npm - catalyst-core-internal - Versions diffs - 0.1.0 → 0.1.2 - Mend

catalyst-core-internal 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/dist/native/androidProject/app/src/main/java/io/yourname/androidproject/BridgeMessageValidator.kt +10 -2
package/dist/native/bridge/hooks.js +4 -4
package/dist/native/bridge/useBaseHook.js +3 -4
package/dist/native/bridge/utils/NativeBridge.js +4 -4
package/dist/native/iosnativeWebView/Sources/Core/Utils/CacheManager.swift +2 -13
package/dist/native/iosnativeWebView/iosnativeWebView.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved +0 -36
package/dist/native/iosnativeWebView/iosnativeWebView.xctestplan +0 -1
package/dist/native/iosnativeWebView/iosnativeWebViewTests/FrameworkServerUtilsTests.swift +4 -14
package/dist/native/iosnativeWebView/iosnativeWebViewTests/WebViewTests.swift +21 -9
package/mcp_v2/conversion-tasks.json +371 -0
package/mcp_v2/knowledge-base.json +1450 -0
package/mcp_v2/lib/helpers.js +145 -0
package/mcp_v2/mcp.js +366 -0
package/mcp_v2/package.json +13 -0
package/mcp_v2/schema.sql +88 -0
package/mcp_v2/setup.js +262 -0
package/mcp_v2/tools/build.js +449 -0
package/mcp_v2/tools/config.js +262 -0
package/mcp_v2/tools/conversion.js +492 -0
package/mcp_v2/tools/debug.js +62 -0
package/mcp_v2/tools/knowledge.js +213 -0
package/mcp_v2/tools/sync.js +21 -0
package/mcp_v2/tools/tasks.js +844 -0
package/package.json +1 -1
package/dist/native/androidProject/app/src/test/java/io/yourname/androidproject/SecurityBridgeTest.kt +0 -199
package/dist/native/iosnativeWebView/iosnativeWebViewTests/BridgeCommandHandlerSecurityTests.swift +0 -212
package/dist/native/iosnativeWebView/iosnativeWebViewTests/ScreenSecureManagerTests.swift +0 -121

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "catalyst-core-internal",
-    "version": "0.1.0",
+    "version": "0.1.2",
     "main": "index.js",
     "description": "Web framework that provides great performance out of the box",
     "bin": {

package/dist/native/androidProject/app/src/test/java/io/yourname/androidproject/SecurityBridgeTest.kt DELETED Viewed

@@ -1,199 +0,0 @@
-package io.yourname.androidproject
-import org.json.JSONObject
-import org.junit.Assert.*
-import org.junit.Test
-/**
- * Unit tests for security bridge command routing and JSON injection safety.
- *
- * Coverage:
- * - setScreenSecure command routing (5 tests)
- * - getScreenSecure command routing (2 tests)
- * - clearWebData command routing (2 tests)
- * - JSON injection safety in error responses (3 tests)
- *
- * Total: 12 tests
- *
- * Note: These tests operate on static parsing/validation logic and JSON data
- * structures. Full lifecycle (FLAG_SECURE, CookieManager) is exercised in
- * device integration tests; here we confirm command acceptance, param parsing,
- * and that error payloads produced via JSONObject cannot carry injected content.
- */
-class SecurityBridgeTest {
-    // ============================================================
-    // CATEGORY 1: setScreenSecure COMMAND ROUTING (5 tests)
-    // ============================================================
-    @Test
-    fun `test setScreenSecure command is accepted by validator`() {
-        val messageJson = """{"command": "setScreenSecure", "data": {"enable": true}}"""
-        val result = NativeBridge.parseAndValidateMessage(messageJson)
-        assertTrue("setScreenSecure should be a valid command", result.isValid)
-        assertEquals("setScreenSecure", result.command)
-        assertNull(result.error)
-    }
-    @Test
-    fun `test setScreenSecure enable true parsed from params`() {
-        val params = JSONObject().apply { put("enable", true) }
-        val enable = params.optBoolean("enable", false)
-        assertTrue("enable should be true", enable)
-    }
-    @Test
-    fun `test setScreenSecure enable false parsed from params`() {
-        val params = JSONObject().apply { put("enable", false) }
-        val enable = params.optBoolean("enable", true)
-        assertFalse("enable should be false", enable)
-    }
-    @Test
-    fun `test setScreenSecure defaults to true when params are malformed`() {
-        // NativeBridge.setScreenSecure falls back to true when JSON parse fails
-        val malformedParams = "not-json"
-        val enable = try {
-            JSONObject(malformedParams).optBoolean("enable", true)
-        } catch (e: Exception) {
-            true
-        }
-        assertTrue("Malformed params should default to enable=true", enable)
-    }
-    @Test
-    fun `test setScreenSecure success response shape`() {
-        val enable = true
-        val response = JSONObject().apply {
-            put("secure", enable)
-            put("success", true)
-        }
-        assertTrue(response.getBoolean("secure"))
-        assertTrue(response.getBoolean("success"))
-        // Verify no extra fields bleed in
-        assertEquals(2, response.length())
-    }
-    // ============================================================
-    // CATEGORY 2: getScreenSecure COMMAND ROUTING (2 tests)
-    // ============================================================
-    @Test
-    fun `test getScreenSecure command is accepted by validator`() {
-        val messageJson = """{"command": "getScreenSecure", "data": {}}"""
-        val result = NativeBridge.parseAndValidateMessage(messageJson)
-        assertTrue("getScreenSecure should be a valid command", result.isValid)
-        assertEquals("getScreenSecure", result.command)
-        assertNull(result.error)
-    }
-    @Test
-    fun `test getScreenSecure status response shape`() {
-        // Validate that the JSON payload produced by getScreenSecure is well-formed
-        val isSecure = false
-        val response = JSONObject().apply {
-            put("secure", isSecure)
-            put("success", true)
-        }
-        assertFalse(response.getBoolean("secure"))
-        assertTrue(response.getBoolean("success"))
-        assertEquals(2, response.length())
-    }
-    // ============================================================
-    // CATEGORY 3: clearWebData COMMAND ROUTING (2 tests)
-    // ============================================================
-    @Test
-    fun `test clearWebData command is accepted by validator`() {
-        val messageJson = """{"command": "clearWebData", "data": {}}"""
-        val result = NativeBridge.parseAndValidateMessage(messageJson)
-        assertTrue("clearWebData should be a valid command", result.isValid)
-        assertEquals("clearWebData", result.command)
-        assertNull(result.error)
-    }
-    @Test
-    fun `test clearWebData success response shape`() {
-        val cookiesRemoved = true
-        val response = JSONObject().apply {
-            put("success", true)
-            put("cookiesRemoved", cookiesRemoved)
-        }
-        assertTrue(response.getBoolean("success"))
-        assertTrue(response.getBoolean("cookiesRemoved"))
-        assertEquals(2, response.length())
-    }
-    // ============================================================
-    // CATEGORY 4: JSON INJECTION SAFETY (3 tests)
-    // ============================================================
-    @Test
-    fun `test error message with injection characters is safe via JSONObject`() {
-        // Simulate an exception message that contains characters dangerous in naive JS
-        // string interpolation: double-quotes and backslashes.
-        // JSONObject must escape them so the serialized JSON stays valid and cannot
-        // break out of the surrounding JS string literal in notifyWebJson.
-        val injectionPayload = "failed\"; window[\"evil\"]=\"injected"
-        val response = JSONObject().apply {
-            put("success", false)
-            put("error", injectionPayload)
-        }
-        val serialized = response.toString()
-        // The raw unescaped double-quote sequence that would break JS must not appear
-        assertFalse(
-            "Unescaped double-quote injection sequence must not appear in serialized JSON",
-            serialized.contains("\"evil\"")
-        )
-        // The value must survive a round-trip intact
-        assertEquals(injectionPayload, JSONObject(serialized).getString("error"))
-    }
-    @Test
-    fun `test error message with backslash sequences is safe via JSONObject`() {
-        val backslashPayload = "err\\\"injected\\\""
-        val response = JSONObject().apply {
-            put("success", false)
-            put("error", backslashPayload)
-        }
-        // Round-trip must survive without throwing
-        val roundTripped = JSONObject(response.toString()).getString("error")
-        assertEquals(backslashPayload, roundTripped)
-    }
-    @Test
-    fun `test setScreenSecure and clearWebData commands are in VALID_COMMANDS whitelist`() {
-        assertTrue(
-            "setScreenSecure must be whitelisted",
-            CatalystConstants.Bridge.VALID_COMMANDS.contains("setScreenSecure")
-        )
-        assertTrue(
-            "getScreenSecure must be whitelisted",
-            CatalystConstants.Bridge.VALID_COMMANDS.contains("getScreenSecure")
-        )
-        assertTrue(
-            "clearWebData must be whitelisted",
-            CatalystConstants.Bridge.VALID_COMMANDS.contains("clearWebData")
-        )
-    }
-}

package/dist/native/iosnativeWebView/iosnativeWebViewTests/BridgeCommandHandlerSecurityTests.swift DELETED Viewed

@@ -1,212 +0,0 @@
-import XCTest
-import WebKit
-@testable import CatalystCore
-/**
- * Unit tests for BridgeCommandHandler — security commands.
- *
- * Coverage:
- * 1. setScreenSecure routing (3 tests)
- * 2. getScreenSecure routing (2 tests)
- * 3. clearWebData routing (3 tests)
- *
- * Total: 8 tests
- *
- * Each test drives the full bridge pipeline (NativeBridge → BridgeCommandHandler)
- * via a MockWKWebView and captures the evaluateJavaScript call that the delegate
- * would fire back to the web layer.
- *
- * MockWKWebView and MockWKScriptMessage are defined in NativeBridgeTests.swift
- * and BridgeMessageValidatorTests.swift respectively (shared across the test target).
- */
-final class BridgeCommandHandlerSecurityTests: XCTestCase {
-    var bridge: NativeBridge!
-    var mockWebView: MockWKWebView!
-    var mockViewController: UIViewController!
-    override func setUp() {
-        super.setUp()
-        mockWebView = MockWKWebView()
-        mockViewController = UIViewController()
-        bridge = NativeBridge(webView: mockWebView, viewController: mockViewController)
-        bridge.register()
-        // Ensure a clean screen-secure state before each test
-        ScreenSecureManager.shared.setScreenSecure(false)
-    }
-    override func tearDown() {
-        bridge.unregister()
-        bridge = nil
-        mockWebView = nil
-        mockViewController = nil
-        ScreenSecureManager.shared.setScreenSecure(false)
-        super.tearDown()
-    }
-    // ============================================================
-    // CATEGORY 1: setScreenSecure routing (3 tests)
-    // ============================================================
-    func testSetScreenSecure_Enable_FiresOnScreenSecureSetCallback() {
-        let exp = expectation(description: "ON_SCREEN_SECURE_SET callback fired")
-        mockWebView.onEvaluateJavaScript = { script in
-            if script.contains("ON_SCREEN_SECURE_SET") {
-                exp.fulfill()
-            }
-        }
-        let message = createMessage(command: "setScreenSecure", data: ["enable": true])
-        bridge.userContentController(mockWebView.configuration.userContentController,
-                                     didReceive: message)
-        wait(for: [exp], timeout: 2.0)
-    }
-    func testSetScreenSecure_Enable_CallbackContainsSecureTrue() {
-        let exp = expectation(description: "ON_SCREEN_SECURE_SET payload has secure:true")
-        mockWebView.onEvaluateJavaScript = { script in
-            if script.contains("ON_SCREEN_SECURE_SET") {
-                XCTAssertTrue(
-                    script.contains("\"secure\"") || script.contains("secure"),
-                    "Callback should include secure field"
-                )
-                XCTAssertTrue(
-                    script.contains("true"),
-                    "secure should be true after enabling"
-                )
-                exp.fulfill()
-            }
-        }
-        let message = createMessage(command: "setScreenSecure", data: ["enable": true])
-        bridge.userContentController(mockWebView.configuration.userContentController,
-                                     didReceive: message)
-        wait(for: [exp], timeout: 2.0)
-    }
-    func testSetScreenSecure_InvalidParams_FiresErrorCallback() {
-        // Passing a non-dict, non-string param is handled by the fallback in
-        // BridgeCommandHandler.setScreenSecure — it fires ON_SCREEN_SECURE_ERROR.
-        let exp = expectation(description: "ON_SCREEN_SECURE_ERROR fired for nil params")
-        mockWebView.onEvaluateJavaScript = { script in
-            if script.contains("ON_SCREEN_SECURE_ERROR") {
-                exp.fulfill()
-            }
-        }
-        // Route via bridge with data that contains no "enable" key at all
-        let message = createMessage(command: "setScreenSecure", data: [:])
-        bridge.userContentController(mockWebView.configuration.userContentController,
-                                     didReceive: message)
-        // The empty dict triggers the else branch → ON_SCREEN_SECURE_ERROR
-        wait(for: [exp], timeout: 2.0)
-    }
-    // ============================================================
-    // CATEGORY 2: getScreenSecure routing (2 tests)
-    // ============================================================
-    func testGetScreenSecure_FiresOnScreenSecureStatusCallback() {
-        let exp = expectation(description: "ON_SCREEN_SECURE_STATUS callback fired")
-        mockWebView.onEvaluateJavaScript = { script in
-            if script.contains("ON_SCREEN_SECURE_STATUS") {
-                exp.fulfill()
-            }
-        }
-        let message = createMessage(command: "getScreenSecure", data: [:])
-        bridge.userContentController(mockWebView.configuration.userContentController,
-                                     didReceive: message)
-        wait(for: [exp], timeout: 2.0)
-    }
-    func testGetScreenSecure_ReflectsCurrentState() {
-        // Set state first, then query it via the bridge
-        ScreenSecureManager.shared.setScreenSecure(true)
-        let exp = expectation(description: "ON_SCREEN_SECURE_STATUS reflects secure:true")
-        mockWebView.onEvaluateJavaScript = { script in
-            if script.contains("ON_SCREEN_SECURE_STATUS") {
-                XCTAssertTrue(script.contains("true"),
-                              "Status callback should reflect secure=true")
-                exp.fulfill()
-            }
-        }
-        let message = createMessage(command: "getScreenSecure", data: [:])
-        bridge.userContentController(mockWebView.configuration.userContentController,
-                                     didReceive: message)
-        wait(for: [exp], timeout: 2.0)
-    }
-    // ============================================================
-    // CATEGORY 3: clearWebData routing (3 tests)
-    // ============================================================
-    func testClearWebData_WhenWebViewPresent_FiresOnWebDataClearedCallback() {
-        // BridgeCommandHandler needs a webView injected to proceed past the guard
-        // NativeBridge injects it during register(), so the mock is already set.
-        let exp = expectation(description: "ON_WEB_DATA_CLEARED callback fired")
-        mockWebView.onEvaluateJavaScript = { script in
-            if script.contains("ON_WEB_DATA_CLEARED") {
-                exp.fulfill()
-            }
-        }
-        let message = createMessage(command: "clearWebData", data: [:])
-        bridge.userContentController(mockWebView.configuration.userContentController,
-                                     didReceive: message)
-        // clearWebData is async (WKWebsiteDataStore removal) — allow extra time
-        wait(for: [exp], timeout: 5.0)
-    }
-    func testClearWebData_SuccessPayloadContainsSuccessTrue() {
-        let exp = expectation(description: "clearWebData success payload has success:true")
-        mockWebView.onEvaluateJavaScript = { script in
-            if script.contains("ON_WEB_DATA_CLEARED") {
-                XCTAssertTrue(script.contains("true"),
-                              "success field should be true in cleared callback")
-                exp.fulfill()
-            }
-        }
-        let message = createMessage(command: "clearWebData", data: [:])
-        bridge.userContentController(mockWebView.configuration.userContentController,
-                                     didReceive: message)
-        wait(for: [exp], timeout: 5.0)
-    }
-    func testClearWebData_CommandAcceptedByValidator() {
-        // Validates command reaches the handler without being rejected by BridgeMessageValidator
-        let messageBody: [String: Any] = ["command": "clearWebData", "data": [:]]
-        let message = MockWKScriptMessage(name: "NativeBridge", body: messageBody)
-        let result = BridgeMessageValidator.validate(message: message)
-        XCTAssertTrue(result.isValid, "clearWebData should pass BridgeMessageValidator")
-        XCTAssertEqual(result.command, "clearWebData")
-        XCTAssertNil(result.error)
-    }
-    // ============================================================
-    // Helpers
-    // ============================================================
-    private func createMessage(command: String, data: [String: Any]) -> WKScriptMessage {
-        let body: [String: Any] = ["command": command, "data": data]
-        return MockWKScriptMessage(name: "NativeBridge", body: body)
-    }
-}

package/dist/native/iosnativeWebView/iosnativeWebViewTests/ScreenSecureManagerTests.swift DELETED Viewed

@@ -1,121 +0,0 @@
-import XCTest
-@testable import CatalystCore
-/**
- * Unit tests for ScreenSecureManager
- *
- * Coverage:
- * 1. State management (3 tests)
- * 2. setScreenSecure behaviour (3 tests)
- * 3. Overlay race condition guard (2 tests)
- *
- * Total: 8 tests
- *
- * Note: UIWindow creation and scene observation require a running app / UI host.
- * Tests here focus on the state machine and guard logic that can be exercised
- * without a UIWindowScene. Overlay installation side-effects are verified
- * indirectly via the guard flags and isScreenSecure state.
- */
-final class ScreenSecureManagerTests: XCTestCase {
-    var manager: ScreenSecureManager!
-    override func setUp() {
-        super.setUp()
-        // Use the shared singleton; reset state by disabling screen security
-        manager = ScreenSecureManager.shared
-        manager.setScreenSecure(false)
-    }
-    override func tearDown() {
-        // Leave the singleton clean for other tests
-        manager.setScreenSecure(false)
-        super.tearDown()
-    }
-    // ============================================================
-    // CATEGORY 1: State management (3 tests)
-    // ============================================================
-    func testInitialState_IsNotSecure() {
-        // After setUp calls setScreenSecure(false), isScreenSecure must be false
-        XCTAssertFalse(manager.isScreenSecure, "Initial state should not be secure")
-    }
-    func testSetScreenSecure_True_UpdatesState() {
-        manager.setScreenSecure(true)
-        XCTAssertTrue(manager.isScreenSecure, "isScreenSecure should be true after enabling")
-    }
-    func testSetScreenSecure_False_UpdatesState() {
-        manager.setScreenSecure(true)
-        manager.setScreenSecure(false)
-        XCTAssertFalse(manager.isScreenSecure, "isScreenSecure should be false after disabling")
-    }
-    // ============================================================
-    // CATEGORY 2: setScreenSecure behaviour (3 tests)
-    // ============================================================
-    func testSetScreenSecure_EnableThenDisable_StateIsConsistent() {
-        manager.setScreenSecure(true)
-        XCTAssertTrue(manager.isScreenSecure)
-        manager.setScreenSecure(false)
-        XCTAssertFalse(manager.isScreenSecure)
-        // Re-enable
-        manager.setScreenSecure(true)
-        XCTAssertTrue(manager.isScreenSecure)
-    }
-    func testSetScreenSecure_DisableWhenAlreadyDisabled_NoStateChange() {
-        // Should be a no-op and not throw
-        manager.setScreenSecure(false)
-        manager.setScreenSecure(false)
-        XCTAssertFalse(manager.isScreenSecure, "Repeated disable should leave state as false")
-    }
-    func testSetScreenSecure_EnableWhenAlreadyEnabled_NoStateChange() {
-        manager.setScreenSecure(true)
-        manager.setScreenSecure(true)
-        XCTAssertTrue(manager.isScreenSecure, "Repeated enable should leave state as true")
-    }
-    // ============================================================
-    // CATEGORY 3: Overlay race condition guard (2 tests)
-    // ============================================================
-    func testSceneWillDeactivate_WhenNotSecure_OverlayNotInstalled() {
-        // When isScreenSecure is false, sceneWillDeactivate must be a no-op.
-        // We verify by checking state is still false after the notification fires.
-        manager.setScreenSecure(false)
-        NotificationCenter.default.post(
-            name: UIScene.willDeactivateNotification,
-            object: nil
-        )
-        // State must not have changed
-        XCTAssertFalse(manager.isScreenSecure,
-                       "State should remain false when secure mode is off")
-    }
-    func testSceneDidActivate_AfterEnable_StateUnchanged() {
-        // sceneDidActivate removes the overlay but does NOT reset isScreenSecure.
-        manager.setScreenSecure(true)
-        NotificationCenter.default.post(
-            name: UIScene.didActivateNotification,
-            object: nil
-        )
-        // The secure flag must survive a return-to-foreground event
-        XCTAssertTrue(manager.isScreenSecure,
-                      "isScreenSecure should remain true after scene reactivation")
-    }
-}