@meltstudio/meltctl 4.27.0 → 4.28.1

package/dist/commands/feedback.test.js

@@ -0,0 +1,242 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+vi.mock('../utils/auth.js', () => ({
+    isAuthenticated: vi.fn(),
+    authenticatedFetch: vi.fn(),
+}));
+vi.mock('@inquirer/prompts', () => ({
+    input: vi.fn(),
+    select: vi.fn(),
+    editor: vi.fn(),
+}));
+import { isAuthenticated, authenticatedFetch } from '../utils/auth.js';
+import { input, select } from '@inquirer/prompts';
+import { feedbackCommand } from './feedback.js';
+beforeEach(() => {
+    vi.clearAllMocks();
+    vi.spyOn(console, 'log').mockImplementation(() => { });
+    vi.spyOn(console, 'error').mockImplementation(() => { });
+    vi.spyOn(process, 'exit').mockImplementation((code) => {
+        throw new Error(`process.exit(${code})`);
+    });
+});
+describe('feedbackCommand', () => {
+    it('exits with error when not authenticated', async () => {
+        ;
+        isAuthenticated.mockResolvedValue(false);
+        await expect(feedbackCommand({})).rejects.toThrow('process.exit(1)');
+        expect(console.error).toHaveBeenCalled();
+    });
+    it('submits feedback with correct payload using option flags', async () => {
+        ;
+        isAuthenticated.mockResolvedValue(true);
+        const submitResponse = {
+            ok: true,
+            json: vi.fn().mockResolvedValue({}),
+        };
+        authenticatedFetch.mockResolvedValue(submitResponse);
+        await feedbackCommand({
+            to: '42',
+            coins: '2',
+            description: 'Great job on the feature implementation!',
+        });
+        expect(authenticatedFetch).toHaveBeenCalledWith('/feedback', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                toUserId: 42,
+                coins: 2,
+                description: 'Great job on the feature implementation!',
+            }),
+        });
+        const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+        expect(logCalls.some((msg) => msg.includes('Feedback sent'))).toBe(true);
+    });
+    it('displays singular coin text when sending 1 coin', async () => {
+        ;
+        isAuthenticated.mockResolvedValue(true);
+        authenticatedFetch.mockResolvedValue({
+            ok: true,
+            json: vi.fn().mockResolvedValue({}),
+        });
+        await feedbackCommand({ to: '1', coins: '1', description: 'Nice work' });
+        const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+        expect(logCalls.some((msg) => msg.includes('1 coin') && !msg.includes('1 coins'))).toBe(true);
+    });
+    it('displays plural coin text when sending multiple coins', async () => {
+        ;
+        isAuthenticated.mockResolvedValue(true);
+        authenticatedFetch.mockResolvedValue({
+            ok: true,
+            json: vi.fn().mockResolvedValue({}),
+        });
+        await feedbackCommand({ to: '1', coins: '3', description: 'Excellent work' });
+        const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+        expect(logCalls.some((msg) => msg.includes('3 coins'))).toBe(true);
+    });
+    it('exits with error when API returns failure', async () => {
+        ;
+        isAuthenticated.mockResolvedValue(true);
+        const submitResponse = {
+            ok: false,
+            statusText: 'Bad Request',
+            json: vi.fn().mockResolvedValue({ error: 'Insufficient coins' }),
+        };
+        authenticatedFetch.mockResolvedValue(submitResponse);
+        await expect(feedbackCommand({ to: '42', coins: '2', description: 'Good work' })).rejects.toThrow('process.exit(1)');
+        const errorCalls = console.error.mock.calls.map((c) => String(c[0]));
+        expect(errorCalls.some((msg) => msg.includes('Insufficient coins'))).toBe(true);
+    });
+    it('exits with error when API returns failure without error body', async () => {
+        ;
+        isAuthenticated.mockResolvedValue(true);
+        const submitResponse = {
+            ok: false,
+            statusText: 'Internal Server Error',
+            json: vi.fn().mockResolvedValue({}),
+        };
+        authenticatedFetch.mockResolvedValue(submitResponse);
+        await expect(feedbackCommand({ to: '42', coins: '2', description: 'Good work' })).rejects.toThrow('process.exit(1)');
+        const errorCalls = console.error.mock.calls.map((c) => String(c[0]));
+        expect(errorCalls.some((msg) => msg.includes('Internal Server Error'))).toBe(true);
+    });
+    it('sends correct numeric types in payload', async () => {
+        ;
+        isAuthenticated.mockResolvedValue(true);
+        authenticatedFetch.mockResolvedValue({
+            ok: true,
+            json: vi.fn().mockResolvedValue({}),
+        });
+        await feedbackCommand({ to: '7', coins: '3', description: 'Awesome' });
+        const call = authenticatedFetch.mock.calls[0];
+        const body = JSON.parse(call[1].body);
+        expect(body).toEqual({
+            toUserId: 7,
+            coins: 3,
+            description: 'Awesome',
+        });
+        expect(typeof body.toUserId).toBe('number');
+        expect(typeof body.coins).toBe('number');
+    });
+    describe('interactive flow', () => {
+        const mockRecipients = [
+            { id: 1, firstName: 'Alice', lastName: 'Smith', email: 'alice@meltstudio.co' },
+            { id: 2, firstName: 'Bob', lastName: 'Jones', email: 'bob@meltstudio.co' },
+        ];
+        function setupInteractiveMocks() {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+        }
+        it('prompts for recipient, coins, and description in interactive mode', async () => {
+            setupInteractiveMocks();
+            const recipientsResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue(mockRecipients),
+            };
+            const submitResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue({}),
+            };
+            authenticatedFetch
+                .mockResolvedValueOnce(recipientsResponse)
+                .mockResolvedValueOnce(submitResponse);
+            select.mockResolvedValueOnce(1).mockResolvedValueOnce(2);
+            input.mockResolvedValueOnce('This is a great piece of feedback that is long enough to pass validation easily.');
+            await feedbackCommand({});
+            expect(authenticatedFetch).toHaveBeenCalledWith('/feedback/recipients');
+            expect(select).toHaveBeenCalledTimes(2);
+            expect(input).toHaveBeenCalledTimes(1);
+            expect(authenticatedFetch).toHaveBeenCalledWith('/feedback', expect.objectContaining({
+                method: 'POST',
+                body: expect.stringContaining('"toUserId":1'),
+            }));
+        });
+        it('shows no recipients message when list is empty', async () => {
+            setupInteractiveMocks();
+            const recipientsResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue([]),
+            };
+            authenticatedFetch.mockResolvedValueOnce(recipientsResponse);
+            await feedbackCommand({});
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('No recipients'))).toBe(true);
+            // Should not call POST /feedback
+            expect(authenticatedFetch).toHaveBeenCalledTimes(1);
+        });
+        it('exits with error when recipients API fails', async () => {
+            setupInteractiveMocks();
+            const recipientsResponse = {
+                ok: false,
+                statusText: 'Forbidden',
+                json: vi.fn().mockResolvedValue({ error: 'Not allowed' }),
+            };
+            authenticatedFetch.mockResolvedValueOnce(recipientsResponse);
+            await expect(feedbackCommand({})).rejects.toThrow('process.exit(1)');
+            const errorCalls = console.error.mock.calls.map((c) => String(c[0]));
+            expect(errorCalls.some((msg) => msg.includes('Not allowed'))).toBe(true);
+        });
+        it('exits with error when recipients fetch throws network error', async () => {
+            setupInteractiveMocks();
+            authenticatedFetch.mockRejectedValueOnce(new Error('Network error'));
+            await expect(feedbackCommand({})).rejects.toThrow('process.exit(1)');
+            const errorCalls = console.error.mock.calls.map((c) => String(c[0]));
+            expect(errorCalls.some((msg) => msg.includes('Failed to connect'))).toBe(true);
+        });
+        it('re-prompts when description is too short', async () => {
+            setupInteractiveMocks();
+            const recipientsResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue(mockRecipients),
+            };
+            const submitResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue({}),
+            };
+            authenticatedFetch
+                .mockResolvedValueOnce(recipientsResponse)
+                .mockResolvedValueOnce(submitResponse);
+            select.mockResolvedValueOnce(2).mockResolvedValueOnce(3);
+            input
+                .mockResolvedValueOnce('Too short')
+                .mockResolvedValueOnce('This description is now long enough to pass the fifty character minimum validation check.');
+            await feedbackCommand({});
+            expect(input).toHaveBeenCalledTimes(2);
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('Too short'))).toBe(true);
+        });
+        it('re-prompts when description is too long', async () => {
+            setupInteractiveMocks();
+            const recipientsResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue(mockRecipients),
+            };
+            const submitResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue({}),
+            };
+            authenticatedFetch
+                .mockResolvedValueOnce(recipientsResponse)
+                .mockResolvedValueOnce(submitResponse);
+            select.mockResolvedValueOnce(1).mockResolvedValueOnce(1);
+            input
+                .mockResolvedValueOnce('x'.repeat(501))
+                .mockResolvedValueOnce('This description is now exactly the right length to pass all validation checks successfully.');
+            await feedbackCommand({});
+            expect(input).toHaveBeenCalledTimes(2);
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('Too long'))).toBe(true);
+        });
+        it('falls back to recipients error statusText when no error body', async () => {
+            setupInteractiveMocks();
+            const recipientsResponse = {
+                ok: false,
+                statusText: 'Service Unavailable',
+                json: vi.fn().mockResolvedValue({}),
+            };
+            authenticatedFetch.mockResolvedValueOnce(recipientsResponse);
+            await expect(feedbackCommand({})).rejects.toThrow('process.exit(1)');
+            const errorCalls = console.error.mock.calls.map((c) => String(c[0]));
+            expect(errorCalls.some((msg) => msg.includes('Service Unavailable'))).toBe(true);
+        });
+    });
+});

package/dist/commands/init.js

@@ -75,6 +75,17 @@ description: >-
   plan, scopes to the current feature and appends results to the plan file.
 ---
 
+`,
+    'security-audit': `---
+user-invocable: true
+description: >-
+  Run a comprehensive security posture audit across the entire platform.
+  Use when the developer wants to assess security, says "security audit",
+  or "check our security posture". Covers infrastructure, encryption, auth,
+  application security, data protection, CI/CD, and compliance readiness.
+  Investigates all platform repositories for a holistic view.
+---
+
 `,
     validate: `---
 user-invocable: true
@@ -143,6 +154,11 @@ description: Run a comprehensive project compliance audit against team standards
 description: Review the project's UI against usability heuristics using Chrome DevTools MCP.
 ---
 
+`,
+    'security-audit': `---
+description: Run a comprehensive security posture audit across the entire platform.
+---
+
 `,
     validate: `---
 description: Run the validation plan from the plan document after implementation.
@@ -302,6 +318,7 @@ export async function initCommand(options) {
         'debug',
         'audit',
         'ux-audit',
+        'security-audit',
         'update',
         'help',
     ];
@@ -336,7 +353,7 @@ export async function initCommand(options) {
                 await fs.writeFile(path.join(skillDir, 'SKILL.md'), skillContent, 'utf-8');
             }
         }
-        createdFiles.push('.claude/skills/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,update,help}/SKILL.md');
+        createdFiles.push('.claude/skills/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,security-audit,update,help}/SKILL.md');
     }
     // Cursor files
     if (tools.cursor) {
@@ -347,7 +364,7 @@ export async function initCommand(options) {
                 await fs.writeFile(path.join(cwd, `.cursor/commands/melt-${name}.md`), workflowContent, 'utf-8');
             }
         }
-        createdFiles.push('.cursor/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,update,help}.md');
+        createdFiles.push('.cursor/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,security-audit,update,help}.md');
     }
     // OpenCode files
     if (tools.opencode) {
@@ -359,7 +376,7 @@ export async function initCommand(options) {
                 await fs.writeFile(path.join(cwd, `.opencode/commands/melt-${name}.md`), commandContent, 'utf-8');
             }
         }
-        createdFiles.push('.opencode/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,update,help}.md');
+        createdFiles.push('.opencode/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,security-audit,update,help}.md');
     }
     // Print summary
     console.log(chalk.green('Created files:'));
@@ -371,7 +388,7 @@ export async function initCommand(options) {
         console.log(chalk.cyan('Want support for your tool? Let us know in #dev on Slack'));
         console.log();
     }
-    const commandNames = 'melt-setup, melt-plan, melt-validate, melt-review, melt-pr, melt-debug, melt-audit, melt-ux-audit, melt-update, melt-help';
+    const commandNames = 'melt-setup, melt-plan, melt-validate, melt-review, melt-pr, melt-debug, melt-audit, melt-ux-audit, melt-security-audit, melt-update, melt-help';
     if (tools.claude) {
         console.log(chalk.dim(`Available skills: /${commandNames.replace(/, /g, ', /')}`));
     }

package/dist/commands/init.test.d.ts

@@ -0,0 +1 @@
+export {};