@vibescope/mcp-server 0.0.1

package/src/handlers/findings.test.ts

@@ -0,0 +1,565 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { HandlerContext, TokenUsage } from './types.js';
+import {
+	addFinding,
+	getFindings,
+	updateFinding,
+	deleteFinding,
+} from './findings.js';
+import { ValidationError } from '../validators.js';
+
+// ============================================================================
+// Test Utilities
+// ============================================================================
+
+function createMockSupabase(overrides: {
+	selectResult?: { data: unknown; error: unknown };
+	insertResult?: { data: unknown; error: unknown };
+	updateResult?: { data: unknown; error: unknown };
+	deleteResult?: { data: unknown; error: unknown };
+} = {}) {
+	const defaultResult = { data: null, error: null };
+	let currentOperation = 'select';
+	let insertThenSelect = false;
+
+	const mock = {
+		from: vi.fn().mockReturnThis(),
+		select: vi.fn(() => {
+			if (currentOperation === 'insert') {
+				insertThenSelect = true;
+			} else {
+				currentOperation = 'select';
+				insertThenSelect = false;
+			}
+			return mock;
+		}),
+		insert: vi.fn(() => {
+			currentOperation = 'insert';
+			insertThenSelect = false;
+			return mock;
+		}),
+		update: vi.fn(() => {
+			currentOperation = 'update';
+			insertThenSelect = false;
+			return mock;
+		}),
+		delete: vi.fn(() => {
+			currentOperation = 'delete';
+			insertThenSelect = false;
+			return mock;
+		}),
+		eq: vi.fn().mockReturnThis(),
+		neq: vi.fn().mockReturnThis(),
+		in: vi.fn().mockReturnThis(),
+		is: vi.fn().mockReturnThis(),
+		order: vi.fn().mockReturnThis(),
+		limit: vi.fn().mockReturnThis(),
+		single: vi.fn(() => {
+			if (currentOperation === 'insert' || insertThenSelect) {
+				return Promise.resolve(overrides.insertResult ?? defaultResult);
+			}
+			if (currentOperation === 'select') {
+				return Promise.resolve(overrides.selectResult ?? defaultResult);
+			}
+			if (currentOperation === 'update') {
+				return Promise.resolve(overrides.updateResult ?? defaultResult);
+			}
+			return Promise.resolve(defaultResult);
+		}),
+		then: vi.fn((resolve: (value: unknown) => void) => {
+			if (currentOperation === 'insert' || insertThenSelect) {
+				return Promise.resolve(overrides.insertResult ?? defaultResult).then(resolve);
+			}
+			if (currentOperation === 'select') {
+				return Promise.resolve(overrides.selectResult ?? defaultResult).then(resolve);
+			}
+			if (currentOperation === 'update') {
+				return Promise.resolve(overrides.updateResult ?? defaultResult).then(resolve);
+			}
+			if (currentOperation === 'delete') {
+				return Promise.resolve(overrides.deleteResult ?? defaultResult).then(resolve);
+			}
+			return Promise.resolve(defaultResult).then(resolve);
+		}),
+	};
+
+	return mock as unknown as SupabaseClient;
+}
+
+function createMockContext(
+	supabase: SupabaseClient,
+	options: { sessionId?: string | null } = {}
+): HandlerContext {
+	const defaultTokenUsage: TokenUsage = {
+		callCount: 5,
+		totalTokens: 2500,
+		byTool: {},
+	};
+
+	const sessionId = 'sessionId' in options ? options.sessionId : 'session-123';
+
+	return {
+		supabase,
+		auth: { userId: 'user-123', apiKeyId: 'api-key-123' },
+		session: {
+			instanceId: 'instance-abc',
+			currentSessionId: sessionId,
+			currentPersona: 'Wave',
+			tokenUsage: defaultTokenUsage,
+		},
+		updateSession: vi.fn(),
+	};
+}
+
+const VALID_UUID = '123e4567-e89b-12d3-a456-426614174000';
+const VALID_UUID_2 = '223e4567-e89b-12d3-a456-426614174001';
+
+// ============================================================================
+// addFinding Tests
+// ============================================================================
+
+describe('addFinding', () => {
+	beforeEach(() => vi.clearAllMocks());
+
+	it('should throw error for missing project_id', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(addFinding({ title: 'Test Finding' }, ctx)).rejects.toThrow(ValidationError);
+	});
+
+	it('should throw error for invalid project_id UUID', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			addFinding({ project_id: 'invalid', title: 'Test' }, ctx)
+		).rejects.toThrow(ValidationError);
+	});
+
+	it('should throw error for missing title', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			addFinding({ project_id: VALID_UUID }, ctx)
+		).rejects.toThrow(ValidationError);
+	});
+
+	it('should throw error for invalid related_task_id UUID', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			addFinding({ project_id: VALID_UUID, title: 'Test', related_task_id: 'invalid' }, ctx)
+		).rejects.toThrow(ValidationError);
+	});
+
+	it('should create finding with required fields and defaults', async () => {
+		const supabase = createMockSupabase({
+			insertResult: { data: { id: 'finding-1' }, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		const result = await addFinding(
+			{ project_id: VALID_UUID, title: 'Performance issue' },
+			ctx
+		);
+
+		expect(result.result).toMatchObject({
+			success: true,
+			finding_id: 'finding-1',
+			title: 'Performance issue',
+		});
+		expect(supabase.from).toHaveBeenCalledWith('findings');
+		expect(supabase.insert).toHaveBeenCalledWith(
+			expect.objectContaining({
+				project_id: VALID_UUID,
+				title: 'Performance issue',
+				category: 'other',
+				severity: 'info',
+				description: null,
+				file_path: null,
+				line_number: null,
+				related_task_id: null,
+				created_by: 'agent',
+			})
+		);
+	});
+
+	it('should create finding with all optional fields', async () => {
+		const supabase = createMockSupabase({
+			insertResult: { data: { id: 'finding-2' }, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await addFinding(
+			{
+				project_id: VALID_UUID,
+				title: 'SQL Injection vulnerability',
+				description: 'User input not sanitized',
+				category: 'security',
+				severity: 'critical',
+				file_path: 'src/api/users.ts',
+				line_number: 42,
+				related_task_id: VALID_UUID_2,
+			},
+			ctx
+		);
+
+		expect(supabase.insert).toHaveBeenCalledWith(
+			expect.objectContaining({
+				title: 'SQL Injection vulnerability',
+				description: 'User input not sanitized',
+				category: 'security',
+				severity: 'critical',
+				file_path: 'src/api/users.ts',
+				line_number: 42,
+				related_task_id: VALID_UUID_2,
+			})
+		);
+	});
+
+	it('should throw error when database insert fails', async () => {
+		const supabase = createMockSupabase({
+			insertResult: { data: null, error: { message: 'Insert failed' } },
+		});
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			addFinding({ project_id: VALID_UUID, title: 'Test' }, ctx)
+		).rejects.toThrow('Failed to add finding');
+	});
+});
+
+// ============================================================================
+// getFindings Tests
+// ============================================================================
+
+describe('getFindings', () => {
+	beforeEach(() => vi.clearAllMocks());
+
+	it('should throw error for missing project_id', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(getFindings({}, ctx)).rejects.toThrow(ValidationError);
+	});
+
+	it('should throw error for invalid project_id UUID', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			getFindings({ project_id: 'invalid' }, ctx)
+		).rejects.toThrow(ValidationError);
+	});
+
+	it('should return findings for project', async () => {
+		const mockFindings = [
+			{ id: 'f1', title: 'Finding 1', category: 'security', severity: 'high', status: 'open', file_path: null, created_at: '2026-01-14' },
+			{ id: 'f2', title: 'Finding 2', category: 'performance', severity: 'medium', status: 'addressed', file_path: 'src/app.ts', created_at: '2026-01-13' },
+		];
+
+		const supabase = createMockSupabase({
+			selectResult: { data: mockFindings, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		const result = await getFindings({ project_id: VALID_UUID }, ctx);
+
+		expect(result.result).toMatchObject({ findings: mockFindings });
+		expect(supabase.from).toHaveBeenCalledWith('findings');
+		expect(supabase.eq).toHaveBeenCalledWith('project_id', VALID_UUID);
+	});
+
+	it('should filter by category when provided', async () => {
+		const supabase = createMockSupabase({
+			selectResult: { data: [], error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await getFindings({ project_id: VALID_UUID, category: 'security' }, ctx);
+
+		expect(supabase.eq).toHaveBeenCalledWith('category', 'security');
+	});
+
+	it('should filter by severity when provided', async () => {
+		const supabase = createMockSupabase({
+			selectResult: { data: [], error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await getFindings({ project_id: VALID_UUID, severity: 'critical' }, ctx);
+
+		expect(supabase.eq).toHaveBeenCalledWith('severity', 'critical');
+	});
+
+	it('should filter by status when provided', async () => {
+		const supabase = createMockSupabase({
+			selectResult: { data: [], error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await getFindings({ project_id: VALID_UUID, status: 'open' }, ctx);
+
+		expect(supabase.eq).toHaveBeenCalledWith('status', 'open');
+	});
+
+	it('should use custom limit when provided', async () => {
+		const supabase = createMockSupabase({
+			selectResult: { data: [], error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await getFindings({ project_id: VALID_UUID, limit: 10 }, ctx);
+
+		expect(supabase.limit).toHaveBeenCalledWith(10);
+	});
+
+	it('should use default limit of 50', async () => {
+		const supabase = createMockSupabase({
+			selectResult: { data: [], error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await getFindings({ project_id: VALID_UUID }, ctx);
+
+		expect(supabase.limit).toHaveBeenCalledWith(50);
+	});
+
+	it('should throw error when database query fails', async () => {
+		const supabase = createMockSupabase({
+			selectResult: { data: null, error: { message: 'Query failed' } },
+		});
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			getFindings({ project_id: VALID_UUID }, ctx)
+		).rejects.toThrow('Failed to get findings');
+	});
+});
+
+// ============================================================================
+// updateFinding Tests
+// ============================================================================
+
+describe('updateFinding', () => {
+	beforeEach(() => vi.clearAllMocks());
+
+	it('should throw error for missing finding_id', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(updateFinding({}, ctx)).rejects.toThrow(ValidationError);
+	});
+
+	it('should throw error for invalid finding_id UUID', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			updateFinding({ finding_id: 'invalid' }, ctx)
+		).rejects.toThrow(ValidationError);
+	});
+
+	it('should update title', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		const result = await updateFinding(
+			{ finding_id: VALID_UUID, title: 'Updated Title' },
+			ctx
+		);
+
+		expect(result.result).toMatchObject({ success: true, finding_id: VALID_UUID });
+		expect(supabase.update).toHaveBeenCalledWith(
+			expect.objectContaining({ title: 'Updated Title' })
+		);
+	});
+
+	it('should update severity', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await updateFinding(
+			{ finding_id: VALID_UUID, severity: 'high' },
+			ctx
+		);
+
+		expect(supabase.update).toHaveBeenCalledWith(
+			expect.objectContaining({ severity: 'high' })
+		);
+	});
+
+	it('should set addressed_at when status changed to addressed', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase, { sessionId: 'resolver-session' });
+
+		await updateFinding(
+			{ finding_id: VALID_UUID, status: 'addressed' },
+			ctx
+		);
+
+		expect(supabase.update).toHaveBeenCalledWith(
+			expect.objectContaining({
+				status: 'addressed',
+				addressed_at: expect.any(String),
+				addressed_by_session_id: 'resolver-session',
+			})
+		);
+	});
+
+	it('should set addressed_at when status changed to dismissed', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await updateFinding(
+			{ finding_id: VALID_UUID, status: 'dismissed' },
+			ctx
+		);
+
+		expect(supabase.update).toHaveBeenCalledWith(
+			expect.objectContaining({
+				status: 'dismissed',
+				addressed_at: expect.any(String),
+			})
+		);
+	});
+
+	it('should set addressed_at when status changed to wontfix', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await updateFinding(
+			{ finding_id: VALID_UUID, status: 'wontfix' },
+			ctx
+		);
+
+		expect(supabase.update).toHaveBeenCalledWith(
+			expect.objectContaining({
+				status: 'wontfix',
+				addressed_at: expect.any(String),
+			})
+		);
+	});
+
+	it('should not set addressed_at when status changed to open', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await updateFinding(
+			{ finding_id: VALID_UUID, status: 'open' },
+			ctx
+		);
+
+		const updateCall = vi.mocked(supabase.update).mock.calls[0][0] as Record<string, unknown>;
+		expect(updateCall.status).toBe('open');
+		expect(updateCall.addressed_at).toBeUndefined();
+	});
+
+	it('should update resolution_note', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await updateFinding(
+			{ finding_id: VALID_UUID, resolution_note: 'Fixed by sanitizing input' },
+			ctx
+		);
+
+		expect(supabase.update).toHaveBeenCalledWith(
+			expect.objectContaining({ resolution_note: 'Fixed by sanitizing input' })
+		);
+	});
+
+	it('should always update updated_at timestamp', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		await updateFinding(
+			{ finding_id: VALID_UUID, title: 'Test' },
+			ctx
+		);
+
+		expect(supabase.update).toHaveBeenCalledWith(
+			expect.objectContaining({ updated_at: expect.any(String) })
+		);
+	});
+
+	it('should throw error when database update fails', async () => {
+		const supabase = createMockSupabase({
+			updateResult: { data: null, error: { message: 'Update failed' } },
+		});
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			updateFinding({ finding_id: VALID_UUID, title: 'Test' }, ctx)
+		).rejects.toThrow('Failed to update finding');
+	});
+});
+
+// ============================================================================
+// deleteFinding Tests
+// ============================================================================
+
+describe('deleteFinding', () => {
+	beforeEach(() => vi.clearAllMocks());
+
+	it('should throw error for missing finding_id', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(deleteFinding({}, ctx)).rejects.toThrow(ValidationError);
+	});
+
+	it('should throw error for invalid finding_id UUID', async () => {
+		const supabase = createMockSupabase();
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			deleteFinding({ finding_id: 'invalid' }, ctx)
+		).rejects.toThrow(ValidationError);
+	});
+
+	it('should delete finding successfully', async () => {
+		const supabase = createMockSupabase({
+			deleteResult: { data: null, error: null },
+		});
+		const ctx = createMockContext(supabase);
+
+		const result = await deleteFinding({ finding_id: VALID_UUID }, ctx);
+
+		expect(result.result).toMatchObject({ success: true });
+		expect(supabase.from).toHaveBeenCalledWith('findings');
+		expect(supabase.delete).toHaveBeenCalled();
+		expect(supabase.eq).toHaveBeenCalledWith('id', VALID_UUID);
+	});
+
+	it('should throw error when database delete fails', async () => {
+		const supabase = createMockSupabase({
+			deleteResult: { data: null, error: { message: 'Delete failed' } },
+		});
+		const ctx = createMockContext(supabase);
+
+		await expect(
+			deleteFinding({ finding_id: VALID_UUID }, ctx)
+		).rejects.toThrow('Failed to delete finding');
+	});
+});

package/src/handlers/findings.ts

@@ -0,0 +1,153 @@
+/**
+ * Findings Handlers
+ *
+ * Handles audit findings and knowledge base:
+ * - add_finding
+ * - get_findings
+ * - update_finding
+ * - delete_finding
+ */
+
+import type { Handler, HandlerRegistry } from './types.js';
+import { validateRequired, validateUUID } from '../validators.js';
+
+type FindingCategory = 'performance' | 'security' | 'code_quality' | 'accessibility' | 'documentation' | 'architecture' | 'testing' | 'other';
+type FindingSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
+type FindingStatus = 'open' | 'addressed' | 'dismissed' | 'wontfix';
+
+export const addFinding: Handler = async (args, ctx) => {
+	const { project_id, category, title, description, severity, file_path, line_number, related_task_id } = args as {
+		project_id: string;
+		category?: FindingCategory;
+		title: string;
+		description?: string;
+		severity?: FindingSeverity;
+		file_path?: string;
+		line_number?: number;
+		related_task_id?: string;
+	};
+
+	validateRequired(project_id, 'project_id');
+	validateUUID(project_id, 'project_id');
+	validateRequired(title, 'title');
+	if (related_task_id) validateUUID(related_task_id, 'related_task_id');
+
+	const { supabase, session } = ctx;
+
+	const { data, error } = await supabase
+		.from('findings')
+		.insert({
+			project_id,
+			category: category || 'other',
+			title,
+			description: description || null,
+			severity: severity || 'info',
+			file_path: file_path || null,
+			line_number: line_number || null,
+			related_task_id: related_task_id || null,
+			created_by: 'agent',
+			created_by_session_id: session.currentSessionId,
+		})
+		.select('id')
+		.single();
+
+	if (error) throw new Error(`Failed to add finding: ${error.message}`);
+
+	return { result: { success: true, finding_id: data.id, title } };
+};
+
+export const getFindings: Handler = async (args, ctx) => {
+	const { project_id, category, severity, status, limit } = args as {
+		project_id: string;
+		category?: FindingCategory;
+		severity?: FindingSeverity;
+		status?: FindingStatus;
+		limit?: number;
+	};
+
+	validateRequired(project_id, 'project_id');
+	validateUUID(project_id, 'project_id');
+
+	const { supabase } = ctx;
+
+	let query = supabase
+		.from('findings')
+		.select('id, title, category, severity, status, file_path, created_at')
+		.eq('project_id', project_id)
+		.order('created_at', { ascending: false })
+		.limit(limit || 50);
+
+	if (category) query = query.eq('category', category);
+	if (severity) query = query.eq('severity', severity);
+	if (status) query = query.eq('status', status);
+
+	const { data, error } = await query;
+
+	if (error) throw new Error(`Failed to get findings: ${error.message}`);
+
+	return { result: { findings: data } };
+};
+
+export const updateFinding: Handler = async (args, ctx) => {
+	const { finding_id, status, resolution_note, title, description, severity } = args as {
+		finding_id: string;
+		status?: FindingStatus;
+		resolution_note?: string;
+		title?: string;
+		description?: string;
+		severity?: FindingSeverity;
+	};
+
+	validateRequired(finding_id, 'finding_id');
+	validateUUID(finding_id, 'finding_id');
+
+	const { supabase, session } = ctx;
+
+	const updates: Record<string, unknown> = { updated_at: new Date().toISOString() };
+	if (title) updates.title = title;
+	if (description) updates.description = description;
+	if (severity) updates.severity = severity;
+	if (status) {
+		updates.status = status;
+		if (status === 'addressed' || status === 'dismissed' || status === 'wontfix') {
+			updates.addressed_at = new Date().toISOString();
+			updates.addressed_by_session_id = session.currentSessionId;
+		}
+	}
+	if (resolution_note) updates.resolution_note = resolution_note;
+
+	const { error } = await supabase
+		.from('findings')
+		.update(updates)
+		.eq('id', finding_id);
+
+	if (error) throw new Error(`Failed to update finding: ${error.message}`);
+
+	return { result: { success: true, finding_id } };
+};
+
+export const deleteFinding: Handler = async (args, ctx) => {
+	const { finding_id } = args as { finding_id: string };
+
+	validateRequired(finding_id, 'finding_id');
+	validateUUID(finding_id, 'finding_id');
+
+	const { error } = await ctx.supabase
+		.from('findings')
+		.delete()
+		.eq('id', finding_id);
+
+	if (error) throw new Error(`Failed to delete finding: ${error.message}`);
+
+	return { result: { success: true } };
+};
+
+/**
+ * Findings handlers registry
+ */
+export const findingHandlers: HandlerRegistry = {
+	add_finding: addFinding,
+	get_findings: getFindings,
+	update_finding: updateFinding,
+	delete_finding: deleteFinding,
+};