@pyreon/mcp 0.13.1 → 0.14.0

package/src/tests/test-audit-server.test.ts

@@ -0,0 +1,128 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js'
+import { InMemoryTransport } from '@modelcontextprotocol/sdk/inMemory.js'
+import { createServer } from '../index'
+
+// MCP server <-> client round-trip for the T2.5.7 audit_test_environment
+// tool. Same InMemoryTransport shape as the other tool tests so we
+// exercise registration, JSON-RPC framing, and the formatter in
+// one pass.
+
+async function newClient(): Promise<{ client: Client; close: () => Promise<void> }> {
+  const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair()
+  const server = createServer()
+  await server.connect(serverTransport)
+  const client = new Client({ name: 'test', version: '0.0.0' })
+  await client.connect(clientTransport)
+  return {
+    client,
+    close: async () => {
+      await client.close()
+      await server.close()
+    },
+  }
+}
+
+async function callTool(
+  client: Client,
+  name: string,
+  args: Record<string, unknown>,
+): Promise<string> {
+  const result = (await client.callTool({ name, arguments: args })) as {
+    content: Array<{ type: string; text: string }>
+  }
+  expect(result.content[0]!.type).toBe('text')
+  return result.content[0]!.text
+}
+
+describe('MCP server — audit_test_environment tool', () => {
+  it('returns a risk-grouped audit with defaults (minRisk=medium)', async () => {
+    const { client, close } = await newClient()
+    try {
+      const text = await callTool(client, 'audit_test_environment', {})
+      expect(text).toMatch(/^# Test environment audit — \d+ test files scanned/)
+      // Label is markdown-bolded as `**Mock-vnode exposure**:`, so
+      // match the substring rather than the literal label.
+      expect(text).toMatch(/Mock-vnode exposure.*\d+ \/ \d+/)
+      expect(text).toMatch(/Risk counts.*\d+ high/)
+      // At default minRisk='medium', either at least one HIGH/MEDIUM
+      // group surfaces, OR the "no files at risk level …" sentinel
+      // appears (the case after the T1.2 cleanup brought both counts
+      // to zero). The HIGH/MEDIUM section path is covered by the
+      // synthetic-fixture tests in the compiler package.
+      expect(text).toMatch(/^## (HIGH|MEDIUM)|No files at risk level/m)
+    } finally {
+      await close()
+    }
+  })
+
+  it('honours minRisk="high" — hides MEDIUM entries', async () => {
+    const { client, close } = await newClient()
+    try {
+      const text = await callTool(client, 'audit_test_environment', { minRisk: 'high' })
+      expect(text).not.toMatch(/^## MEDIUM/m)
+    } finally {
+      await close()
+    }
+  })
+
+  it('honours minRisk="low" — surfaces every risk tier present', async () => {
+    const { client, close } = await newClient()
+    try {
+      const text = await callTool(client, 'audit_test_environment', { minRisk: 'low', limit: 3 })
+      // With minRisk=low, every present risk tier surfaces. The repo
+      // currently has MEDIUM + LOW (HIGH count is 0 after the T1.2
+      // cleanup), so just verify LOW renders. The HIGH section
+      // appears when at least one HIGH file exists — covered by the
+      // synthetic-fixture tests in the compiler package.
+      expect(text).toMatch(/^## LOW/m)
+    } finally {
+      await close()
+    }
+  })
+
+  it('honours limit per risk group', async () => {
+    const { client, close } = await newClient()
+    try {
+      const text = await callTool(client, 'audit_test_environment', { limit: 2 })
+      // Any risk group that exceeds 2 entries must show the "showing 2" marker.
+      const groups = text.split(/^## /m).slice(1) // drop preamble
+      for (const group of groups) {
+        const header = group.split('\n')[0]!
+        const totalMatch = /—\s+(\d+)\s+files?/.exec(header)
+        if (!totalMatch) continue
+        const total = Number(totalMatch[1])
+        if (total > 2) {
+          expect(header).toContain('showing 2')
+        }
+      }
+    } finally {
+      await close()
+    }
+  })
+
+  it('rejects an unknown minRisk via zod', async () => {
+    const { client, close } = await newClient()
+    try {
+      const result = (await client.callTool({
+        name: 'audit_test_environment',
+        arguments: { minRisk: 'bogus' },
+      })) as { isError?: boolean; content: Array<{ type: string; text: string }> }
+      expect(result.isError).toBe(true)
+    } finally {
+      await close()
+    }
+  })
+
+  it('rejects a negative limit via zod', async () => {
+    const { client, close } = await newClient()
+    try {
+      const result = (await client.callTool({
+        name: 'audit_test_environment',
+        arguments: { limit: -1 },
+      })) as { isError?: boolean; content: Array<{ type: string; text: string }> }
+      expect(result.isError).toBe(true)
+    } finally {
+      await close()
+    }
+  })
+})

package/src/tests/validate.test.ts

@@ -0,0 +1,69 @@
+import { detectPyreonPatterns, detectReactPatterns } from '@pyreon/compiler'
+
+// The MCP `validate` tool handler lives in index.ts and simply merges
+// the results of both detectors. The handler cannot be exercised in-
+// process without standing up an MCP transport, so this test locks
+// down the merge contract: for a snippet that carries BOTH React
+// patterns (coming-from-React mistakes) AND Pyreon patterns (using-
+// Pyreon-wrong mistakes), both detectors must fire and the union must
+// be what the handler returns. This is the regression test for the
+// T2.5.2 extension that added the Pyreon detector alongside the React
+// detector.
+
+describe('MCP validate — merged detector surface', () => {
+  it('returns BOTH React and Pyreon diagnostics on a mixed snippet', () => {
+    const code = `
+      import { useState } from 'react'
+
+      const Counter = ({ count }: { count: number }) => {
+        const [local, setLocal] = useState(count)
+        return <For each={items}>{(i) => <li className="x" />}</For>
+      }
+    `
+    const react = detectReactPatterns(code)
+    const pyreon = detectPyreonPatterns(code)
+
+    const reactCodes = new Set(react.map((d) => d.code))
+    const pyreonCodes = new Set(pyreon.map((d) => d.code))
+
+    // React detector catches: useState, react import, className
+    expect(reactCodes.has('use-state')).toBe(true)
+    expect(reactCodes.has('react-import')).toBe(true)
+    expect(reactCodes.has('class-name-prop')).toBe(true)
+
+    // Pyreon detector catches: destructured props, missing `by`
+    expect(pyreonCodes.has('props-destructured')).toBe(true)
+    expect(pyreonCodes.has('for-missing-by')).toBe(true)
+  })
+
+  it('does not double-flag anything between the two detectors', () => {
+    // Both detectors know about className — but it belongs to the
+    // React detector (coming-from-React mistake). The Pyreon detector
+    // must NOT duplicate it.
+    const code = `<div className="x" />`
+    const reactCodes = new Set(detectReactPatterns(code).map((d) => d.code))
+    const pyreonCodes = new Set(detectPyreonPatterns(code).map((d) => d.code))
+    expect(reactCodes.has('class-name-prop')).toBe(true)
+    // The Pyreon detector does NOT claim className ownership.
+    expect(pyreonCodes.has('class-name-prop' as never)).toBe(false)
+  })
+
+  it('returns zero diagnostics across both detectors for idiomatic Pyreon code', () => {
+    const code = `
+      import { signal, effect } from '@pyreon/reactivity'
+      import { For } from '@pyreon/core'
+
+      const List = (props: { items: Array<{ id: string; name: string }> }) => {
+        const query = signal('')
+        effect(() => console.log('query changed', query()))
+        return (
+          <For each={props.items} by={(i) => i.id}>
+            {(i) => <li>{i.name}</li>}
+          </For>
+        )
+      }
+    `
+    expect(detectReactPatterns(code)).toEqual([])
+    expect(detectPyreonPatterns(code)).toEqual([])
+  })
+})