@ucptools/validator 1.0.0 → 1.1.0

package/tests/unit/compliance-generator.test.ts

@@ -1,374 +0,0 @@
-/**
- * Tests for GDPR/Privacy Compliance Generator
- */
-
-import { describe, it, expect } from 'vitest';
-import {
-    generateComplianceDocuments,
-    getAvailableRegions,
-    getLawfulBasisOptions,
-    getAiPlatformOptions,
-    AI_PLATFORM_PROCESSORS,
-    REGION_NAMES,
-    LAWFUL_BASIS_DESCRIPTIONS,
-} from '../../src/compliance/index.js';
-import type { ComplianceGeneratorInput } from '../../src/compliance/index.js';
-
-describe('Compliance Generator', () => {
-    describe('generateComplianceDocuments', () => {
-        const validInput: ComplianceGeneratorInput = {
-            companyName: 'Test Company',
-            companyEmail: 'privacy@test.com',
-            regions: ['eu'],
-            platforms: ['openai'],
-            lawfulBasis: 'contract',
-        };
-
-        it('should generate complete compliance documents', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            expect(result).toBeDefined();
-            expect(result.privacyAddendum).toBeDefined();
-            expect(result.snippets).toBeDefined();
-            expect(result.embedHtml).toBeDefined();
-            expect(result.plainText).toBeDefined();
-            expect(result.generatedAt).toBeDefined();
-            expect(result.lawfulBasis).toBe('contract');
-            expect(result.regions).toContain('eu');
-        });
-
-        it('should include company name in generated content', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            expect(result.snippets.aiCommerceSection).toContain('Test Company');
-            expect(result.plainText).toContain('Test Company');
-            expect(result.embedHtml).toContain('Test Company');
-        });
-
-        it('should include selected AI platforms', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                platforms: ['openai', 'google'],
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.processorDisclosures).toContain('OpenAI');
-            expect(result.snippets.processorDisclosures).toContain('Google');
-        });
-
-        it('should include GDPR-specific content for EU region', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            expect(result.snippets.aiCommerceSection).toContain('GDPR');
-            expect(result.snippets.dataSubjectRights).toContain('Article');
-        });
-
-        it('should include CCPA content for California region', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                regions: ['california'],
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.aiCommerceSection).toContain('California');
-            expect(result.snippets.aiCommerceSection).toContain('CCPA');
-        });
-
-        it('should include UK GDPR content for UK region', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                regions: ['uk'],
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.aiCommerceSection).toContain('United Kingdom');
-        });
-
-        it('should include marketing consent when requested', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                includeMarketingConsent: true,
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.marketingOptIn).toBeDefined();
-            expect(result.snippets.marketingOptIn).toContain('marketing');
-            expect(result.snippets.consentLanguage).toContain('marketing');
-        });
-
-        it('should not include marketing consent when not requested', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                includeMarketingConsent: false,
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.marketingOptIn).toBeUndefined();
-        });
-
-        it('should include data retention section when requested', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                includeDataRetention: true,
-                retentionPeriodYears: 5,
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            const retentionSection = result.privacyAddendum.sections.find(s => s.id === 'retention');
-            expect(retentionSection).toBeDefined();
-            expect(retentionSection?.content).toContain('5 years');
-        });
-
-        it('should use default retention period of 7 years', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                includeDataRetention: true,
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            const retentionSection = result.privacyAddendum.sections.find(s => s.id === 'retention');
-            expect(retentionSection?.content).toContain('7 years');
-        });
-
-        it('should include correct lawful basis information', () => {
-            const bases: Array<ComplianceGeneratorInput['lawfulBasis']> = ['contract', 'consent', 'legitimate', 'legal'];
-
-            for (const basis of bases) {
-                const input: ComplianceGeneratorInput = {
-                    ...validInput,
-                    lawfulBasis: basis,
-                };
-
-                const result = generateComplianceDocuments(input);
-                const basisInfo = LAWFUL_BASIS_DESCRIPTIONS[basis];
-
-                expect(result.snippets.aiCommerceSection).toContain(basisInfo.title);
-                expect(result.lawfulBasis).toBe(basis);
-            }
-        });
-
-        it('should include DPO email when provided', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                dpoEmail: 'dpo@test.com',
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.dataSubjectRights).toContain('dpo@test.com');
-        });
-
-        it('should include additional custom processors', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                additionalProcessors: [
-                    {
-                        name: 'Custom Processor Inc',
-                        purpose: 'Custom processing',
-                        country: 'Germany',
-                    },
-                ],
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.processorDisclosures).toContain('Custom Processor Inc');
-            expect(result.snippets.processorDisclosures).toContain('Germany');
-        });
-
-        it('should generate valid HTML embed code', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            expect(result.embedHtml).toContain('<div class="ucp-privacy-addendum">');
-            expect(result.embedHtml).toContain('</div>');
-            expect(result.embedHtml).toContain('<style>');
-        });
-
-        it('should include multiple regions when selected', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                regions: ['eu', 'uk', 'california'],
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.regions).toHaveLength(3);
-            expect(result.snippets.aiCommerceSection).toContain('GDPR');
-            expect(result.snippets.aiCommerceSection).toContain('California');
-        });
-
-        it('should throw error for missing company name', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                companyName: '',
-            };
-
-            expect(() => generateComplianceDocuments(input)).toThrow('Company name is required');
-        });
-
-        it('should throw error for empty regions', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                regions: [],
-            };
-
-            expect(() => generateComplianceDocuments(input)).toThrow('At least one region must be selected');
-        });
-
-        it('should throw error for empty platforms', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                platforms: [],
-            };
-
-            expect(() => generateComplianceDocuments(input)).toThrow('At least one AI platform must be selected');
-        });
-
-        it('should include consent language for checkout', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            expect(result.snippets.consentLanguage).toContain('checkout');
-            expect(result.snippets.consentLanguage).toContain('AI shopping assistant');
-        });
-
-        it('should include tracking notice', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            expect(result.snippets.trackingNotice).toBeDefined();
-            expect(result.snippets.trackingNotice).toContain('cookie');
-            expect(result.snippets.trackingNotice).toContain('AI agent');
-        });
-
-        it('should include disclaimer in generated documents', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            expect(result.privacyAddendum.disclaimer).toContain('NOT constitute legal advice');
-            expect(result.plainText).toContain('DISCLAIMER');
-        });
-
-        it('should include all required sections in privacy addendum', () => {
-            const result = generateComplianceDocuments(validInput);
-
-            const sectionIds = result.privacyAddendum.sections.map(s => s.id);
-            expect(sectionIds).toContain('ai-commerce');
-            expect(sectionIds).toContain('processors');
-            expect(sectionIds).toContain('rights');
-            expect(sectionIds).toContain('tracking');
-        });
-
-        it('should handle Microsoft Copilot platform', () => {
-            const input: ComplianceGeneratorInput = {
-                ...validInput,
-                platforms: ['microsoft'],
-            };
-
-            const result = generateComplianceDocuments(input);
-
-            expect(result.snippets.processorDisclosures).toContain('Microsoft');
-            expect(result.snippets.processorDisclosures).toContain('Copilot');
-        });
-    });
-
-    describe('getAvailableRegions', () => {
-        it('should return all available regions', () => {
-            const regions = getAvailableRegions();
-
-            expect(regions).toHaveLength(4);
-            expect(regions.map(r => r.id)).toContain('eu');
-            expect(regions.map(r => r.id)).toContain('uk');
-            expect(regions.map(r => r.id)).toContain('california');
-            expect(regions.map(r => r.id)).toContain('global');
-        });
-
-        it('should include display names for regions', () => {
-            const regions = getAvailableRegions();
-
-            const euRegion = regions.find(r => r.id === 'eu');
-            expect(euRegion?.name).toContain('GDPR');
-        });
-    });
-
-    describe('getLawfulBasisOptions', () => {
-        it('should return all lawful basis options', () => {
-            const options = getLawfulBasisOptions();
-
-            expect(options).toHaveLength(4);
-            expect(options.map(o => o.id)).toContain('contract');
-            expect(options.map(o => o.id)).toContain('consent');
-            expect(options.map(o => o.id)).toContain('legitimate');
-            expect(options.map(o => o.id)).toContain('legal');
-        });
-
-        it('should include descriptions and GDPR articles', () => {
-            const options = getLawfulBasisOptions();
-
-            const contractOption = options.find(o => o.id === 'contract');
-            expect(contractOption?.title).toBeDefined();
-            expect(contractOption?.description).toBeDefined();
-            expect(contractOption?.gdprArticle).toContain('Article');
-        });
-    });
-
-    describe('getAiPlatformOptions', () => {
-        it('should return all AI platform options', () => {
-            const options = getAiPlatformOptions();
-
-            expect(options.length).toBeGreaterThanOrEqual(3);
-            expect(options.map(o => o.id)).toContain('openai');
-            expect(options.map(o => o.id)).toContain('google');
-            expect(options.map(o => o.id)).toContain('microsoft');
-        });
-
-        it('should include platform names and descriptions', () => {
-            const options = getAiPlatformOptions();
-
-            const openaiOption = options.find(o => o.id === 'openai');
-            expect(openaiOption?.name).toContain('OpenAI');
-            expect(openaiOption?.description).toBeDefined();
-        });
-    });
-
-    describe('AI_PLATFORM_PROCESSORS', () => {
-        it('should have processor info for all main platforms', () => {
-            expect(AI_PLATFORM_PROCESSORS.openai).toBeDefined();
-            expect(AI_PLATFORM_PROCESSORS.google).toBeDefined();
-            expect(AI_PLATFORM_PROCESSORS.microsoft).toBeDefined();
-        });
-
-        it('should include privacy policy URLs', () => {
-            expect(AI_PLATFORM_PROCESSORS.openai.privacyPolicyUrl).toContain('openai.com');
-            expect(AI_PLATFORM_PROCESSORS.google.privacyPolicyUrl).toContain('google.com');
-            expect(AI_PLATFORM_PROCESSORS.microsoft.privacyPolicyUrl).toContain('microsoft.com');
-        });
-    });
-
-    describe('REGION_NAMES', () => {
-        it('should have display names for all regions', () => {
-            expect(REGION_NAMES.eu).toContain('European Union');
-            expect(REGION_NAMES.uk).toContain('United Kingdom');
-            expect(REGION_NAMES.california).toContain('California');
-            expect(REGION_NAMES.global).toContain('Global');
-        });
-    });
-
-    describe('LAWFUL_BASIS_DESCRIPTIONS', () => {
-        it('should have descriptions for all lawful bases', () => {
-            expect(LAWFUL_BASIS_DESCRIPTIONS.contract.title).toBeDefined();
-            expect(LAWFUL_BASIS_DESCRIPTIONS.consent.title).toBeDefined();
-            expect(LAWFUL_BASIS_DESCRIPTIONS.legitimate.title).toBeDefined();
-            expect(LAWFUL_BASIS_DESCRIPTIONS.legal.title).toBeDefined();
-        });
-
-        it('should include GDPR article references', () => {
-            expect(LAWFUL_BASIS_DESCRIPTIONS.contract.gdprArticle).toContain('6(1)(b)');
-            expect(LAWFUL_BASIS_DESCRIPTIONS.consent.gdprArticle).toContain('6(1)(a)');
-        });
-    });
-});

package/tests/unit/directory-service.test.ts

@@ -1,272 +0,0 @@
-/**
- * Unit Tests for Directory Service
- * Tests Issue #1: UCP Merchant Directory
- */
-
-import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
-
-// Mock the database module before importing the service
-vi.mock('../../src/db/index.js', () => {
-  const mockMerchants: any[] = [];
-
-  return {
-    getDb: vi.fn(() => ({
-      select: vi.fn(() => ({
-        from: vi.fn(() => ({
-          where: vi.fn(() => ({
-            orderBy: vi.fn(() => ({
-              limit: vi.fn(() => ({
-                offset: vi.fn(() => Promise.resolve(mockMerchants)),
-              })),
-            })),
-            groupBy: vi.fn(() => ({
-              orderBy: vi.fn(() => Promise.resolve([])),
-            })),
-            limit: vi.fn(() => Promise.resolve([])),
-          })),
-        })),
-      })),
-      insert: vi.fn(() => ({
-        values: vi.fn(() => ({
-          returning: vi.fn(() => Promise.resolve([{ id: 'test-id', domain: 'test.com' }])),
-        })),
-      })),
-      update: vi.fn(() => ({
-        set: vi.fn(() => ({
-          where: vi.fn(() => Promise.resolve()),
-        })),
-      })),
-    })),
-    merchants: {
-      id: 'id',
-      domain: 'domain',
-      displayName: 'display_name',
-      isPublic: 'is_public',
-      category: 'category',
-      countryCode: 'country_code',
-      ucpScore: 'ucp_score',
-      ucpGrade: 'ucp_grade',
-      isVerified: 'is_verified',
-      createdAt: 'created_at',
-    },
-    benchmarkStats: {},
-    benchmarkSummary: {},
-  };
-});
-
-// Import after mocking
-import * as directoryService from '../../src/services/directory.js';
-
-describe('Directory Service', () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  afterEach(() => {
-    vi.restoreAllMocks();
-  });
-
-  describe('validateDomain', () => {
-    it('should return invalid for non-existent domain', async () => {
-      global.fetch = vi.fn().mockRejectedValue(new Error('ENOTFOUND'));
-
-      const result = await directoryService.validateDomain('nonexistent-domain-xyz.com');
-
-      expect(result.valid).toBe(false);
-      expect(result.error).toBeDefined();
-    });
-
-    it('should return invalid for HTTP error responses', async () => {
-      global.fetch = vi.fn().mockResolvedValue({
-        ok: false,
-        status: 404,
-      });
-
-      const result = await directoryService.validateDomain('example.com');
-
-      expect(result.valid).toBe(false);
-      expect(result.error).toContain('No UCP profile found');
-    });
-
-    it('should return invalid for malformed UCP profile', async () => {
-      global.fetch = vi.fn().mockResolvedValue({
-        ok: true,
-        text: () => Promise.resolve(JSON.stringify({ invalid: 'structure' })),
-      });
-
-      const result = await directoryService.validateDomain('example.com');
-
-      expect(result.valid).toBe(false);
-      expect(result.error).toBe('Invalid UCP profile structure');
-    });
-
-    it('should return valid with correct score for valid UCP profile', async () => {
-      const validProfile = {
-        ucp: {
-          version: '2024-01-01',
-          services: {
-            shopping: {
-              rest: { endpoint: 'https://api.example.com' },
-            },
-          },
-          capabilities: [
-            { name: 'dev.ucp.shopping.checkout' },
-            { name: 'dev.ucp.shopping.cart' },
-          ],
-        },
-        signing_keys: [{ kid: 'key1' }],
-      };
-
-      global.fetch = vi.fn().mockResolvedValue({
-        ok: true,
-        text: () => Promise.resolve(JSON.stringify(validProfile)),
-      });
-
-      const result = await directoryService.validateDomain('example.com');
-
-      expect(result.valid).toBe(true);
-      expect(result.score).toBeGreaterThanOrEqual(50);
-      expect(result.grade).toBeDefined();
-      expect(result.transports).toContain('REST');
-      expect(result.ucpVersion).toBe('2024-01-01');
-    });
-
-    it('should calculate correct score based on capabilities', async () => {
-      // Base profile: 50 points
-      // checkout: +20, cart: +10, order: +10, signing_keys: +10
-      const fullProfile = {
-        ucp: {
-          version: '2024-01-01',
-          services: { shopping: { rest: {} } },
-          capabilities: [
-            { name: 'dev.ucp.shopping.checkout' },
-            { name: 'dev.ucp.shopping.cart' },
-            { name: 'dev.ucp.shopping.order' },
-          ],
-        },
-        signing_keys: [{ kid: 'key1' }],
-      };
-
-      global.fetch = vi.fn().mockResolvedValue({
-        ok: true,
-        text: () => Promise.resolve(JSON.stringify(fullProfile)),
-      });
-
-      const result = await directoryService.validateDomain('example.com');
-
-      // 50 + 20 + 10 + 10 + 10 = 100
-      expect(result.score).toBe(100);
-      expect(result.grade).toBe('A');
-    });
-
-    it('should detect multiple transport types', async () => {
-      const multiTransportProfile = {
-        ucp: {
-          version: '2024-01-01',
-          services: {
-            shopping: {
-              rest: { endpoint: 'https://api.example.com' },
-              mcp: { server: 'mcp://example.com' },
-            },
-            catalog: {
-              a2a: { url: 'https://a2a.example.com' },
-            },
-          },
-          capabilities: [],
-        },
-      };
-
-      global.fetch = vi.fn().mockResolvedValue({
-        ok: true,
-        text: () => Promise.resolve(JSON.stringify(multiTransportProfile)),
-      });
-
-      const result = await directoryService.validateDomain('example.com');
-
-      expect(result.valid).toBe(true);
-      expect(result.transports).toContain('REST');
-      expect(result.transports).toContain('MCP');
-      expect(result.transports).toContain('A2A');
-    });
-  });
-
-  describe('listMerchants', () => {
-    it('should apply default pagination', async () => {
-      const result = await directoryService.listMerchants({});
-
-      expect(result.pagination.page).toBe(1);
-      expect(result.pagination.limit).toBe(20);
-    });
-
-    it('should enforce maximum limit of 100', async () => {
-      const result = await directoryService.listMerchants({ limit: 500 });
-
-      expect(result.pagination.limit).toBe(100);
-    });
-
-    it('should enforce minimum page of 1', async () => {
-      const result = await directoryService.listMerchants({ page: -5 });
-
-      expect(result.pagination.page).toBe(1);
-    });
-  });
-
-  describe('submitMerchant', () => {
-    it('should clean domain properly', async () => {
-      global.fetch = vi.fn().mockResolvedValue({
-        ok: true,
-        text: () => Promise.resolve(JSON.stringify({
-          ucp: { version: '2024-01-01', services: {}, capabilities: [] },
-        })),
-      });
-
-      // The function should strip protocol and trailing slash
-      await directoryService.submitMerchant({
-        domain: 'https://EXAMPLE.COM/',
-      });
-
-      expect(global.fetch).toHaveBeenCalledWith(
-        'https://example.com/.well-known/ucp',
-        expect.any(Object)
-      );
-    });
-  });
-});
-
-describe('Grade Calculation', () => {
-  it('should assign correct grades based on score', async () => {
-    const testCases = [
-      { score: 95, expectedGrade: 'A' },
-      { score: 90, expectedGrade: 'A' },
-      { score: 85, expectedGrade: 'B' },
-      { score: 80, expectedGrade: 'B' },
-      { score: 75, expectedGrade: 'C' },
-      { score: 70, expectedGrade: 'C' },
-      { score: 65, expectedGrade: 'D' },
-      { score: 60, expectedGrade: 'D' },
-      { score: 55, expectedGrade: 'F' },
-      { score: 0, expectedGrade: 'F' },
-    ];
-
-    for (const { score, expectedGrade } of testCases) {
-      const profile = {
-        ucp: {
-          version: '2024-01-01',
-          services: { s: { rest: {} } },
-          capabilities: score >= 70 ? [{ name: 'dev.ucp.shopping.checkout' }] : [],
-        },
-        signing_keys: score >= 60 ? [{}] : undefined,
-      };
-
-      global.fetch = vi.fn().mockResolvedValue({
-        ok: true,
-        text: () => Promise.resolve(JSON.stringify(profile)),
-      });
-
-      const result = await directoryService.validateDomain('test.com');
-
-      // Verify grade assignment logic works (scores may vary based on capabilities)
-      expect(['A', 'B', 'C', 'D', 'F']).toContain(result.grade);
-    }
-  });
-});