@vibecheckai/cli 3.5.0 → 3.5.2

package/mcp-server/registry.test.ts

@@ -0,0 +1,334 @@
+/**
+ * Registry Tests
+ * 
+ * Ensures every tool in the registry has:
+ * - Valid input/output schemas
+ * - CLI mapping with command
+ * - Proper tier assignment
+ * - Required metadata
+ */
+
+import { describe, it, expect, beforeAll } from "vitest";
+import * as fs from "fs";
+import * as path from "path";
+import Ajv from "ajv";
+
+import {
+  getAllTools,
+  getToolByName,
+  listToolNames,
+  getToolsByTier,
+  getToolsByCategory,
+  validateRegistry,
+} from "./handlers/tool-handler";
+import type { ToolDefinition } from "./lib/types";
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// TEST SETUP
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const ajv = new Ajv({ allErrors: true, strict: false });
+
+// Load registry directly for raw tests
+const registryPath = path.join(__dirname, "registry/tools.json");
+let rawRegistry: { tools: Record<string, ToolDefinition> };
+
+beforeAll(() => {
+  const content = fs.readFileSync(registryPath, "utf-8");
+  rawRegistry = JSON.parse(content);
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// REGISTRY STRUCTURE TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("Registry Structure", () => {
+  it("should load registry file", () => {
+    expect(rawRegistry).toBeDefined();
+    expect(rawRegistry.tools).toBeDefined();
+    expect(Object.keys(rawRegistry.tools).length).toBeGreaterThan(0);
+  });
+
+  it("should have valid JSON schema structure", () => {
+    // Registry itself should be valid JSON
+    expect(() => JSON.stringify(rawRegistry)).not.toThrow();
+  });
+
+  it("should pass validateRegistry check", () => {
+    const result = validateRegistry();
+    expect(result.errors).toEqual([]);
+    expect(result.valid).toBe(true);
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// TOOL DEFINITION TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("Tool Definitions", () => {
+  const tools = getAllTools();
+
+  it("should have at least one tool", () => {
+    expect(tools.length).toBeGreaterThan(0);
+  });
+
+  describe.each(tools.map((t) => [t.name, t]))("%s", (name, tool) => {
+    // Required Fields
+    it("should have name matching key", () => {
+      expect(tool.name).toBe(name);
+    });
+
+    it("should have description", () => {
+      expect(tool.description).toBeDefined();
+      expect(tool.description.length).toBeGreaterThan(10);
+    });
+
+    it("should have valid tier", () => {
+      expect(["free", "pro"]).toContain(tool.tier);
+    });
+
+    it("should have valid category", () => {
+      const validCategories = ["scan", "proof", "authority", "report", "setup", "account", "conductor", "firewall"];
+      expect(validCategories).toContain(tool.category);
+    });
+
+    // Schema Tests
+    describe("Input Schema", () => {
+      it("should have inputSchema", () => {
+        expect(tool.inputSchema).toBeDefined();
+        expect(tool.inputSchema.type).toBe("object");
+      });
+
+      it("should have valid inputSchema (compiles)", () => {
+        expect(() => ajv.compile(tool.inputSchema)).not.toThrow();
+      });
+
+      it("should have properties defined", () => {
+        expect(tool.inputSchema.properties).toBeDefined();
+      });
+
+      it("should have additionalProperties set to false", () => {
+        expect(tool.inputSchema.additionalProperties).toBe(false);
+      });
+    });
+
+    describe("Output Schema", () => {
+      it("should have outputSchema", () => {
+        expect(tool.outputSchema).toBeDefined();
+        expect(tool.outputSchema.type).toBe("object");
+      });
+
+      it("should have valid outputSchema (compiles)", () => {
+        expect(() => ajv.compile(tool.outputSchema)).not.toThrow();
+      });
+    });
+
+    // CLI Mapping Tests
+    describe("CLI Mapping", () => {
+      it("should have cli mapping", () => {
+        expect(tool.cli).toBeDefined();
+      });
+
+      it("should have cli.command", () => {
+        expect(tool.cli.command).toBeDefined();
+        expect(tool.cli.command.length).toBeGreaterThan(0);
+      });
+
+      it("should have cli.argMap", () => {
+        expect(tool.cli.argMap).toBeDefined();
+        expect(typeof tool.cli.argMap).toBe("object");
+      });
+
+      it("should map all input properties to CLI flags", () => {
+        const inputProps = Object.keys(tool.inputSchema.properties || {});
+        const mappedProps = Object.keys(tool.cli.argMap);
+        
+        // Every input property should have a mapping (can be empty string for positional)
+        for (const prop of inputProps) {
+          // projectPath is commonly mapped, but we allow unmapped internal props
+          if (!["projectPath"].includes(prop)) {
+            expect(mappedProps).toContain(prop);
+          }
+        }
+      });
+
+      it("should have --json in fixedFlags", () => {
+        expect(tool.cli.fixedFlags).toContain("--json");
+      });
+
+      it("should have reasonable timeout", () => {
+        expect(tool.cli.timeoutMs).toBeGreaterThan(0);
+        expect(tool.cli.timeoutMs).toBeLessThanOrEqual(900000); // Max 15 minutes
+      });
+    });
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// TIER DISTRIBUTION TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("Tier Distribution", () => {
+  it("should have free tools", () => {
+    const freeTools = getToolsByTier("free");
+    expect(freeTools.length).toBeGreaterThan(0);
+  });
+
+  it("should have pro tools", () => {
+    const proTools = getToolsByTier("pro");
+    expect(proTools.length).toBeGreaterThan(0);
+  });
+
+  it("free tools should include scan, report, doctor, classify", () => {
+    const freeTools = getToolsByTier("free").map((t) => t.name);
+    expect(freeTools).toContain("vibecheck.scan");
+    expect(freeTools).toContain("vibecheck.report");
+    expect(freeTools).toContain("vibecheck.doctor");
+    expect(freeTools).toContain("vibecheck.classify");
+  });
+
+  it("pro tools should include ship, fix, prove, reality", () => {
+    const proTools = getToolsByTier("pro").map((t) => t.name);
+    expect(proTools).toContain("vibecheck.ship");
+    expect(proTools).toContain("vibecheck.fix");
+    expect(proTools).toContain("vibecheck.prove");
+    expect(proTools).toContain("vibecheck.reality");
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CATEGORY TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("Categories", () => {
+  it("should have tools in scan category", () => {
+    const scanTools = getToolsByCategory("scan");
+    expect(scanTools.length).toBeGreaterThan(0);
+  });
+
+  it("should have tools in proof category", () => {
+    const proofTools = getToolsByCategory("proof");
+    expect(proofTools.length).toBeGreaterThan(0);
+  });
+
+  it("should have tools in setup category", () => {
+    const setupTools = getToolsByCategory("setup");
+    expect(setupTools.length).toBeGreaterThan(0);
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ALIAS TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("Aliases", () => {
+  it("should resolve tool by alias", () => {
+    // vibecheck.scan has alias "scan"
+    const tool = getToolByName("scan");
+    expect(tool).not.toBeNull();
+    expect(tool?.name).toBe("vibecheck.scan");
+  });
+
+  it("should resolve tool by another alias", () => {
+    // vibecheck.ship has alias "verdict"
+    const tool = getToolByName("verdict");
+    expect(tool).not.toBeNull();
+    expect(tool?.name).toBe("vibecheck.ship");
+  });
+
+  it("should return null for unknown tool", () => {
+    const tool = getToolByName("nonexistent-tool");
+    expect(tool).toBeNull();
+  });
+
+  it("aliases should be unique across all tools", () => {
+    const allAliases: string[] = [];
+    const tools = getAllTools();
+
+    for (const tool of tools) {
+      if (tool.aliases) {
+        for (const alias of tool.aliases) {
+          expect(allAliases).not.toContain(alias);
+          allAliases.push(alias);
+        }
+      }
+    }
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CLI COMMAND MAPPING TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("CLI Command Mapping", () => {
+  const VALID_CLI_COMMANDS = new Set([
+    // From bin/registry.js
+    "init", "doctor", "watch", "scan", "report", "context", "classify",
+    "login", "logout", "whoami", "allowlist", "evidence-pack", "labs",
+    "ship", "fix", "prove", "reality", "gate", "guard", "mcp",
+    "checkpoint", "approve", "polish",
+  ]);
+
+  it("all tools should map to valid CLI commands", () => {
+    const tools = getAllTools();
+    
+    for (const tool of tools) {
+      expect(VALID_CLI_COMMANDS.has(tool.cli.command)).toBe(true);
+    }
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SCHEMA COMPLETENESS TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("Schema Completeness", () => {
+  it("all input properties should have descriptions", () => {
+    const tools = getAllTools();
+    
+    for (const tool of tools) {
+      const props = tool.inputSchema.properties || {};
+      for (const [propName, propSchema] of Object.entries(props)) {
+        expect(propSchema.description).toBeDefined();
+      }
+    }
+  });
+
+  it("all input properties should have types", () => {
+    const tools = getAllTools();
+    
+    for (const tool of tools) {
+      const props = tool.inputSchema.properties || {};
+      for (const [propName, propSchema] of Object.entries(props)) {
+        expect(propSchema.type).toBeDefined();
+      }
+    }
+  });
+
+  it("scan-related tools should output findings array", () => {
+    const scanTools = ["vibecheck.scan", "vibecheck.ship"];
+    
+    for (const toolName of scanTools) {
+      const tool = getToolByName(toolName);
+      expect(tool).not.toBeNull();
+      expect(tool?.outputSchema.properties?.findings).toBeDefined();
+    }
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// LISTING TESTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("Tool Listing", () => {
+  it("listToolNames should return all tool names", () => {
+    const names = listToolNames();
+    const tools = getAllTools();
+    
+    expect(names.length).toBe(tools.length);
+    
+    for (const tool of tools) {
+      expect(names).toContain(tool.name);
+    }
+  });
+});

package/mcp-server/tests/tier-gating.test.js

@@ -0,0 +1,297 @@
+/**
+ * MCP Tier Gating Tests
+ * 
+ * Verifies that:
+ * - FREE tier can run: scan, ctx, verify, report, status, doctor
+ * - FREE tier CANNOT run: prove, fix, ship, gate, badge
+ * - Option-level gates work (e.g., scan --autofix requires PRO)
+ * - Error responses use proper ErrorEnvelope format
+ */
+
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import {
+  FREE_TOOLS,
+  PRO_TOOLS,
+  OPTION_GATES,
+  getMcpToolAccess,
+  checkOptionAccess,
+  canAccessTool,
+  isPro,
+  getFirewallMode,
+  ERROR_CODES,
+  notEntitledError,
+  optionNotEntitledError,
+} from '../tier-auth.js';
+
+// Mock fetch for API calls
+global.fetch = vi.fn();
+
+describe('Tier System - Basic Access', () => {
+  beforeEach(() => {
+    vi.resetAllMocks();
+    // Reset any cached tier state
+    delete process.env.VIBECHECK_DEV_PRO;
+  });
+
+  describe('FREE tier access', () => {
+    it('FREE can access vibecheck.scan', () => {
+      expect(canAccessTool('free', 'vibecheck.scan')).toBe(true);
+    });
+
+    it('FREE can access vibecheck.ctx', () => {
+      expect(canAccessTool('free', 'vibecheck.ctx')).toBe(true);
+    });
+
+    it('FREE can access vibecheck.verify', () => {
+      expect(canAccessTool('free', 'vibecheck.verify')).toBe(true);
+    });
+
+    it('FREE can access vibecheck.report', () => {
+      expect(canAccessTool('free', 'vibecheck.report')).toBe(true);
+    });
+
+    it('FREE can access vibecheck.status', () => {
+      expect(canAccessTool('free', 'vibecheck.status')).toBe(true);
+    });
+
+    it('FREE can access vibecheck.doctor', () => {
+      expect(canAccessTool('free', 'vibecheck.doctor')).toBe(true);
+    });
+
+    it('FREE can access vibecheck.firewall (observe mode)', () => {
+      expect(canAccessTool('free', 'vibecheck.firewall')).toBe(true);
+    });
+
+    it('FREE can access authority.list', () => {
+      expect(canAccessTool('free', 'authority.list')).toBe(true);
+    });
+
+    it('FREE can access authority.classify', () => {
+      expect(canAccessTool('free', 'authority.classify')).toBe(true);
+    });
+
+    it('FREE can access vibecheck_conductor_status', () => {
+      expect(canAccessTool('free', 'vibecheck_conductor_status')).toBe(true);
+    });
+  });
+
+  describe('FREE tier denied access', () => {
+    it('FREE CANNOT access vibecheck.prove', () => {
+      expect(canAccessTool('free', 'vibecheck.prove')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck.fix', () => {
+      expect(canAccessTool('free', 'vibecheck.fix')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck.ship', () => {
+      expect(canAccessTool('free', 'vibecheck.ship')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck.gate', () => {
+      expect(canAccessTool('free', 'vibecheck.gate')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck.badge', () => {
+      expect(canAccessTool('free', 'vibecheck.badge')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck.reality', () => {
+      expect(canAccessTool('free', 'vibecheck.reality')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck.share', () => {
+      expect(canAccessTool('free', 'vibecheck.share')).toBe(false);
+    });
+
+    it('FREE CANNOT access authority.approve', () => {
+      expect(canAccessTool('free', 'authority.approve')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck_conductor_register', () => {
+      expect(canAccessTool('free', 'vibecheck_conductor_register')).toBe(false);
+    });
+
+    it('FREE CANNOT access vibecheck_agent_firewall_intercept', () => {
+      expect(canAccessTool('free', 'vibecheck_agent_firewall_intercept')).toBe(false);
+    });
+  });
+
+  describe('PRO tier access', () => {
+    it('PRO can access all FREE tools', () => {
+      for (const tool of FREE_TOOLS) {
+        expect(canAccessTool('pro', tool)).toBe(true);
+      }
+    });
+
+    it('PRO can access all PRO tools', () => {
+      for (const tool of PRO_TOOLS) {
+        expect(canAccessTool('pro', tool)).toBe(true);
+      }
+    });
+  });
+});
+
+describe('Option-Level Gates', () => {
+  describe('vibecheck.scan options', () => {
+    it('FREE can use scan without autofix', () => {
+      const result = checkOptionAccess('free', 'vibecheck.scan', {});
+      expect(result.allowed).toBe(true);
+    });
+
+    it('FREE CANNOT use scan --autofix', () => {
+      const result = checkOptionAccess('free', 'vibecheck.scan', { autofix: true });
+      expect(result.allowed).toBe(false);
+      expect(result.blockedOption).toBe('autofix');
+    });
+
+    it('FREE CANNOT use scan --fix', () => {
+      const result = checkOptionAccess('free', 'vibecheck.scan', { fix: true });
+      expect(result.allowed).toBe(false);
+      expect(result.blockedOption).toBe('fix');
+    });
+
+    it('PRO can use scan --autofix', () => {
+      const result = checkOptionAccess('pro', 'vibecheck.scan', { autofix: true });
+      expect(result.allowed).toBe(true);
+    });
+  });
+
+  describe('vibecheck.firewall options', () => {
+    it('FREE can use firewall observe mode', () => {
+      const result = checkOptionAccess('free', 'vibecheck.firewall', { mode: 'observe' });
+      expect(result.allowed).toBe(true);
+    });
+
+    it('FREE CANNOT use firewall enforce mode', () => {
+      const result = checkOptionAccess('free', 'vibecheck.firewall', { mode: 'enforce' });
+      expect(result.allowed).toBe(false);
+    });
+
+    it('PRO can use firewall enforce mode', () => {
+      const result = checkOptionAccess('pro', 'vibecheck.firewall', { mode: 'enforce' });
+      expect(result.allowed).toBe(true);
+    });
+  });
+});
+
+describe('ErrorEnvelope Format', () => {
+  it('notEntitledError returns proper ErrorEnvelope', () => {
+    const error = notEntitledError('vibecheck.prove', 'free', 'pro');
+    
+    expect(error.code).toBe('NOT_ENTITLED');
+    expect(error.message).toBe('Requires PRO');
+    expect(error.userAction).toBe('Open billing');
+    expect(error.retryable).toBe(false);
+    expect(error.tier).toBe('free');
+    expect(error.required).toBe('pro');
+    expect(error.tool).toBe('vibecheck.prove');
+    expect(error.upgradeUrl).toBe('https://vibecheckai.dev/pricing');
+    expect(error.nextSteps).toBeInstanceOf(Array);
+  });
+
+  it('optionNotEntitledError returns proper ErrorEnvelope', () => {
+    const error = optionNotEntitledError('vibecheck.scan', 'autofix', 'free', 'pro');
+    
+    expect(error.code).toBe('OPTION_NOT_ENTITLED');
+    expect(error.message).toContain('--autofix');
+    expect(error.userAction).toBe('Open billing');
+    expect(error.retryable).toBe(false);
+    expect(error.option).toBe('autofix');
+  });
+});
+
+describe('getMcpToolAccess', () => {
+  beforeEach(() => {
+    vi.resetAllMocks();
+    delete process.env.VIBECHECK_DEV_PRO;
+  });
+
+  it('returns hasAccess=true for FREE tool without API key', async () => {
+    const result = await getMcpToolAccess('vibecheck.scan', null, {});
+    
+    expect(result.hasAccess).toBe(true);
+    expect(result.tier).toBe('free');
+    expect(result.firewallMode).toBe('observe');
+  });
+
+  it('returns hasAccess=false for PRO tool without API key', async () => {
+    const result = await getMcpToolAccess('vibecheck.prove', null, {});
+    
+    expect(result.hasAccess).toBe(false);
+    expect(result.error).toBeDefined();
+    expect(result.error.code).toBe('NOT_ENTITLED');
+  });
+
+  it('returns hasAccess=false for FREE tool with PRO option', async () => {
+    const result = await getMcpToolAccess('vibecheck.scan', null, { autofix: true });
+    
+    expect(result.hasAccess).toBe(false);
+    expect(result.error.code).toBe('OPTION_NOT_ENTITLED');
+  });
+});
+
+describe('Firewall Mode', () => {
+  it('FREE tier gets observe mode', () => {
+    expect(getFirewallMode('free')).toBe('observe');
+  });
+
+  it('PRO tier gets enforce mode', () => {
+    expect(getFirewallMode('pro')).toBe('enforce');
+  });
+});
+
+describe('Developer Mode Bypass', () => {
+  it('VIBECHECK_DEV_PRO=1 grants PRO access', () => {
+    process.env.VIBECHECK_DEV_PRO = '1';
+    
+    expect(isPro('free')).toBe(true);
+    expect(canAccessTool('free', 'vibecheck.prove')).toBe(true);
+    expect(getFirewallMode('free')).toBe('enforce');
+    
+    delete process.env.VIBECHECK_DEV_PRO;
+  });
+});
+
+describe('Tool Lists Completeness', () => {
+  it('FREE_TOOLS includes all expected tools', () => {
+    const expectedFreeTools = [
+      'vibecheck.scan',
+      'vibecheck.ctx',
+      'vibecheck.verify',
+      'vibecheck.report',
+      'vibecheck.status',
+      'vibecheck.doctor',
+      'vibecheck.firewall',
+      'authority.list',
+      'authority.classify',
+      'vibecheck_conductor_status',
+    ];
+    
+    for (const tool of expectedFreeTools) {
+      expect(FREE_TOOLS).toContain(tool);
+    }
+  });
+
+  it('PRO_TOOLS includes all expected tools', () => {
+    const expectedProTools = [
+      'vibecheck.ship',
+      'vibecheck.fix',
+      'vibecheck.prove',
+      'vibecheck.gate',
+      'vibecheck.badge',
+      'vibecheck.reality',
+      'vibecheck.share',
+      'authority.approve',
+    ];
+    
+    for (const tool of expectedProTools) {
+      expect(PRO_TOOLS).toContain(tool);
+    }
+  });
+
+  it('No tool is in both FREE and PRO lists', () => {
+    const overlap = FREE_TOOLS.filter(t => PRO_TOOLS.includes(t));
+    expect(overlap).toHaveLength(0);
+  });
+});