@unifiedmemory/cli 1.3.1 → 1.3.7

package/tests/unit/mcp-proxy.test.js

@@ -0,0 +1,459 @@
+/**
+ * Unit tests for lib/mcp-proxy.js
+ *
+ * Tests MCP proxy functions including tool schema transformation
+ * and context parameter injection.
+ *
+ * Note: The internal transformToolSchema and injectContextParams functions
+ * are tested indirectly through the exported functions.
+ */
+
+import { describe, it, expect, vi, beforeAll, afterAll, afterEach } from 'vitest';
+import { setupServer } from 'msw/node';
+import { http, HttpResponse } from 'msw';
+
+const GATEWAY_MCP_URL = 'https://rose-asp-main-1c0b114.d2.zuplo.dev/mcp';
+
+// Sample tool with pathParams and headers that should be transformed
+const sampleToolWithContext = {
+  name: 'create_note',
+  description: 'Create a new note',
+  inputSchema: {
+    type: 'object',
+    properties: {
+      content: { type: 'string', description: 'Note content' },
+      pathParams: {
+        type: 'object',
+        properties: {
+          org: { type: 'string', description: 'Organization ID' },
+          proj: { type: 'string', description: 'Project ID' },
+          user: { type: 'string', description: 'User ID' },
+        },
+        required: ['org', 'proj', 'user'],
+      },
+      headers: {
+        type: 'object',
+        properties: {
+          'X-Org-Id': { type: 'string' },
+          'X-User-Id': { type: 'string' },
+        },
+      },
+    },
+    required: ['content', 'pathParams', 'headers'],
+  },
+};
+
+// Tool with no context params (should remain unchanged)
+const sampleToolNoContext = {
+  name: 'get_health',
+  description: 'Check health status',
+  inputSchema: {
+    type: 'object',
+    properties: {
+      verbose: { type: 'boolean', description: 'Include details' },
+    },
+  },
+};
+
+// Setup MSW server for mocking fetch
+const server = setupServer();
+
+beforeAll(() => server.listen({ onUnhandledRequest: 'bypass' }));
+afterEach(() => server.resetHandlers());
+afterAll(() => server.close());
+
+describe('mcp-proxy', () => {
+  describe('fetchRemoteMCPTools', () => {
+    it('should fetch tools and transform schemas to hide context params', async () => {
+      // Setup mock response
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            result: {
+              tools: [sampleToolWithContext, sampleToolNoContext],
+            },
+          });
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      const result = await fetchRemoteMCPTools({
+        Authorization: 'Bearer test_token',
+        'X-Org-Id': 'org_123',
+      });
+
+      expect(result.tools).toHaveLength(2);
+
+      // First tool should have pathParams context removed
+      const transformedTool = result.tools[0];
+      expect(transformedTool.name).toBe('create_note');
+
+      // org, proj, user should be removed from pathParams
+      const pathParamProps = transformedTool.inputSchema.properties.pathParams?.properties || {};
+      expect(pathParamProps.org).toBeUndefined();
+      expect(pathParamProps.proj).toBeUndefined();
+      expect(pathParamProps.user).toBeUndefined();
+
+      // headers should be removed entirely
+      expect(transformedTool.inputSchema.properties.headers).toBeUndefined();
+
+      // headers should be removed from required array
+      expect(transformedTool.inputSchema.required).not.toContain('headers');
+
+      // Second tool should remain relatively unchanged
+      const healthTool = result.tools[1];
+      expect(healthTool.name).toBe('get_health');
+      expect(healthTool.inputSchema.properties.verbose).toBeDefined();
+    });
+
+    it('should handle empty tools list', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            result: { tools: [] },
+          });
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      const result = await fetchRemoteMCPTools({
+        Authorization: 'Bearer test_token',
+      });
+
+      expect(result.tools).toEqual([]);
+    });
+
+    it('should throw error on 401 unauthorized response', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json(
+            { error: 'Unauthorized' },
+            { status: 401 }
+          );
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      await expect(
+        fetchRemoteMCPTools({ Authorization: 'Bearer invalid_token' })
+      ).rejects.toThrow('Authentication failed');
+    });
+
+    it('should throw error on 403 forbidden response', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json(
+            { error: 'Forbidden' },
+            { status: 403 }
+          );
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      await expect(
+        fetchRemoteMCPTools({ Authorization: 'Bearer test_token' })
+      ).rejects.toThrow('Access denied');
+    });
+
+    it('should throw error on MCP protocol error response', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            error: { code: -32600, message: 'Invalid Request' },
+          });
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      await expect(
+        fetchRemoteMCPTools({ Authorization: 'Bearer test_token' })
+      ).rejects.toThrow('MCP error');
+    });
+
+    it('should throw connection error on network failure', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.error();
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      await expect(
+        fetchRemoteMCPTools({ Authorization: 'Bearer test_token' })
+      ).rejects.toThrow();
+    });
+  });
+
+  describe('callRemoteMCPTool', () => {
+    it('should inject context params into tool call', async () => {
+      let capturedBody = null;
+
+      server.use(
+        http.post(GATEWAY_MCP_URL, async ({ request }) => {
+          capturedBody = await request.json();
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            result: {
+              content: [{ type: 'text', text: 'Success' }],
+            },
+          });
+        })
+      );
+
+      const { callRemoteMCPTool } = await import('../../lib/mcp-proxy.js');
+
+      const authHeaders = {
+        Authorization: 'Bearer test_token',
+      };
+
+      const authContext = {
+        decoded: { sub: 'user_123' },
+        selectedOrg: { id: 'org_456' },
+      };
+
+      const projectContext = {
+        project_id: 'proj_789',
+        org_id: 'org_456',
+      };
+
+      await callRemoteMCPTool(
+        'create_note',
+        { content: 'Test note' },
+        authHeaders,
+        authContext,
+        projectContext
+      );
+
+      // Verify context was injected
+      expect(capturedBody.params.arguments.pathParams.user).toBe('user_123');
+      expect(capturedBody.params.arguments.pathParams.org).toBe('org_456');
+      expect(capturedBody.params.arguments.pathParams.proj).toBe('proj_789');
+      expect(capturedBody.params.arguments.headers['X-User-Id']).toBe('user_123');
+      expect(capturedBody.params.arguments.headers['X-Org-Id']).toBe('org_456');
+    });
+
+    it('should fallback to user_id for org when no selectedOrg', async () => {
+      let capturedBody = null;
+
+      server.use(
+        http.post(GATEWAY_MCP_URL, async ({ request }) => {
+          capturedBody = await request.json();
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            result: { content: [] },
+          });
+        })
+      );
+
+      const { callRemoteMCPTool } = await import('../../lib/mcp-proxy.js');
+
+      const authContext = {
+        decoded: { sub: 'user_123' },
+        // No selectedOrg
+      };
+
+      await callRemoteMCPTool(
+        'create_note',
+        {},
+        { Authorization: 'Bearer test' },
+        authContext,
+        null
+      );
+
+      // Org should fallback to user_id
+      expect(capturedBody.params.arguments.pathParams.org).toBe('user_123');
+      expect(capturedBody.params.arguments.headers['X-Org-Id']).toBe('user_123');
+    });
+
+    it('should return tool execution result', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            result: {
+              content: [
+                { type: 'text', text: 'Note created successfully' },
+                { type: 'text', text: 'Note ID: note_123' },
+              ],
+            },
+          });
+        })
+      );
+
+      const { callRemoteMCPTool } = await import('../../lib/mcp-proxy.js');
+
+      const result = await callRemoteMCPTool(
+        'create_note',
+        { content: 'Test' },
+        { Authorization: 'Bearer test' },
+        { decoded: { sub: 'user_123' } },
+        null
+      );
+
+      expect(result.content).toHaveLength(2);
+      expect(result.content[0].text).toBe('Note created successfully');
+    });
+
+    it('should throw error on tool execution failure', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            error: { code: -32000, message: 'Note creation failed: duplicate content' },
+          });
+        })
+      );
+
+      const { callRemoteMCPTool } = await import('../../lib/mcp-proxy.js');
+
+      await expect(
+        callRemoteMCPTool(
+          'create_note',
+          { content: 'Duplicate' },
+          { Authorization: 'Bearer test' },
+          { decoded: { sub: 'user_123' } },
+          null
+        )
+      ).rejects.toThrow('Tool execution failed');
+    });
+
+    it('should throw 401 error message for unauthorized', async () => {
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json(
+            { error: 'Token expired' },
+            { status: 401 }
+          );
+        })
+      );
+
+      const { callRemoteMCPTool } = await import('../../lib/mcp-proxy.js');
+
+      await expect(
+        callRemoteMCPTool(
+          'create_note',
+          {},
+          { Authorization: 'Bearer expired' },
+          { decoded: { sub: 'user_123' } },
+          null
+        )
+      ).rejects.toThrow('um login');
+    });
+  });
+
+  describe('schema transformation edge cases', () => {
+    it('should handle tool with pathParams but empty after context removal', async () => {
+      const toolWithOnlyContextParams = {
+        name: 'context_only_tool',
+        description: 'Tool with only context params',
+        inputSchema: {
+          type: 'object',
+          properties: {
+            pathParams: {
+              type: 'object',
+              properties: {
+                org: { type: 'string' },
+                proj: { type: 'string' },
+              },
+              required: ['org', 'proj'],
+            },
+          },
+          required: ['pathParams'],
+        },
+      };
+
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            result: { tools: [toolWithOnlyContextParams] },
+          });
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      const result = await fetchRemoteMCPTools({
+        Authorization: 'Bearer test',
+      });
+
+      const transformed = result.tools[0];
+
+      // pathParams should be removed entirely since it's empty after context removal
+      expect(transformed.inputSchema.properties.pathParams).toBeUndefined();
+
+      // pathParams should also be removed from required array (or required should be undefined/empty)
+      if (transformed.inputSchema.required) {
+        expect(transformed.inputSchema.required).not.toContain('pathParams');
+      }
+    });
+
+    it('should preserve non-context pathParams properties', async () => {
+      const toolWithMixedParams = {
+        name: 'mixed_params_tool',
+        description: 'Tool with mixed params',
+        inputSchema: {
+          type: 'object',
+          properties: {
+            pathParams: {
+              type: 'object',
+              properties: {
+                org: { type: 'string' },
+                noteId: { type: 'string', description: 'Note ID' },
+                version: { type: 'number', description: 'Version number' },
+              },
+              required: ['org', 'noteId'],
+            },
+          },
+          required: ['pathParams'],
+        },
+      };
+
+      server.use(
+        http.post(GATEWAY_MCP_URL, () => {
+          return HttpResponse.json({
+            jsonrpc: '2.0',
+            id: 1,
+            result: { tools: [toolWithMixedParams] },
+          });
+        })
+      );
+
+      const { fetchRemoteMCPTools } = await import('../../lib/mcp-proxy.js');
+
+      const result = await fetchRemoteMCPTools({
+        Authorization: 'Bearer test',
+      });
+
+      const transformed = result.tools[0];
+
+      // noteId and version should be preserved
+      expect(transformed.inputSchema.properties.pathParams.properties.noteId).toBeDefined();
+      expect(transformed.inputSchema.properties.pathParams.properties.version).toBeDefined();
+
+      // org should be removed
+      expect(transformed.inputSchema.properties.pathParams.properties.org).toBeUndefined();
+
+      // required should only have noteId (org removed)
+      expect(transformed.inputSchema.properties.pathParams.required).toContain('noteId');
+      expect(transformed.inputSchema.properties.pathParams.required).not.toContain('org');
+    });
+  });
+});