const settingsDir = path.join(repoDir, ".claude");
+    fs.mkdirSync(settingsDir);
+    const existing = { permissions: { allow: ["some__other__tool"] }, enabledMcpjsonServers: ["other"] };
+    fs.writeFileSync(path.join(settingsDir, "settings.local.json"), JSON.stringify(existing));
+
+    await runInstallClaude({ repoPath: repoDir });
+
+    const settings = JSON.parse(
+      fs.readFileSync(path.join(settingsDir, "settings.local.json"), "utf-8")
+    );
+    expect(settings.permissions.allow).toContain("some__other__tool");
+    expect(settings.permissions.allow).toContain("mcp__whyline__save_coding_memory");
+    expect(settings.enabledMcpjsonServers).toContain("other");
+    expect(settings.enabledMcpjsonServers).toContain("whyline");
+  });
+
+  it("is idempotent — running twice does not duplicate permissions", async () => {
+    await runInstallClaude({ repoPath: repoDir });
+    const after1 = fs.readFileSync(path.join(repoDir, ".claude", "settings.local.json"), "utf-8");
+    await runInstallClaude({ repoPath: repoDir });
+    const after2 = fs.readFileSync(path.join(repoDir, ".claude", "settings.local.json"), "utf-8");
+    expect(after1).toBe(after2);
+    const parsed = JSON.parse(after2);
+    const saveCount = (parsed.permissions.allow as string[]).filter(
+      (p: string) => p === "mcp__whyline__save_coding_memory"
+    ).length;
+    expect(saveCount).toBe(1);
+  });
+});
+
+describe("install-claude — error handling", () => {
+  it("exits when not inside a git repo", async () => {
+    const notARepo = fs.mkdtempSync(path.join(os.tmpdir(), "whyline-nogit-"));
+    const exitSpy = vi.spyOn(process, "exit").mockImplementation((code?: number) => {
+      throw new Error(`exit:${code}`);
+    });
+    await expect(runInstallClaude({ repoPath: notARepo })).rejects.toThrow("exit:1");
+    exitSpy.mockRestore();
+  });
+});

package/tests/parseSummary.test.ts

@@ -0,0 +1,111 @@
+import { describe, it, expect } from "vitest";
+import { parseSummary } from "../src/memory/parseSummary.js";
+
+const FULL_EXAMPLE = `# Memory
+
+Intent:
+Add optimistic comment rendering.
+
+Summary:
+Implemented optimistic rendering for new comments so they appear immediately.
+
+Decision:
+Render comments immediately and reconcile after server ack.
+
+Why:
+Waiting for server confirmation made comment creation feel slow.
+
+Alternatives rejected:
+- Server-confirmed rendering only.
+- Polling for new comments after submit.
+
+Risks:
+- Duplicate comments during reconnect.
+- Failed server ack needs rollback UI.
+
+Follow-ups:
+- Add dedupe reconciliation tests.
+- Add failed-send retry state.
+
+Tags:
+- comments
+- sync
+- optimistic-ui
+`;
+
+describe("parseSummary", () => {
+  it("parses all standard fields from a full example", () => {
+    const result = parseSummary(FULL_EXAMPLE);
+    expect(result.intent).toBe("Add optimistic comment rendering.");
+    expect(result.summary).toBe(
+      "Implemented optimistic rendering for new comments so they appear immediately."
+    );
+    expect(result.decision).toBe("Render comments immediately and reconcile after server ack.");
+    expect(result.why).toBe("Waiting for server confirmation made comment creation feel slow.");
+    expect(result.alternativesRejected).toEqual([
+      "Server-confirmed rendering only.",
+      "Polling for new comments after submit.",
+    ]);
+    expect(result.risks).toEqual([
+      "Duplicate comments during reconnect.",
+      "Failed server ack needs rollback UI.",
+    ]);
+    expect(result.followUps).toEqual([
+      "Add dedupe reconciliation tests.",
+      "Add failed-send retry state.",
+    ]);
+    expect(result.tags).toEqual(["comments", "sync", "optimistic-ui"]);
+  });
+
+  it("parses optional Task: heading", () => {
+    const input = `Task:\nFix comment sync bug.\n\nIntent:\nFix the sync.\n`;
+    const result = parseSummary(input);
+    expect(result.task).toBe("Fix comment sync bug.");
+  });
+
+  it("returns undefined for task when heading is absent", () => {
+    const result = parseSummary(FULL_EXAMPLE);
+    expect(result.task).toBeUndefined();
+  });
+
+  it("uses safe defaults for missing fields", () => {
+    const result = parseSummary("Some random text with no headings.");
+    expect(result.intent).toBe("Unspecified intent");
+    expect(result.decision).toBe("Unspecified decision");
+    expect(result.why).toBe("Unspecified rationale");
+    expect(result.alternativesRejected).toEqual([]);
+    expect(result.risks).toEqual([]);
+    expect(result.followUps).toEqual([]);
+    expect(result.tags).toEqual([]);
+  });
+
+  it("uses full file content as summary fallback when Summary: heading is missing", () => {
+    const input = "Intent:\nDo something.\n";
+    const result = parseSummary(input);
+    expect(result.summary).toBeTruthy();
+  });
+
+  it("handles asterisk bullets as well as dash bullets", () => {
+    const input = `Risks:\n* Risk one\n* Risk two\n`;
+    const result = parseSummary(input);
+    expect(result.risks).toEqual(["Risk one", "Risk two"]);
+  });
+
+  it("strips the markdown h1 title line", () => {
+    const input = `# My Session Memory\n\nIntent:\nDo something useful.\n`;
+    const result = parseSummary(input);
+    expect(result.intent).toBe("Do something useful.");
+  });
+
+  it("handles Follow ups (without hyphen) as synonym for Follow-ups", () => {
+    const input = `Follow ups:\n- Test A\n- Test B\n`;
+    const result = parseSummary(input);
+    expect(result.followUps).toEqual(["Test A", "Test B"]);
+  });
+
+  it("trims whitespace from field values", () => {
+    const input = `Intent:\n   Add something.   \n`;
+    const result = parseSummary(input);
+    expect(result.intent).toBe("Add something.");
+  });
+});

package/tests/qualityCheck.test.ts

@@ -0,0 +1,182 @@
+import { describe, it, expect, beforeEach } from "vitest";
+import { checkQuality, checkDuplicates } from "../src/memory/qualityCheck.js";
+import { openDb } from "../src/db/connection.js";
+import { runMigrations } from "../src/db/migrations.js";
+import { saveMemory, generateMemoryId } from "../src/memory/saveMemory.js";
+import type { CodingMemory } from "../src/memory/types.js";
+import type Database from "better-sqlite3";
+
+function makeTestDb(): Database.Database {
+  const db = openDb(":memory:");
+  runMigrations(db);
+  return db;
+}
+
+function makeMemory(overrides: Partial<CodingMemory> = {}): CodingMemory {
+  return {
+    id: generateMemoryId(),
+    createdAt: new Date().toISOString(),
+    updatedAt: new Date().toISOString(),
+    repoId: "repo-abc",
+    repoPath: "/home/user/my-app",
+    repoName: "my-app",
+    branch: "main",
+    commitSha: "abc12345",
+    files: ["src/auth/session.ts"],
+    tags: ["auth"],
+    intent: "Add refresh token rotation to prevent replay attacks",
+    summary: "Implemented token rotation on every use",
+    decision: "Rotate tokens on every request",
+    why: "One-time-use tokens prevent replay attacks in auth flow",
+    alternativesRejected: ["Long-lived tokens"],
+    risks: ["Token invalidation race condition"],
+    followUps: ["Add rotation tests"],
+    source: "cli",
+    embeddingText: "Add refresh token rotation",
+    ...overrides,
+  };
+}
+
+describe("checkQuality", () => {
+  it("returns no warnings for good fields", () => {
+    const warnings = checkQuality({
+      intent: "Add refresh token rotation to prevent replay attacks",
+      decision: "Rotate tokens on every request to invalidate old ones",
+      why: "One-time-use tokens prevent replay attacks in the auth flow",
+    });
+    expect(warnings).toHaveLength(0);
+  });
+
+  it("warns when intent is too short", () => {
+    const warnings = checkQuality({
+      intent: "fix",
+      decision: "Rotate tokens on every request to prevent replay attacks",
+      why: "One-time-use tokens prevent replay attacks in auth flow",
+    });
+    expect(warnings.some((w) => w.field === "intent")).toBe(true);
+  });
+
+  it("warns when decision is too short", () => {
+    const warnings = checkQuality({
+      intent: "Add refresh token rotation to prevent replay attacks",
+      decision: "done",
+      why: "One-time-use tokens prevent replay attacks in auth flow",
+    });
+    expect(warnings.some((w) => w.field === "decision")).toBe(true);
+  });
+
+  it("warns when why is too short", () => {
+    const warnings = checkQuality({
+      intent: "Add refresh token rotation to prevent replay attacks",
+      decision: "Rotate tokens on every request to prevent replay attacks",
+      why: "wip",
+    });
+    expect(warnings.some((w) => w.field === "why")).toBe(true);
+  });
+
+  it("warns on filler phrases", () => {
+    const warnings = checkQuality({
+      intent: "updated the auth logic for session handling",
+      decision: "done with the implementation details of token refresh",
+      why: "fixed the issue that was causing problems in production",
+    });
+    const fillerWarnings = warnings.filter((w) => w.message.includes("filler"));
+    expect(fillerWarnings.length).toBeGreaterThan(0);
+  });
+
+  it("warns on exact filler match", () => {
+    const warnings = checkQuality({
+      intent: "done",
+      decision: "Rotate tokens on every request to prevent replay attacks",
+      why: "One-time-use tokens prevent replay attacks in auth flow",
+    });
+    expect(warnings.some((w) => w.field === "intent")).toBe(true);
+  });
+
+  it("returns multiple warnings for multiple bad fields", () => {
+    const warnings = checkQuality({
+      intent: "fix",
+      decision: "done",
+      why: "wip",
+    });
+    expect(warnings.length).toBe(3);
+  });
+});
+
+describe("checkDuplicates", () => {
+  let db: Database.Database;
+
+  beforeEach(() => { db = makeTestDb(); });
+
+  it("returns no warnings when no memories exist", () => {
+    const warnings = checkDuplicates(db, makeMemory());
+    expect(warnings).toHaveLength(0);
+  });
+
+  it("warns when a memory with the same commit SHA already exists", () => {
+    const existing = makeMemory({ commitSha: "abc12345" });
+    saveMemory(db, existing);
+
+    const warnings = checkDuplicates(db, makeMemory({ commitSha: "abc12345" }));
+    expect(warnings.some((w) => w.type === "same-commit")).toBe(true);
+    expect(warnings[0].existingId).toBe(existing.id);
+  });
+
+  it("warns when a similar intent exists with overlapping files", () => {
+    const existing = makeMemory({
+      commitSha: "old123",
+      intent: "Add refresh token rotation to prevent replay attacks",
+      files: ["src/auth/session.ts"],
+    });
+    saveMemory(db, existing);
+
+    const incoming = makeMemory({
+      commitSha: "new456",
+      intent: "Add refresh token rotation for auth security",
+      files: ["src/auth/session.ts"],
+    });
+    const warnings = checkDuplicates(db, incoming);
+    expect(warnings.some((w) => w.type === "similar-intent")).toBe(true);
+  });
+
+  it("does not warn for similar intent with no file overlap", () => {
+    const existing = makeMemory({
+      intent: "Add refresh token rotation to prevent replay attacks",
+      files: ["src/auth/session.ts"],
+    });
+    saveMemory(db, existing);
+
+    const incoming = makeMemory({
+      commitSha: "new456",
+      intent: "Add refresh token rotation for auth security",
+      files: ["src/payments/checkout.ts"],
+    });
+    const warnings = checkDuplicates(db, incoming);
+    expect(warnings.some((w) => w.type === "similar-intent")).toBe(false);
+  });
+
+  it("does not warn for different intents on the same files", () => {
+    const existing = makeMemory({
+      intent: "Add refresh token rotation to prevent replay attacks",
+      files: ["src/auth/session.ts"],
+    });
+    saveMemory(db, existing);
+
+    const incoming = makeMemory({
+      commitSha: "new456",
+      intent: "Fix payment gateway timeout on slow network connections",
+      files: ["src/auth/session.ts"],
+    });
+    const warnings = checkDuplicates(db, incoming);
+    expect(warnings.some((w) => w.type === "similar-intent")).toBe(false);
+  });
+
+  it("does not warn when repo IDs differ", () => {
+    const existing = makeMemory({ repoId: "repo-abc", commitSha: "abc12345" });
+    saveMemory(db, existing);
+
+    const incoming = makeMemory({ repoId: "repo-xyz", commitSha: "abc12345" });
+    const warnings = checkDuplicates(db, incoming);
+    expect(warnings).toHaveLength(0);
+  });
+});

package/tests/redactSecrets.test.ts

@@ -0,0 +1,75 @@
+import { describe, it, expect } from "vitest";
+import { redactSecrets, SECRET_PATTERNS } from "../src/memory/redactSecrets.js";
+
+describe("redactSecrets", () => {
+  it("redacts GitHub personal access tokens (ghp_)", () => {
+    const input = "token: ghp_abcdefghijklmnopqrstuvwxyz1234567890";
+    expect(redactSecrets(input)).toContain("[REDACTED_SECRET]");
+    expect(redactSecrets(input)).not.toMatch(/ghp_[A-Za-z0-9]{36}/);
+  });
+
+  it("redacts GitHub OAuth tokens (gho_)", () => {
+    const input = "gho_abcdefghijklmnopqrstuvwxyz1234567890";
+    expect(redactSecrets(input)).toBe("[REDACTED_SECRET]");
+  });
+
+  it("redacts GitHub App tokens (ghs_)", () => {
+    const input = "ghs_abcdefghijklmnopqrstuvwxyz1234567890";
+    expect(redactSecrets(input)).toBe("[REDACTED_SECRET]");
+  });
+
+  it("redacts npm tokens", () => {
+    const input = "npm_abcdefghijklmnopqrstuvwxyz1234567890";
+    expect(redactSecrets(input)).toBe("[REDACTED_SECRET]");
+  });
+
+  it("redacts AWS access keys", () => {
+    const input = "AKIAIOSFODNN7EXAMPLE";
+    expect(redactSecrets(input)).toBe("[REDACTED_SECRET]");
+  });
+
+  it("redacts Bearer tokens", () => {
+    const input = "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.abc";
+    expect(redactSecrets(input)).toContain("[REDACTED_SECRET]");
+    expect(redactSecrets(input)).not.toContain("eyJhbGciOiJIUzI1NiJ9");
+  });
+
+  it("redacts .env-style secrets", () => {
+    expect(redactSecrets("API_KEY=abc123secret")).toContain("[REDACTED_SECRET]");
+    expect(redactSecrets("SECRET=mysecretvalue")).toContain("[REDACTED_SECRET]");
+    expect(redactSecrets("PASSWORD=hunter2")).toContain("[REDACTED_SECRET]");
+    expect(redactSecrets("TOKEN=abcdef")).toContain("[REDACTED_SECRET]");
+  });
+
+  it("redacts PEM private key blocks", () => {
+    const input = `-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1234567890abcdef
+-----END RSA PRIVATE KEY-----`;
+    expect(redactSecrets(input)).toBe("[REDACTED_SECRET]");
+  });
+
+  it("does not redact normal text", () => {
+    const input = "We decided to use optimistic rendering for better UX.";
+    expect(redactSecrets(input)).toBe(input);
+  });
+
+  it("does not redact short random strings that look like keys but aren't", () => {
+    const input = "The AKID prefix is used for something else here";
+    expect(redactSecrets(input)).toBe(input);
+  });
+
+  it("redacts multiple secrets in one string", () => {
+    const input = `ghp_abcdefghijklmnopqrstuvwxyz1234567890 and npm_abcdefghijklmnopqrstuvwxyz1234567890`;
+    const result = redactSecrets(input);
+    expect(result).not.toMatch(/ghp_/);
+    expect(result).not.toMatch(/npm_/);
+    expect(result.split("[REDACTED_SECRET]").length - 1).toBe(2);
+  });
+
+  it("all SECRET_PATTERNS have a name and a RegExp", () => {
+    for (const p of SECRET_PATTERNS) {
+      expect(p.name).toBeTruthy();
+      expect(p.pattern).toBeInstanceOf(RegExp);
+    }
+  });
+});