npm - @massu/core - Versions diffs - 0.1.1 → 0.1.2 - Mend

@massu/core 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/README.md +2 -2
package/dist/hooks/cost-tracker.js +23 -35
package/dist/hooks/post-edit-context.js +2 -2
package/dist/hooks/post-tool-use.js +43 -58
package/dist/hooks/pre-compact.js +23 -38
package/dist/hooks/pre-delete-check.js +18 -31
package/dist/hooks/quality-event.js +23 -35
package/dist/hooks/session-end.js +62 -78
package/dist/hooks/session-start.js +33 -42
package/dist/hooks/user-prompt.js +23 -38
package/package.json +8 -14
package/src/adr-generator.ts +9 -2
package/src/analytics.ts +9 -3
package/src/audit-trail.ts +10 -3
package/src/cloud-sync.ts +14 -18
package/src/commands/init.ts +1 -5
package/src/cost-tracker.ts +11 -6
package/src/dependency-scorer.ts +9 -2
package/src/docs-tools.ts +13 -10
package/src/hooks/post-edit-context.ts +3 -3
package/src/hooks/session-end.ts +3 -3
package/src/hooks/session-start.ts +2 -2
package/src/memory-db.ts +1351 -23
package/src/memory-tools.ts +14 -15
package/src/observability-tools.ts +13 -2
package/src/prompt-analyzer.ts +9 -2
package/src/regression-detector.ts +9 -3
package/src/security-scorer.ts +9 -2
package/src/sentinel-db.ts +43 -88
package/src/sentinel-tools.ts +8 -11
package/src/server.ts +1 -2
package/src/team-knowledge.ts +9 -2
package/src/tools.ts +771 -35
package/src/validate-features-runner.ts +0 -1
package/src/validation-engine.ts +9 -2
package/dist/cli.js +0 -7890
package/dist/server.js +0 -7008
package/src/__tests__/adr-generator.test.ts +0 -260
package/src/__tests__/analytics.test.ts +0 -282
package/src/__tests__/audit-trail.test.ts +0 -382
package/src/__tests__/backfill-sessions.test.ts +0 -690
package/src/__tests__/cli.test.ts +0 -290
package/src/__tests__/cloud-sync.test.ts +0 -261
package/src/__tests__/config-sections.test.ts +0 -359
package/src/__tests__/config.test.ts +0 -732
package/src/__tests__/cost-tracker.test.ts +0 -348
package/src/__tests__/db.test.ts +0 -177
package/src/__tests__/dependency-scorer.test.ts +0 -325
package/src/__tests__/docs-integration.test.ts +0 -178
package/src/__tests__/docs-tools.test.ts +0 -199
package/src/__tests__/domains.test.ts +0 -236
package/src/__tests__/hooks.test.ts +0 -221
package/src/__tests__/import-resolver.test.ts +0 -95
package/src/__tests__/integration/path-traversal.test.ts +0 -134
package/src/__tests__/integration/pricing-consistency.test.ts +0 -88
package/src/__tests__/integration/tool-registration.test.ts +0 -146
package/src/__tests__/memory-db.test.ts +0 -404
package/src/__tests__/memory-enhancements.test.ts +0 -316
package/src/__tests__/memory-tools.test.ts +0 -199
package/src/__tests__/middleware-tree.test.ts +0 -177
package/src/__tests__/observability-tools.test.ts +0 -595
package/src/__tests__/observability.test.ts +0 -437
package/src/__tests__/observation-extractor.test.ts +0 -167
package/src/__tests__/page-deps.test.ts +0 -60
package/src/__tests__/prompt-analyzer.test.ts +0 -298
package/src/__tests__/regression-detector.test.ts +0 -295
package/src/__tests__/rules.test.ts +0 -87
package/src/__tests__/schema-mapper.test.ts +0 -29
package/src/__tests__/security-scorer.test.ts +0 -238
package/src/__tests__/security-utils.test.ts +0 -175
package/src/__tests__/sentinel-db.test.ts +0 -491
package/src/__tests__/sentinel-scanner.test.ts +0 -750
package/src/__tests__/sentinel-tools.test.ts +0 -324
package/src/__tests__/sentinel-types.test.ts +0 -750
package/src/__tests__/server.test.ts +0 -452
package/src/__tests__/session-archiver.test.ts +0 -524
package/src/__tests__/session-state-generator.test.ts +0 -900
package/src/__tests__/team-knowledge.test.ts +0 -327
package/src/__tests__/tools.test.ts +0 -340
package/src/__tests__/transcript-parser.test.ts +0 -195
package/src/__tests__/trpc-index.test.ts +0 -25
package/src/__tests__/validate-features-runner.test.ts +0 -517
package/src/__tests__/validation-engine.test.ts +0 -300
package/src/core-tools.ts +0 -685
package/src/memory-queries.ts +0 -804
package/src/memory-schema.ts +0 -546
package/src/tool-helpers.ts +0 -41

package/src/__tests__/domains.test.ts DELETED Viewed

@@ -1,236 +0,0 @@
-// Copyright (c) 2026 Massu. All rights reserved.
-// Licensed under BSL 1.1 - see LICENSE file for details.
-import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
-import Database from 'better-sqlite3';
-import { classifyRouter, classifyFile, findCrossDomainImports, getFilesInDomain } from '../domains.ts';
-// Mock config
-vi.mock('../config.ts', () => ({
-  getConfig: () => ({
-    toolPrefix: 'massu',
-    framework: { type: 'typescript', router: 'trpc', orm: 'prisma' },
-    paths: { source: 'src', routers: 'src/server/api/routers' },
-    domains: [
-      {
-        name: 'auth',
-        routers: ['auth', 'user'],
-        pages: ['src/app/auth/**'],
-        tables: ['users', 'sessions'],
-        allowedImportsFrom: ['*'],
-      },
-      {
-        name: 'product',
-        routers: ['product', 'catalog'],
-        pages: ['src/app/products/**'],
-        tables: ['products'],
-        allowedImportsFrom: ['auth'],
-      },
-      {
-        name: 'order',
-        routers: ['order*'],
-        pages: ['src/app/orders/**'],
-        tables: ['orders'],
-        allowedImportsFrom: ['auth', 'product'],
-      },
-    ],
-  }),
-  getProjectRoot: () => '/test/project',
-  getResolvedPaths: () => ({
-    codegraphDbPath: '/test/codegraph.db',
-    dataDbPath: '/test/data.db',
-  }),
-}));
-function createTestDataDb(): Database.Database {
-  const db = new Database(':memory:');
-  db.pragma('journal_mode = WAL');
-  db.pragma('foreign_keys = ON');
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS massu_imports (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      source_file TEXT NOT NULL,
-      target_file TEXT NOT NULL,
-      import_type TEXT NOT NULL,
-      imported_names TEXT NOT NULL DEFAULT '[]',
-      line INTEGER NOT NULL DEFAULT 0
-    );
-  `);
-  return db;
-}
-function createTestCodeGraphDb(): Database.Database {
-  const db = new Database(':memory:');
-  db.pragma('journal_mode = WAL');
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS files (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      path TEXT UNIQUE NOT NULL
-    );
-  `);
-  return db;
-}
-describe('Domains Module', () => {
-  let dataDb: Database.Database;
-  let codegraphDb: Database.Database;
-  beforeEach(() => {
-    dataDb = createTestDataDb();
-    codegraphDb = createTestCodeGraphDb();
-  });
-  afterEach(() => {
-    dataDb.close();
-    codegraphDb.close();
-  });
-  describe('classifyRouter', () => {
-    it('classifies router by exact match', () => {
-      expect(classifyRouter('auth')).toBe('auth');
-      expect(classifyRouter('user')).toBe('auth');
-      expect(classifyRouter('product')).toBe('product');
-    });
-    it('classifies router by wildcard pattern', () => {
-      expect(classifyRouter('orders')).toBe('order');
-      expect(classifyRouter('orderHistory')).toBe('order');
-    });
-    it('returns Unknown for unmatched router', () => {
-      expect(classifyRouter('unknownRouter')).toBe('Unknown');
-    });
-  });
-  describe('classifyFile', () => {
-    it('classifies file by page pattern', () => {
-      expect(classifyFile('src/app/auth/login/page.tsx')).toBe('auth');
-      expect(classifyFile('src/app/products/list/page.tsx')).toBe('product');
-      expect(classifyFile('src/app/orders/[id]/page.tsx')).toBe('order');
-    });
-    it('classifies router file by path', () => {
-      expect(classifyFile('src/server/api/routers/auth.ts')).toBe('auth');
-      expect(classifyFile('src/server/api/routers/product.ts')).toBe('product');
-      expect(classifyFile('src/server/api/routers/orders.ts')).toBe('order');
-    });
-    it('classifies component file by directory name', () => {
-      expect(classifyFile('src/components/auth/LoginForm.tsx')).toBe('auth');
-      expect(classifyFile('src/components/product/ProductCard.tsx')).toBe('product');
-    });
-    it('returns Unknown for unclassifiable file', () => {
-      expect(classifyFile('src/utils/helpers.ts')).toBe('Unknown');
-    });
-  });
-  describe('findCrossDomainImports', () => {
-    beforeEach(() => {
-      // Seed test imports
-      dataDb.prepare(`
-        INSERT INTO massu_imports (source_file, target_file, import_type, imported_names)
-        VALUES
-          ('src/app/orders/page.tsx', 'src/app/auth/hooks.ts', 'named', '["useAuth"]'),
-          ('src/app/orders/page.tsx', 'src/app/products/api.ts', 'named', '["getProduct"]'),
-          ('src/app/products/page.tsx', 'src/app/orders/utils.ts', 'named', '["formatOrder"]'),
-          ('src/app/auth/page.tsx', 'src/app/auth/login.tsx', 'named', '["LoginForm"]')
-      `).run();
-    });
-    it('identifies cross-domain imports', () => {
-      const crossings = findCrossDomainImports(dataDb);
-      expect(crossings.length).toBeGreaterThan(0);
-      const orderToAuth = crossings.find(c => c.sourceDomain === 'order' && c.targetDomain === 'auth');
-      expect(orderToAuth).toBeTruthy();
-    });
-    it('marks allowed imports correctly', () => {
-      const crossings = findCrossDomainImports(dataDb);
-      const orderToAuth = crossings.find(c => c.sourceDomain === 'order' && c.targetDomain === 'auth');
-      expect(orderToAuth?.allowed).toBe(true); // order allows imports from auth
-    });
-    it('marks disallowed imports as violations', () => {
-      const crossings = findCrossDomainImports(dataDb);
-      const productToOrder = crossings.find(c => c.sourceDomain === 'product' && c.targetDomain === 'order');
-      if (productToOrder) {
-        expect(productToOrder.allowed).toBe(false); // product doesn't allow imports from order
-      }
-    });
-    it('ignores same-domain imports', () => {
-      const crossings = findCrossDomainImports(dataDb);
-      const authToAuth = crossings.find(c => c.sourceDomain === 'auth' && c.targetDomain === 'auth');
-      expect(authToAuth).toBeUndefined();
-    });
-    it('ignores Unknown domain imports', () => {
-      dataDb.prepare(`
-        INSERT INTO massu_imports (source_file, target_file, import_type)
-        VALUES ('src/utils/helper.ts', 'src/app/auth/page.tsx', 'named')
-      `).run();
-      const crossings = findCrossDomainImports(dataDb);
-      const unknownToAuth = crossings.find(c => c.sourceDomain === 'Unknown');
-      expect(unknownToAuth).toBeUndefined();
-    });
-  });
-  describe('getFilesInDomain', () => {
-    beforeEach(() => {
-      // Seed test files
-      codegraphDb.prepare(`
-        INSERT INTO files (path) VALUES
-          ('src/server/api/routers/auth.ts'),
-          ('src/server/api/routers/user.ts'),
-          ('src/server/api/routers/product.ts'),
-          ('src/app/auth/login/page.tsx'),
-          ('src/app/auth/register/page.tsx'),
-          ('src/app/products/list/page.tsx'),
-          ('src/components/auth/LoginForm.tsx'),
-          ('src/components/product/ProductCard.tsx')
-      `).run();
-    });
-    it('returns routers in domain', () => {
-      const files = getFilesInDomain(dataDb, codegraphDb, 'auth');
-      expect(files.routers.length).toBeGreaterThan(0);
-      expect(files.routers).toContain('src/server/api/routers/auth.ts');
-      expect(files.routers).toContain('src/server/api/routers/user.ts');
-    });
-    it('returns pages in domain', () => {
-      const files = getFilesInDomain(dataDb, codegraphDb, 'auth');
-      expect(files.pages.length).toBeGreaterThan(0);
-      expect(files.pages).toContain('src/app/auth/login/page.tsx');
-      expect(files.pages).toContain('src/app/auth/register/page.tsx');
-    });
-    it('returns components in domain', () => {
-      const files = getFilesInDomain(dataDb, codegraphDb, 'auth');
-      expect(files.components.length).toBeGreaterThan(0);
-      expect(files.components).toContain('src/components/auth/LoginForm.tsx');
-    });
-    it('returns empty for nonexistent domain', () => {
-      const files = getFilesInDomain(dataDb, codegraphDb, 'nonexistent');
-      expect(files.routers).toEqual([]);
-      expect(files.pages).toEqual([]);
-      expect(files.components).toEqual([]);
-    });
-    it('filters files correctly by domain', () => {
-      const authFiles = getFilesInDomain(dataDb, codegraphDb, 'auth');
-      const productFiles = getFilesInDomain(dataDb, codegraphDb, 'product');
-      expect(authFiles.routers).not.toContain('src/server/api/routers/product.ts');
-      expect(productFiles.routers).toContain('src/server/api/routers/product.ts');
-    });
-  });
-});

package/src/__tests__/hooks.test.ts DELETED Viewed

@@ -1,221 +0,0 @@
-// Copyright (c) 2026 Massu. All rights reserved.
-// Licensed under BSL 1.1 - see LICENSE file for details.
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
-import Database from 'better-sqlite3';
-import { resolve } from 'path';
-import { unlinkSync, existsSync, writeFileSync, readFileSync, mkdirSync } from 'fs';
-import {
-  createSession,
-  addObservation,
-  addSummary,
-  addUserPrompt,
-  getMemoryDb,
-  getFailedAttempts,
-  getRecentObservations,
-  getSessionSummaries,
-} from '../memory-db.ts';
-import { generateCurrentMd } from '../session-state-generator.ts';
-import { archiveAndRegenerate } from '../session-archiver.ts';
-// P7-004: Hook Handler Tests
-// Tests the core logic that hooks use (not the stdin/stdout plumbing)
-const TEST_DB_PATH = resolve(__dirname, '../test-hooks.db');
-function createTestDb(): Database.Database {
-  if (existsSync(TEST_DB_PATH)) unlinkSync(TEST_DB_PATH);
-  const db = new Database(TEST_DB_PATH);
-  db.pragma('journal_mode = WAL');
-  db.pragma('foreign_keys = ON');
-  // Minimal schema for hook tests
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS sessions (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT UNIQUE NOT NULL,
-      project TEXT NOT NULL DEFAULT 'my-project',
-      git_branch TEXT,
-      started_at TEXT NOT NULL,
-      started_at_epoch INTEGER NOT NULL,
-      ended_at TEXT,
-      ended_at_epoch INTEGER,
-      status TEXT CHECK(status IN ('active', 'completed', 'abandoned')) NOT NULL DEFAULT 'active',
-      plan_file TEXT,
-      plan_phase TEXT,
-      task_id TEXT
-    );
-    CREATE TABLE IF NOT EXISTS observations (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      type TEXT NOT NULL CHECK(type IN (
-        'decision', 'bugfix', 'feature', 'refactor', 'discovery',
-        'cr_violation', 'vr_check', 'pattern_compliance', 'failed_attempt',
-        'file_change', 'incident_near_miss'
-      )),
-      title TEXT NOT NULL,
-      detail TEXT,
-      files_involved TEXT DEFAULT '[]',
-      plan_item TEXT,
-      cr_rule TEXT,
-      vr_type TEXT,
-      evidence TEXT,
-      importance INTEGER NOT NULL DEFAULT 3 CHECK(importance BETWEEN 1 AND 5),
-      recurrence_count INTEGER NOT NULL DEFAULT 1,
-      original_tokens INTEGER DEFAULT 0,
-      created_at TEXT NOT NULL,
-      created_at_epoch INTEGER NOT NULL,
-      FOREIGN KEY(session_id) REFERENCES sessions(session_id) ON DELETE CASCADE
-    );
-    CREATE VIRTUAL TABLE IF NOT EXISTS observations_fts USING fts5(
-      title, detail, evidence, content='observations', content_rowid='id'
-    );
-    CREATE TRIGGER IF NOT EXISTS observations_ai AFTER INSERT ON observations BEGIN
-      INSERT INTO observations_fts(rowid, title, detail, evidence) VALUES (new.id, new.title, new.detail, new.evidence);
-    END;
-    CREATE TABLE IF NOT EXISTS session_summaries (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      request TEXT, investigated TEXT, decisions TEXT, completed TEXT,
-      failed_attempts TEXT, next_steps TEXT,
-      files_created TEXT DEFAULT '[]', files_modified TEXT DEFAULT '[]',
-      verification_results TEXT DEFAULT '{}', plan_progress TEXT DEFAULT '{}',
-      created_at TEXT NOT NULL, created_at_epoch INTEGER NOT NULL,
-      FOREIGN KEY(session_id) REFERENCES sessions(session_id) ON DELETE CASCADE
-    );
-    CREATE TABLE IF NOT EXISTS user_prompts (
-      id INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id TEXT NOT NULL,
-      prompt_text TEXT NOT NULL,
-      prompt_number INTEGER NOT NULL DEFAULT 1,
-      created_at TEXT NOT NULL, created_at_epoch INTEGER NOT NULL,
-      FOREIGN KEY(session_id) REFERENCES sessions(session_id) ON DELETE CASCADE
-    );
-    CREATE VIRTUAL TABLE IF NOT EXISTS user_prompts_fts USING fts5(
-      prompt_text, content='user_prompts', content_rowid='id'
-    );
-    CREATE TRIGGER IF NOT EXISTS prompts_ai AFTER INSERT ON user_prompts BEGIN
-      INSERT INTO user_prompts_fts(rowid, prompt_text) VALUES (new.id, new.prompt_text);
-    END;
-    CREATE TABLE IF NOT EXISTS memory_meta (key TEXT PRIMARY KEY, value TEXT NOT NULL);
-  `);
-  return db;
-}
-describe('Hook Logic', () => {
-  let db: Database.Database;
-  beforeEach(() => {
-    db = createTestDb();
-  });
-  afterEach(() => {
-    db.close();
-    if (existsSync(TEST_DB_PATH)) unlinkSync(TEST_DB_PATH);
-  });
-  describe('Session Creation (P3-001, P3-004)', () => {
-    it('creates session on first hook call', () => {
-      createSession(db, 'hook-session-1', { branch: 'feature-x' });
-      const session = db.prepare('SELECT * FROM sessions WHERE session_id = ?').get('hook-session-1') as Record<string, unknown>;
-      expect(session).toBeTruthy();
-      expect(session.git_branch).toBe('feature-x');
-    });
-    it('is idempotent across hooks', () => {
-      createSession(db, 'hook-session-1');
-      createSession(db, 'hook-session-1');
-      createSession(db, 'hook-session-1');
-      const count = db.prepare('SELECT COUNT(*) as c FROM sessions WHERE session_id = ?').get('hook-session-1') as { c: number };
-      expect(count.c).toBe(1);
-    });
-  });
-  describe('Observation Capture (P3-002)', () => {
-    it('stores file_change observations', () => {
-      createSession(db, 'hook-session-1');
-      addObservation(db, 'hook-session-1', 'file_change', 'Edited: src/lib/auth.ts', null, {
-        filesInvolved: ['src/lib/auth.ts'],
-      });
-      const obs = getRecentObservations(db, 10, 'hook-session-1');
-      expect(obs.length).toBe(1);
-      expect(obs[0].type).toBe('file_change');
-    });
-    it('stores vr_check observations', () => {
-      createSession(db, 'hook-session-1');
-      addObservation(db, 'hook-session-1', 'vr_check', 'VR-BUILD: PASS', null, {
-        vrType: 'VR-BUILD',
-        evidence: 'Build succeeded',
-        importance: 2,
-      });
-      const obs = getRecentObservations(db, 10, 'hook-session-1');
-      expect(obs[0].type).toBe('vr_check');
-      expect(obs[0].importance).toBe(2);
-    });
-  });
-  describe('Summary Generation (P3-003)', () => {
-    it('generates summary from observations', () => {
-      createSession(db, 'hook-session-1');
-      addObservation(db, 'hook-session-1', 'decision', 'Use esbuild for hooks', 'Faster than tsc');
-      addObservation(db, 'hook-session-1', 'feature', 'Implemented memory DB', null);
-      addObservation(db, 'hook-session-1', 'failed_attempt', 'process.cwd() wrong', 'Returns test dir');
-      addSummary(db, 'hook-session-1', {
-        request: 'Implement memory system',
-        decisions: '- Use esbuild for hooks',
-        completed: '- Implemented memory DB',
-        failedAttempts: '- process.cwd() wrong',
-      });
-      const summaries = getSessionSummaries(db, 5);
-      expect(summaries.length).toBe(1);
-      expect(summaries[0].request).toBe('Implement memory system');
-    });
-  });
-  describe('Context Injection Format (P3-001)', () => {
-    it('includes failed attempts in context', () => {
-      createSession(db, 'hook-session-1');
-      addObservation(db, 'hook-session-1', 'failed_attempt', 'Regex parser fails on nested braces', null, {
-        importance: 5,
-      });
-      const failures = getFailedAttempts(db);
-      expect(failures.length).toBe(1);
-      expect(failures[0].title).toContain('Regex parser');
-    });
-  });
-  describe('CURRENT.md Generation (P3-003 + P5-001)', () => {
-    it('generates valid markdown', () => {
-      createSession(db, 'hook-session-1', { branch: 'main' });
-      addUserPrompt(db, 'hook-session-1', 'Fix the auth bug', 1);
-      addObservation(db, 'hook-session-1', 'decision', 'Use JWT tokens', 'More secure');
-      addObservation(db, 'hook-session-1', 'file_change', 'Edited: src/auth.ts', null, {
-        filesInvolved: ['src/auth.ts'],
-      });
-      const md = generateCurrentMd(db, 'hook-session-1');
-      expect(md).toContain('# Session State');
-      expect(md).toContain('auto-generated from massu-memory');
-      expect(md).toContain('hook-session-1');
-      expect(md).toContain('Use JWT tokens');
-    });
-  });
-  describe('User Prompt Capture (P3-004)', () => {
-    it('stores prompts with incrementing numbers', () => {
-      createSession(db, 'hook-session-1');
-      addUserPrompt(db, 'hook-session-1', 'First prompt', 1);
-      addUserPrompt(db, 'hook-session-1', 'Second prompt', 2);
-      const prompts = db.prepare('SELECT * FROM user_prompts WHERE session_id = ? ORDER BY prompt_number').all('hook-session-1') as Array<Record<string, unknown>>;
-      expect(prompts.length).toBe(2);
-      expect(prompts[0].prompt_number).toBe(1);
-      expect(prompts[1].prompt_number).toBe(2);
-    });
-  });
-});

package/src/__tests__/import-resolver.test.ts DELETED Viewed

@@ -1,95 +0,0 @@
-// Copyright (c) 2026 Massu. All rights reserved.
-// Licensed under BSL 1.1 - see LICENSE file for details.
-import { describe, it, expect } from 'vitest';
-import { parseImports, resolveImportPath } from '../import-resolver.ts';
-describe('parseImports', () => {
-  it('parses named imports', () => {
-    const source = `import { Foo, Bar } from '@/components/shared/Foo';`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].type).toBe('named');
-    expect(imports[0].names).toEqual(['Foo', 'Bar']);
-    expect(imports[0].specifier).toBe('@/components/shared/Foo');
-  });
-  it('parses default imports', () => {
-    const source = `import Database from 'better-sqlite3';`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].type).toBe('default');
-    expect(imports[0].names).toEqual(['Database']);
-  });
-  it('parses namespace imports', () => {
-    const source = `import * as utils from './utils';`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].type).toBe('namespace');
-    expect(imports[0].names).toEqual(['utils']);
-  });
-  it('parses type imports', () => {
-    const source = `import type { Database } from 'better-sqlite3';`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].type).toBe('named');
-    expect(imports[0].names).toEqual(['Database']);
-  });
-  it('parses side effect imports', () => {
-    const source = `import './globals.css';`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].type).toBe('side_effect');
-    expect(imports[0].specifier).toBe('./globals.css');
-  });
-  it('parses dynamic imports', () => {
-    const source = `const jsdom = await import('jsdom');`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].type).toBe('dynamic');
-    expect(imports[0].specifier).toBe('jsdom');
-  });
-  it('parses aliased imports', () => {
-    const source = `import { Foo as Bar, Baz } from './module';`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].names).toEqual(['Foo', 'Baz']);
-  });
-  it('handles multiple imports', () => {
-    const source = `
-import { Button } from '@/components/ui/button';
-import { useRouter } from 'next/navigation';
-import type { FC } from 'react';
-import './styles.css';
-`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(4);
-  });
-  it('skips comments', () => {
-    const source = `
-// import { Foo } from './foo';
-import { Bar } from './bar';
-`;
-    const imports = parseImports(source);
-    expect(imports).toHaveLength(1);
-    expect(imports[0].names).toEqual(['Bar']);
-  });
-});
-describe('resolveImportPath', () => {
-  it('returns null for bare/external imports', () => {
-    expect(resolveImportPath('react', '/some/file.ts')).toBeNull();
-    expect(resolveImportPath('next/navigation', '/some/file.ts')).toBeNull();
-    expect(resolveImportPath('better-sqlite3', '/some/file.ts')).toBeNull();
-  });
-  // Note: resolveImportPath depends on file system, so we only test external filtering here.
-  // Full integration tests would need actual file paths.
-});

package/src/__tests__/integration/path-traversal.test.ts DELETED Viewed

@@ -1,134 +0,0 @@
-// Copyright (c) 2026 Massu. All rights reserved.
-// Licensed under BSL 1.1 - see LICENSE file for details.
-import { describe, it, expect, vi } from 'vitest';
-import { handleToolCall } from '../../tools.ts';
-// Mock all external dependencies
-vi.mock('../../config.ts', () => ({
-  getConfig: () => ({
-    toolPrefix: 'massu',
-    framework: { type: 'typescript', router: 'trpc', orm: 'prisma' },
-    paths: {
-      source: 'src',
-      routers: 'src/server/api/routers',
-      middleware: 'src/middleware.ts',
-    },
-    domains: [],
-  }),
-  getProjectRoot: () => '/test/project',
-  getResolvedPaths: () => ({
-    codegraphDbPath: '/test/codegraph.db',
-    dataDbPath: '/test/data.db',
-  }),
-}));
-vi.mock('../../memory-db.ts', () => {
-  const Database = require('better-sqlite3');
-  return {
-    getMemoryDb: () => {
-      const db = new Database(':memory:');
-      db.exec(`
-        CREATE TABLE IF NOT EXISTS sessions (id TEXT PRIMARY KEY, created_at TEXT, updated_at TEXT, context TEXT);
-        CREATE TABLE IF NOT EXISTS observations (id INTEGER PRIMARY KEY, session_id TEXT, content TEXT, category TEXT, confidence REAL, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS analytics_events (id INTEGER PRIMARY KEY, session_id TEXT, event_type TEXT, data TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS cost_records (id INTEGER PRIMARY KEY, session_id TEXT, model TEXT, input_tokens INTEGER, output_tokens INTEGER, cache_read_tokens INTEGER DEFAULT 0, cache_write_tokens INTEGER DEFAULT 0, cost REAL, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS prompt_analyses (id INTEGER PRIMARY KEY, session_id TEXT, tool_name TEXT, prompt_text TEXT, analysis TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS audit_trail (id INTEGER PRIMARY KEY, session_id TEXT, action TEXT, details TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS validation_results (id INTEGER PRIMARY KEY, session_id TEXT, rule_id TEXT, result TEXT, details TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS adrs (id INTEGER PRIMARY KEY, session_id TEXT, title TEXT, status TEXT, context TEXT, decision TEXT, consequences TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS security_scores (id INTEGER PRIMARY KEY, session_id TEXT, file_path TEXT, score REAL, findings TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS dependency_scores (id INTEGER PRIMARY KEY, session_id TEXT, package_name TEXT, score REAL, details TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS team_knowledge (id INTEGER PRIMARY KEY, session_id TEXT, topic TEXT, content TEXT, author TEXT, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS regression_baselines (id INTEGER PRIMARY KEY, session_id TEXT, metric TEXT, value REAL, created_at TEXT);
-        CREATE TABLE IF NOT EXISTS observability_spans (id INTEGER PRIMARY KEY, session_id TEXT, trace_id TEXT, span_id TEXT, parent_span_id TEXT, name TEXT, start_time TEXT, end_time TEXT, duration_ms REAL, status TEXT, attributes TEXT);
-        CREATE TABLE IF NOT EXISTS observability_metrics (id INTEGER PRIMARY KEY, session_id TEXT, name TEXT, value REAL, unit TEXT, dimensions TEXT, timestamp TEXT);
-        CREATE TABLE IF NOT EXISTS observability_logs (id INTEGER PRIMARY KEY, session_id TEXT, level TEXT, message TEXT, context TEXT, timestamp TEXT);
-      `);
-      return db;
-    },
-  };
-});
-vi.mock('../../db.ts', async (importOriginal) => {
-  const actual = await importOriginal() as Record<string, unknown>;
-  return {
-    ...actual,
-    isDataStale: () => false,
-    updateBuildTimestamp: vi.fn(),
-  };
-});
-vi.mock('../../import-resolver.ts', () => ({
-  buildImportIndex: () => 0,
-}));
-vi.mock('../../trpc-index.ts', () => ({
-  buildTrpcIndex: () => ({ totalProcedures: 0, withCallers: 0, withoutCallers: 0 }),
-}));
-vi.mock('../../page-deps.ts', () => ({
-  buildPageDeps: () => 0,
-  findAffectedPages: () => [],
-}));
-vi.mock('../../middleware-tree.ts', () => ({
-  buildMiddlewareTree: () => 0,
-  isInMiddlewareTree: () => false,
-  getMiddlewareTree: () => [],
-}));
-vi.mock('../../domains.ts', () => ({
-  classifyFile: () => ({ domain: 'unknown', layer: 'unknown' }),
-  classifyRouter: () => 'unknown',
-  findCrossDomainImports: () => [],
-  getFilesInDomain: () => [],
-}));
-vi.mock('../../schema-mapper.ts', () => ({
-  parsePrismaSchema: () => [],
-  detectMismatches: () => [],
-  findColumnUsageInRouters: () => [],
-}));
-vi.mock('../../sentinel-scanner.ts', () => ({
-  runFeatureScan: () => ({ newFeatures: 0, updatedFeatures: 0 }),
-}));
-describe('Integration: Path Traversal Prevention', () => {
-  const traversalPaths = [
-    '../../etc/passwd',
-    '/etc/passwd',
-    '../../../.env',
-    '/Users/someone/.ssh/id_rsa',
-    'src/../../secret.txt',
-  ];
-  it('massu_context rejects paths with directory traversal', () => {
-    for (const maliciousPath of traversalPaths) {
-      try {
-        const result = handleToolCall('massu_context', { file_path: maliciousPath });
-        const text = result.content[0]?.text || '';
-        // Should either error or not return actual file contents
-        // The tool should not silently succeed with external file contents
-        expect(text).not.toContain('root:x:0:0');
-        expect(text).not.toContain('BEGIN RSA PRIVATE KEY');
-      } catch {
-        // Throwing is acceptable - it means the tool rejected the input
-      }
-    }
-  });
-  it('docs tools reject paths outside project root', () => {
-    for (const maliciousPath of traversalPaths) {
-      try {
-        const result = handleToolCall('massu_docs_read', { path: maliciousPath });
-        const text = result.content[0]?.text || '';
-        expect(text).not.toContain('root:x:0:0');
-        expect(text).not.toContain('BEGIN RSA PRIVATE KEY');
-      } catch {
-        // Throwing is acceptable
-      }
-    }
-  });
-});