comisai 1.0.11 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +1 -4
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/package.json +1 -1
- package/package.json +18 -18
- package/node_modules/@comis/core/dist/approval/approval-gate.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/approval/approval-gate.test.js +0 -1003
- package/node_modules/@comis/core/dist/bootstrap.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/bootstrap.test.js +0 -150
- package/node_modules/@comis/core/dist/config/backup.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/backup.test.js +0 -160
- package/node_modules/@comis/core/dist/config/env-substitution.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/env-substitution.test.js +0 -259
- package/node_modules/@comis/core/dist/config/field-metadata.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/field-metadata.test.js +0 -72
- package/node_modules/@comis/core/dist/config/git-manager.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/git-manager.test.js +0 -1042
- package/node_modules/@comis/core/dist/config/immutable-keys.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/immutable-keys.test.js +0 -283
- package/node_modules/@comis/core/dist/config/include-resolver.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/include-resolver.test.js +0 -292
- package/node_modules/@comis/core/dist/config/layered.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/layered.test.js +0 -211
- package/node_modules/@comis/core/dist/config/loader.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/loader.test.js +0 -300
- package/node_modules/@comis/core/dist/config/migrate.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/migrate.test.js +0 -244
- package/node_modules/@comis/core/dist/config/partial-validator.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/partial-validator.test.js +0 -98
- package/node_modules/@comis/core/dist/config/schema-agent-model.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-agent-model.test.js +0 -279
- package/node_modules/@comis/core/dist/config/schema-agent-session.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-agent-session.test.js +0 -242
- package/node_modules/@comis/core/dist/config/schema-agent.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-agent.test.js +0 -645
- package/node_modules/@comis/core/dist/config/schema-channel.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-channel.test.js +0 -341
- package/node_modules/@comis/core/dist/config/schema-coalescer.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-coalescer.test.js +0 -51
- package/node_modules/@comis/core/dist/config/schema-context-engine.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-context-engine.test.js +0 -797
- package/node_modules/@comis/core/dist/config/schema-context-guard.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-context-guard.test.js +0 -111
- package/node_modules/@comis/core/dist/config/schema-daemon.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-daemon.test.js +0 -107
- package/node_modules/@comis/core/dist/config/schema-delivery-timing.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-delivery-timing.test.js +0 -51
- package/node_modules/@comis/core/dist/config/schema-documentation.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-documentation.test.js +0 -63
- package/node_modules/@comis/core/dist/config/schema-gateway.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-gateway.test.js +0 -219
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.test.js +0 -41
- package/node_modules/@comis/core/dist/config/schema-integrations.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-integrations.test.js +0 -92
- package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.test.js +0 -61
- package/node_modules/@comis/core/dist/config/schema-misc.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-misc.test.js +0 -394
- package/node_modules/@comis/core/dist/config/schema-observability.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-observability.test.js +0 -76
- package/node_modules/@comis/core/dist/config/schema-providers.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-providers.test.js +0 -294
- package/node_modules/@comis/core/dist/config/schema-queue.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-queue.test.js +0 -234
- package/node_modules/@comis/core/dist/config/schema-response-prefix.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-response-prefix.test.js +0 -36
- package/node_modules/@comis/core/dist/config/schema-security.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-security.test.js +0 -54
- package/node_modules/@comis/core/dist/config/schema-sender-trust-display.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-sender-trust-display.test.js +0 -60
- package/node_modules/@comis/core/dist/config/schema-serializer.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-serializer.test.js +0 -73
- package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.test.js +0 -39
- package/node_modules/@comis/core/dist/context/context.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/context/context.test.js +0 -276
- package/node_modules/@comis/core/dist/domain/agent-response.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/agent-response.test.js +0 -159
- package/node_modules/@comis/core/dist/domain/credential-mapping.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/credential-mapping.test.js +0 -135
- package/node_modules/@comis/core/dist/domain/delivery-origin.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/delivery-origin.test.js +0 -68
- package/node_modules/@comis/core/dist/domain/execution-graph.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/execution-graph.test.js +0 -441
- package/node_modules/@comis/core/dist/domain/memory-entry.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/memory-entry.test.js +0 -193
- package/node_modules/@comis/core/dist/domain/normalized-message.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/normalized-message.test.js +0 -255
- package/node_modules/@comis/core/dist/domain/session-key.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/session-key.test.js +0 -291
- package/node_modules/@comis/core/dist/domain/subagent-context-config.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/subagent-context-config.test.js +0 -131
- package/node_modules/@comis/core/dist/domain/subagent-context-types.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/domain/subagent-context-types.test.js +0 -182
- package/node_modules/@comis/core/dist/event-bus/bus.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/event-bus/bus.test.js +0 -152
- package/node_modules/@comis/core/dist/event-bus/events-agent.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/event-bus/events-agent.test.js +0 -409
- package/node_modules/@comis/core/dist/event-bus/events-channel.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/event-bus/events-channel.test.js +0 -240
- package/node_modules/@comis/core/dist/event-bus/events-infra.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/event-bus/events-infra.test.js +0 -416
- package/node_modules/@comis/core/dist/event-bus/events-messaging.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/event-bus/events-messaging.test.js +0 -433
- package/node_modules/@comis/core/dist/event-bus/events.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/event-bus/events.test.js +0 -93
- package/node_modules/@comis/core/dist/hooks/hook-runner-global.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/hooks/hook-runner-global.test.js +0 -29
- package/node_modules/@comis/core/dist/hooks/hook-runner.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/hooks/hook-runner.test.js +0 -490
- package/node_modules/@comis/core/dist/hooks/hook-strategies.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/hooks/hook-strategies.test.js +0 -209
- package/node_modules/@comis/core/dist/hooks/integration.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/hooks/integration.test.js +0 -235
- package/node_modules/@comis/core/dist/hooks/plugin-registry.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/hooks/plugin-registry.test.js +0 -470
- package/node_modules/@comis/core/dist/load-env.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/load-env.test.js +0 -21
- package/node_modules/@comis/core/dist/security/action-classifier.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/action-classifier.test.js +0 -298
- package/node_modules/@comis/core/dist/security/audit-aggregator.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/audit-aggregator.test.js +0 -128
- package/node_modules/@comis/core/dist/security/audit.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/audit.test.js +0 -154
- package/node_modules/@comis/core/dist/security/canary-token.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/canary-token.test.js +0 -45
- package/node_modules/@comis/core/dist/security/config-redaction.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/config-redaction.test.js +0 -107
- package/node_modules/@comis/core/dist/security/external-content.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/external-content.test.js +0 -210
- package/node_modules/@comis/core/dist/security/injection-patterns.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/injection-patterns.test.js +0 -213
- package/node_modules/@comis/core/dist/security/injection-rate-limiter.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/injection-rate-limiter.test.js +0 -194
- package/node_modules/@comis/core/dist/security/input-guard.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/input-guard.test.js +0 -215
- package/node_modules/@comis/core/dist/security/input-security-guard.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/input-security-guard.test.js +0 -215
- package/node_modules/@comis/core/dist/security/input-validator.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/input-validator.test.js +0 -133
- package/node_modules/@comis/core/dist/security/log-sanitizer.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/log-sanitizer.test.js +0 -260
- package/node_modules/@comis/core/dist/security/memory-write-validator.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/memory-write-validator.test.js +0 -62
- package/node_modules/@comis/core/dist/security/output-guard.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/output-guard.test.js +0 -397
- package/node_modules/@comis/core/dist/security/safe-path.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/safe-path.test.js +0 -95
- package/node_modules/@comis/core/dist/security/scoped-secret-manager.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/scoped-secret-manager.test.js +0 -231
- package/node_modules/@comis/core/dist/security/secret-access.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/secret-access.test.js +0 -41
- package/node_modules/@comis/core/dist/security/secret-crypto.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/secret-crypto.test.js +0 -113
- package/node_modules/@comis/core/dist/security/secret-manager.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/secret-manager.test.js +0 -394
- package/node_modules/@comis/core/dist/security/secret-ref-resolver.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/secret-ref-resolver.test.js +0 -268
- package/node_modules/@comis/core/dist/security/secrets-audit.test.d.ts +0 -10
- package/node_modules/@comis/core/dist/security/secrets-audit.test.js +0 -295
- package/node_modules/@comis/core/dist/security/ssrf-guard.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/ssrf-guard.test.js +0 -127
- package/node_modules/@comis/core/dist/security/token-generator.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/security/token-generator.test.js +0 -35
- package/node_modules/@comis/core/dist/tool-metadata.test.d.ts +0 -1
- package/node_modules/@comis/core/dist/tool-metadata.test.js +0 -112
- package/node_modules/@comis/memory/dist/compaction.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/compaction.test.js +0 -298
- package/node_modules/@comis/memory/dist/context-schema.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/context-schema.test.js +0 -246
- package/node_modules/@comis/memory/dist/context-store.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/context-store.test.js +0 -708
- package/node_modules/@comis/memory/dist/credential-mapping-schema.test.d.ts +0 -7
- package/node_modules/@comis/memory/dist/credential-mapping-schema.test.js +0 -73
- package/node_modules/@comis/memory/dist/credential-mapping-store.test.d.ts +0 -8
- package/node_modules/@comis/memory/dist/credential-mapping-store.test.js +0 -340
- package/node_modules/@comis/memory/dist/delivery-mirror-adapter.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/delivery-mirror-adapter.test.js +0 -165
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.test.js +0 -263
- package/node_modules/@comis/memory/dist/embedding-batch-indexer.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/embedding-batch-indexer.test.js +0 -202
- package/node_modules/@comis/memory/dist/embedding-cache-lru.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/embedding-cache-lru.test.js +0 -241
- package/node_modules/@comis/memory/dist/embedding-cache-sqlite.test.d.ts +0 -8
- package/node_modules/@comis/memory/dist/embedding-cache-sqlite.test.js +0 -678
- package/node_modules/@comis/memory/dist/embedding-cache.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/embedding-cache.test.js +0 -213
- package/node_modules/@comis/memory/dist/embedding-fingerprint.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/embedding-fingerprint.test.js +0 -87
- package/node_modules/@comis/memory/dist/embedding-hash.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/embedding-hash.test.js +0 -31
- package/node_modules/@comis/memory/dist/embedding-integration.test.d.ts +0 -8
- package/node_modules/@comis/memory/dist/embedding-integration.test.js +0 -232
- package/node_modules/@comis/memory/dist/embedding-provider-factory.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/embedding-provider-factory.test.js +0 -176
- package/node_modules/@comis/memory/dist/embedding-provider-local.test.d.ts +0 -8
- package/node_modules/@comis/memory/dist/embedding-provider-local.test.js +0 -76
- package/node_modules/@comis/memory/dist/embedding-provider-openai.test.d.ts +0 -8
- package/node_modules/@comis/memory/dist/embedding-provider-openai.test.js +0 -100
- package/node_modules/@comis/memory/dist/embedding-queue.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/embedding-queue.test.js +0 -236
- package/node_modules/@comis/memory/dist/hybrid-search.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/hybrid-search.test.js +0 -476
- package/node_modules/@comis/memory/dist/identity-link-store.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/identity-link-store.test.js +0 -88
- package/node_modules/@comis/memory/dist/memory-api.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/memory-api.test.js +0 -495
- package/node_modules/@comis/memory/dist/memory-concurrency.test.d.ts +0 -20
- package/node_modules/@comis/memory/dist/memory-concurrency.test.js +0 -222
- package/node_modules/@comis/memory/dist/named-graph-store.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/named-graph-store.test.js +0 -227
- package/node_modules/@comis/memory/dist/observability-store.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/observability-store.test.js +0 -704
- package/node_modules/@comis/memory/dist/row-mapper.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/row-mapper.test.js +0 -409
- package/node_modules/@comis/memory/dist/schema.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/schema.test.js +0 -240
- package/node_modules/@comis/memory/dist/secret-store-schema.test.d.ts +0 -7
- package/node_modules/@comis/memory/dist/secret-store-schema.test.js +0 -90
- package/node_modules/@comis/memory/dist/session-store.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/session-store.test.js +0 -262
- package/node_modules/@comis/memory/dist/setup-secrets.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/setup-secrets.test.js +0 -140
- package/node_modules/@comis/memory/dist/sqlite-memory-adapter.test.d.ts +0 -1
- package/node_modules/@comis/memory/dist/sqlite-memory-adapter.test.js +0 -888
- package/node_modules/@comis/memory/dist/sqlite-secret-store.test.d.ts +0 -8
- package/node_modules/@comis/memory/dist/sqlite-secret-store.test.js +0 -245
- package/node_modules/@comis/shared/dist/abort.test.d.ts +0 -1
- package/node_modules/@comis/shared/dist/abort.test.js +0 -71
- package/node_modules/@comis/shared/dist/result.test.d.ts +0 -1
- package/node_modules/@comis/shared/dist/result.test.js +0 -178
- package/node_modules/@comis/shared/dist/suppress-error.test.d.ts +0 -1
- package/node_modules/@comis/shared/dist/suppress-error.test.js +0 -50
- package/node_modules/@comis/shared/dist/timeout.test.d.ts +0 -1
- package/node_modules/@comis/shared/dist/timeout.test.js +0 -75
- package/node_modules/@comis/shared/dist/ttl-cache.test.d.ts +0 -1
- package/node_modules/@comis/shared/dist/ttl-cache.test.js +0 -81
|
@@ -1,295 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Unit tests for secrets audit scanner.
|
|
3
|
-
*
|
|
4
|
-
* Tests scanConfigForSecrets, scanEnvForSecrets, and auditSecrets
|
|
5
|
-
* covering config YAML scanning, .env scanning, SecretRef detection,
|
|
6
|
-
* and combined audit scenarios.
|
|
7
|
-
*
|
|
8
|
-
* @module
|
|
9
|
-
*/
|
|
10
|
-
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
11
|
-
import { writeFileSync, rmSync, mkdtempSync } from "node:fs";
|
|
12
|
-
import { tmpdir } from "node:os";
|
|
13
|
-
import { join } from "node:path";
|
|
14
|
-
import { scanConfigForSecrets, scanEnvForSecrets, auditSecrets, } from "./secrets-audit.js";
|
|
15
|
-
// ── scanConfigForSecrets ───────────────────────────────────────────
|
|
16
|
-
describe("scanConfigForSecrets", () => {
|
|
17
|
-
it("detects plaintext botToken string", () => {
|
|
18
|
-
const config = {
|
|
19
|
-
channels: {
|
|
20
|
-
telegram: {
|
|
21
|
-
botToken: "123456:ABC-DEF",
|
|
22
|
-
enabled: true,
|
|
23
|
-
},
|
|
24
|
-
},
|
|
25
|
-
};
|
|
26
|
-
const findings = scanConfigForSecrets("/etc/comis/config.yaml", config);
|
|
27
|
-
expect(findings).toHaveLength(1);
|
|
28
|
-
expect(findings[0]).toEqual({
|
|
29
|
-
code: "PLAINTEXT_SECRET",
|
|
30
|
-
severity: "error",
|
|
31
|
-
file: "/etc/comis/config.yaml",
|
|
32
|
-
jsonPath: "channels.telegram.botToken",
|
|
33
|
-
message: expect.stringContaining("Plaintext secret detected in field 'botToken'"),
|
|
34
|
-
});
|
|
35
|
-
});
|
|
36
|
-
it("skips SecretRef objects (properly configured)", () => {
|
|
37
|
-
const config = {
|
|
38
|
-
channels: {
|
|
39
|
-
telegram: {
|
|
40
|
-
botToken: {
|
|
41
|
-
source: "env",
|
|
42
|
-
provider: "comis",
|
|
43
|
-
id: "TELEGRAM_BOT_TOKEN",
|
|
44
|
-
},
|
|
45
|
-
},
|
|
46
|
-
},
|
|
47
|
-
};
|
|
48
|
-
const findings = scanConfigForSecrets("/etc/comis/config.yaml", config);
|
|
49
|
-
expect(findings).toHaveLength(0);
|
|
50
|
-
});
|
|
51
|
-
it("skips empty string values", () => {
|
|
52
|
-
const config = {
|
|
53
|
-
channels: {
|
|
54
|
-
telegram: {
|
|
55
|
-
botToken: "",
|
|
56
|
-
},
|
|
57
|
-
},
|
|
58
|
-
};
|
|
59
|
-
const findings = scanConfigForSecrets("/etc/comis/config.yaml", config);
|
|
60
|
-
expect(findings).toHaveLength(0);
|
|
61
|
-
});
|
|
62
|
-
it("detects multiple nested secrets", () => {
|
|
63
|
-
const config = {
|
|
64
|
-
channels: {
|
|
65
|
-
telegram: {
|
|
66
|
-
botToken: "tg-token-value",
|
|
67
|
-
},
|
|
68
|
-
slack: {
|
|
69
|
-
appToken: "xapp-slack-token",
|
|
70
|
-
},
|
|
71
|
-
},
|
|
72
|
-
};
|
|
73
|
-
const findings = scanConfigForSecrets("/config.yaml", config);
|
|
74
|
-
expect(findings).toHaveLength(2);
|
|
75
|
-
expect(findings[0].jsonPath).toBe("channels.telegram.botToken");
|
|
76
|
-
expect(findings[1].jsonPath).toBe("channels.slack.appToken");
|
|
77
|
-
});
|
|
78
|
-
it("does not flag non-secret fields", () => {
|
|
79
|
-
const config = {
|
|
80
|
-
channels: {
|
|
81
|
-
telegram: {
|
|
82
|
-
enabled: true,
|
|
83
|
-
chatId: "12345",
|
|
84
|
-
pollingTimeout: 30,
|
|
85
|
-
},
|
|
86
|
-
},
|
|
87
|
-
};
|
|
88
|
-
const findings = scanConfigForSecrets("/config.yaml", config);
|
|
89
|
-
expect(findings).toHaveLength(0);
|
|
90
|
-
});
|
|
91
|
-
it("handles array bracket notation in jsonPath", () => {
|
|
92
|
-
const config = {
|
|
93
|
-
gateway: {
|
|
94
|
-
tokens: [
|
|
95
|
-
{ secret: "my-secret-token", label: "admin" },
|
|
96
|
-
],
|
|
97
|
-
},
|
|
98
|
-
};
|
|
99
|
-
const findings = scanConfigForSecrets("/config.yaml", config);
|
|
100
|
-
expect(findings).toHaveLength(1);
|
|
101
|
-
expect(findings[0].jsonPath).toBe("gateway.tokens[0].secret");
|
|
102
|
-
});
|
|
103
|
-
it("handles deeply nested objects", () => {
|
|
104
|
-
const config = {
|
|
105
|
-
level1: {
|
|
106
|
-
level2: {
|
|
107
|
-
level3: {
|
|
108
|
-
apiKey: "deep-api-key",
|
|
109
|
-
},
|
|
110
|
-
},
|
|
111
|
-
},
|
|
112
|
-
};
|
|
113
|
-
const findings = scanConfigForSecrets("/config.yaml", config);
|
|
114
|
-
expect(findings).toHaveLength(1);
|
|
115
|
-
expect(findings[0].jsonPath).toBe("level1.level2.level3.apiKey");
|
|
116
|
-
});
|
|
117
|
-
it("detects various secret field name patterns", () => {
|
|
118
|
-
const config = {
|
|
119
|
-
myPassword: "pass123",
|
|
120
|
-
someCredential: "cred456",
|
|
121
|
-
private_key: "key789",
|
|
122
|
-
api_key: "apikey000",
|
|
123
|
-
};
|
|
124
|
-
const findings = scanConfigForSecrets("/config.yaml", config);
|
|
125
|
-
expect(findings).toHaveLength(4);
|
|
126
|
-
});
|
|
127
|
-
it("handles empty config object", () => {
|
|
128
|
-
const findings = scanConfigForSecrets("/config.yaml", {});
|
|
129
|
-
expect(findings).toHaveLength(0);
|
|
130
|
-
});
|
|
131
|
-
});
|
|
132
|
-
// ── scanEnvForSecrets ──────────────────────────────────────────────
|
|
133
|
-
describe("scanEnvForSecrets", () => {
|
|
134
|
-
it("detects ANTHROPIC_API_KEY", () => {
|
|
135
|
-
const env = {
|
|
136
|
-
ANTHROPIC_API_KEY: "sk-ant-test-key",
|
|
137
|
-
};
|
|
138
|
-
const findings = scanEnvForSecrets("/home/user/.comis/.env", env);
|
|
139
|
-
expect(findings).toHaveLength(1);
|
|
140
|
-
expect(findings[0]).toEqual({
|
|
141
|
-
code: "KNOWN_PROVIDER_ENV",
|
|
142
|
-
severity: "warn",
|
|
143
|
-
file: "/home/user/.comis/.env",
|
|
144
|
-
jsonPath: "ANTHROPIC_API_KEY",
|
|
145
|
-
message: expect.stringContaining("anthropic"),
|
|
146
|
-
});
|
|
147
|
-
});
|
|
148
|
-
it("skips PATH and HOME", () => {
|
|
149
|
-
const env = {
|
|
150
|
-
PATH: "/usr/bin:/usr/local/bin",
|
|
151
|
-
HOME: "/home/user",
|
|
152
|
-
};
|
|
153
|
-
const findings = scanEnvForSecrets("/.env", env);
|
|
154
|
-
expect(findings).toHaveLength(0);
|
|
155
|
-
});
|
|
156
|
-
it("skips COMIS_ prefixed vars", () => {
|
|
157
|
-
const env = {
|
|
158
|
-
COMIS_CONFIG_PATHS: "/etc/comis/config.yaml",
|
|
159
|
-
};
|
|
160
|
-
const findings = scanEnvForSecrets("/.env", env);
|
|
161
|
-
expect(findings).toHaveLength(0);
|
|
162
|
-
});
|
|
163
|
-
it("detects CUSTOM_API_KEY via wildcard pattern", () => {
|
|
164
|
-
const env = {
|
|
165
|
-
CUSTOM_API_KEY: "custom-key-value",
|
|
166
|
-
};
|
|
167
|
-
const findings = scanEnvForSecrets("/.env", env);
|
|
168
|
-
expect(findings).toHaveLength(1);
|
|
169
|
-
expect(findings[0].code).toBe("KNOWN_PROVIDER_ENV");
|
|
170
|
-
expect(findings[0].message).toContain("unknown");
|
|
171
|
-
});
|
|
172
|
-
it("skips empty values", () => {
|
|
173
|
-
const env = {
|
|
174
|
-
OPENAI_API_KEY: "",
|
|
175
|
-
};
|
|
176
|
-
const findings = scanEnvForSecrets("/.env", env);
|
|
177
|
-
expect(findings).toHaveLength(0);
|
|
178
|
-
});
|
|
179
|
-
it("skips undefined values", () => {
|
|
180
|
-
const env = {
|
|
181
|
-
OPENAI_API_KEY: undefined,
|
|
182
|
-
};
|
|
183
|
-
const findings = scanEnvForSecrets("/.env", env);
|
|
184
|
-
expect(findings).toHaveLength(0);
|
|
185
|
-
});
|
|
186
|
-
it("detects multiple known providers", () => {
|
|
187
|
-
const env = {
|
|
188
|
-
OPENAI_API_KEY: "sk-test",
|
|
189
|
-
DISCORD_BOT_TOKEN: "discord-token",
|
|
190
|
-
SLACK_SIGNING_SECRET: "slack-secret",
|
|
191
|
-
};
|
|
192
|
-
const findings = scanEnvForSecrets("/.env", env);
|
|
193
|
-
expect(findings).toHaveLength(3);
|
|
194
|
-
const providers = findings.map(f => f.message);
|
|
195
|
-
expect(providers.some(m => m.includes("openai"))).toBe(true);
|
|
196
|
-
expect(providers.some(m => m.includes("discord"))).toBe(true);
|
|
197
|
-
expect(providers.some(m => m.includes("slack"))).toBe(true);
|
|
198
|
-
});
|
|
199
|
-
it("skips NODE_ prefixed vars", () => {
|
|
200
|
-
const env = {
|
|
201
|
-
NODE_ENV: "production",
|
|
202
|
-
NODE_OPTIONS: "--max-old-space-size=4096",
|
|
203
|
-
};
|
|
204
|
-
const findings = scanEnvForSecrets("/.env", env);
|
|
205
|
-
expect(findings).toHaveLength(0);
|
|
206
|
-
});
|
|
207
|
-
});
|
|
208
|
-
// ── auditSecrets ───────────────────────────────────────────────────
|
|
209
|
-
describe("auditSecrets", () => {
|
|
210
|
-
let tempDir;
|
|
211
|
-
beforeEach(() => {
|
|
212
|
-
tempDir = mkdtempSync(join(tmpdir(), "comis-audit-test-"));
|
|
213
|
-
});
|
|
214
|
-
afterEach(() => {
|
|
215
|
-
rmSync(tempDir, { recursive: true, force: true });
|
|
216
|
-
});
|
|
217
|
-
it("returns empty array when no files exist", () => {
|
|
218
|
-
const findings = auditSecrets({
|
|
219
|
-
configPaths: [join(tempDir, "nonexistent.yaml")],
|
|
220
|
-
envPath: join(tempDir, "nonexistent.env"),
|
|
221
|
-
});
|
|
222
|
-
expect(findings).toEqual([]);
|
|
223
|
-
});
|
|
224
|
-
it("returns empty array for empty config paths", () => {
|
|
225
|
-
const findings = auditSecrets({
|
|
226
|
-
configPaths: [],
|
|
227
|
-
});
|
|
228
|
-
expect(findings).toEqual([]);
|
|
229
|
-
});
|
|
230
|
-
it("scans YAML config file for plaintext secrets", () => {
|
|
231
|
-
const configPath = join(tempDir, "config.yaml");
|
|
232
|
-
writeFileSync(configPath, `
|
|
233
|
-
channels:
|
|
234
|
-
telegram:
|
|
235
|
-
botToken: "plaintext-token"
|
|
236
|
-
enabled: true
|
|
237
|
-
`);
|
|
238
|
-
const findings = auditSecrets({
|
|
239
|
-
configPaths: [configPath],
|
|
240
|
-
});
|
|
241
|
-
expect(findings).toHaveLength(1);
|
|
242
|
-
expect(findings[0].code).toBe("PLAINTEXT_SECRET");
|
|
243
|
-
expect(findings[0].jsonPath).toBe("channels.telegram.botToken");
|
|
244
|
-
});
|
|
245
|
-
it("scans .env file for known provider secrets", () => {
|
|
246
|
-
const envPath = join(tempDir, ".env");
|
|
247
|
-
writeFileSync(envPath, `
|
|
248
|
-
ANTHROPIC_API_KEY=sk-ant-test
|
|
249
|
-
OPENAI_API_KEY=sk-test
|
|
250
|
-
NODE_ENV=production
|
|
251
|
-
`);
|
|
252
|
-
const findings = auditSecrets({
|
|
253
|
-
configPaths: [],
|
|
254
|
-
envPath,
|
|
255
|
-
});
|
|
256
|
-
expect(findings).toHaveLength(2);
|
|
257
|
-
expect(findings.every(f => f.code === "KNOWN_PROVIDER_ENV")).toBe(true);
|
|
258
|
-
});
|
|
259
|
-
it("sorts findings by severity (errors first, then warnings)", () => {
|
|
260
|
-
const configPath = join(tempDir, "config.yaml");
|
|
261
|
-
writeFileSync(configPath, `
|
|
262
|
-
channels:
|
|
263
|
-
telegram:
|
|
264
|
-
botToken: "plaintext-token"
|
|
265
|
-
`);
|
|
266
|
-
const envPath = join(tempDir, ".env");
|
|
267
|
-
writeFileSync(envPath, `OPENAI_API_KEY=sk-test`);
|
|
268
|
-
const findings = auditSecrets({
|
|
269
|
-
configPaths: [configPath],
|
|
270
|
-
envPath,
|
|
271
|
-
});
|
|
272
|
-
expect(findings).toHaveLength(2);
|
|
273
|
-
expect(findings[0].severity).toBe("error");
|
|
274
|
-
expect(findings[1].severity).toBe("warn");
|
|
275
|
-
});
|
|
276
|
-
it("handles quoted values in .env", () => {
|
|
277
|
-
const envPath = join(tempDir, ".env");
|
|
278
|
-
writeFileSync(envPath, `ANTHROPIC_API_KEY="sk-ant-quoted"`);
|
|
279
|
-
const findings = auditSecrets({
|
|
280
|
-
configPaths: [],
|
|
281
|
-
envPath,
|
|
282
|
-
});
|
|
283
|
-
expect(findings).toHaveLength(1);
|
|
284
|
-
});
|
|
285
|
-
it("gracefully handles invalid YAML", () => {
|
|
286
|
-
const configPath = join(tempDir, "bad.yaml");
|
|
287
|
-
writeFileSync(configPath, "{{invalid yaml: [}");
|
|
288
|
-
// Should not throw
|
|
289
|
-
const findings = auditSecrets({
|
|
290
|
-
configPaths: [configPath],
|
|
291
|
-
});
|
|
292
|
-
// Findings may be empty or contain whatever the parser manages to extract
|
|
293
|
-
expect(Array.isArray(findings)).toBe(true);
|
|
294
|
-
});
|
|
295
|
-
});
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1,127 +0,0 @@
|
|
|
1
|
-
import { describe, it, expect, vi, beforeEach } from "vitest";
|
|
2
|
-
import { validateUrl, BLOCKED_RANGES, CLOUD_METADATA_IPS } from "./ssrf-guard.js";
|
|
3
|
-
// Mock dns/promises so we get deterministic results without real DNS
|
|
4
|
-
vi.mock("node:dns/promises", () => ({
|
|
5
|
-
lookup: vi.fn(),
|
|
6
|
-
}));
|
|
7
|
-
// Import the mock after vi.mock
|
|
8
|
-
import { lookup } from "node:dns/promises";
|
|
9
|
-
const mockLookup = vi.mocked(lookup);
|
|
10
|
-
beforeEach(() => {
|
|
11
|
-
vi.clearAllMocks();
|
|
12
|
-
});
|
|
13
|
-
describe("SSRF Guard", () => {
|
|
14
|
-
describe("exports", () => {
|
|
15
|
-
it("exports BLOCKED_RANGES with expected entries", () => {
|
|
16
|
-
expect(BLOCKED_RANGES).toContain("private");
|
|
17
|
-
expect(BLOCKED_RANGES).toContain("loopback");
|
|
18
|
-
expect(BLOCKED_RANGES).toContain("linkLocal");
|
|
19
|
-
expect(BLOCKED_RANGES).toContain("uniqueLocal");
|
|
20
|
-
expect(BLOCKED_RANGES).toContain("unspecified");
|
|
21
|
-
expect(BLOCKED_RANGES).toContain("reserved");
|
|
22
|
-
});
|
|
23
|
-
it("exports CLOUD_METADATA_IPS with known addresses", () => {
|
|
24
|
-
expect(CLOUD_METADATA_IPS).toContain("169.254.169.254");
|
|
25
|
-
expect(CLOUD_METADATA_IPS).toContain("169.254.170.2");
|
|
26
|
-
expect(CLOUD_METADATA_IPS).toContain("100.100.100.200");
|
|
27
|
-
});
|
|
28
|
-
});
|
|
29
|
-
describe("validateUrl", () => {
|
|
30
|
-
it("blocks loopback addresses (127.0.0.1)", async () => {
|
|
31
|
-
mockLookup.mockResolvedValue({ address: "127.0.0.1", family: 4 });
|
|
32
|
-
const result = await validateUrl("http://127.0.0.1/secret");
|
|
33
|
-
expect(result.ok).toBe(false);
|
|
34
|
-
if (!result.ok) {
|
|
35
|
-
expect(result.error.message).toContain("loopback");
|
|
36
|
-
}
|
|
37
|
-
});
|
|
38
|
-
it("blocks private addresses (192.168.x.x)", async () => {
|
|
39
|
-
mockLookup.mockResolvedValue({ address: "192.168.1.1", family: 4 });
|
|
40
|
-
const result = await validateUrl("http://192.168.1.1/admin");
|
|
41
|
-
expect(result.ok).toBe(false);
|
|
42
|
-
if (!result.ok) {
|
|
43
|
-
expect(result.error.message).toContain("private");
|
|
44
|
-
}
|
|
45
|
-
});
|
|
46
|
-
it("blocks private addresses (10.x.x.x)", async () => {
|
|
47
|
-
mockLookup.mockResolvedValue({ address: "10.0.0.1", family: 4 });
|
|
48
|
-
const result = await validateUrl("http://10.0.0.1/internal");
|
|
49
|
-
expect(result.ok).toBe(false);
|
|
50
|
-
if (!result.ok) {
|
|
51
|
-
expect(result.error.message).toContain("private");
|
|
52
|
-
}
|
|
53
|
-
});
|
|
54
|
-
it("blocks cloud metadata addresses (169.254.169.254)", async () => {
|
|
55
|
-
mockLookup.mockResolvedValue({ address: "169.254.169.254", family: 4 });
|
|
56
|
-
const result = await validateUrl("http://169.254.169.254/latest/meta-data/");
|
|
57
|
-
expect(result.ok).toBe(false);
|
|
58
|
-
if (!result.ok) {
|
|
59
|
-
expect(result.error.message).toMatch(/cloud metadata|linkLocal/i);
|
|
60
|
-
}
|
|
61
|
-
});
|
|
62
|
-
it("blocks non-http protocols (ftp)", async () => {
|
|
63
|
-
const result = await validateUrl("ftp://example.com");
|
|
64
|
-
expect(result.ok).toBe(false);
|
|
65
|
-
if (!result.ok) {
|
|
66
|
-
expect(result.error.message).toContain("Blocked protocol");
|
|
67
|
-
}
|
|
68
|
-
});
|
|
69
|
-
it("rejects invalid URLs", async () => {
|
|
70
|
-
const result = await validateUrl("not-a-url");
|
|
71
|
-
expect(result.ok).toBe(false);
|
|
72
|
-
if (!result.ok) {
|
|
73
|
-
expect(result.error.message).toContain("Invalid URL");
|
|
74
|
-
}
|
|
75
|
-
});
|
|
76
|
-
it("allows public IPs (example.com resolving to 93.184.216.34)", async () => {
|
|
77
|
-
mockLookup.mockResolvedValue({ address: "93.184.216.34", family: 4 });
|
|
78
|
-
const result = await validateUrl("https://example.com");
|
|
79
|
-
expect(result.ok).toBe(true);
|
|
80
|
-
if (result.ok) {
|
|
81
|
-
expect(result.value.hostname).toBe("example.com");
|
|
82
|
-
expect(result.value.ip).toBe("93.184.216.34");
|
|
83
|
-
expect(result.value.url.protocol).toBe("https:");
|
|
84
|
-
}
|
|
85
|
-
});
|
|
86
|
-
it("blocks IPv6 loopback (::1)", async () => {
|
|
87
|
-
mockLookup.mockResolvedValue({ address: "::1", family: 6 });
|
|
88
|
-
const result = await validateUrl("http://[::1]/secret");
|
|
89
|
-
expect(result.ok).toBe(false);
|
|
90
|
-
if (!result.ok) {
|
|
91
|
-
expect(result.error.message).toContain("loopback");
|
|
92
|
-
}
|
|
93
|
-
});
|
|
94
|
-
it("handles DNS resolution failures gracefully", async () => {
|
|
95
|
-
mockLookup.mockRejectedValue(new Error("getaddrinfo ENOTFOUND bad.invalid"));
|
|
96
|
-
const result = await validateUrl("http://bad.invalid");
|
|
97
|
-
expect(result.ok).toBe(false);
|
|
98
|
-
if (!result.ok) {
|
|
99
|
-
expect(result.error.message).toContain("ENOTFOUND");
|
|
100
|
-
}
|
|
101
|
-
});
|
|
102
|
-
it("blocks Alibaba Cloud metadata (100.100.100.200)", async () => {
|
|
103
|
-
mockLookup.mockResolvedValue({ address: "100.100.100.200", family: 4 });
|
|
104
|
-
const result = await validateUrl("http://metadata.tencentyun.com/");
|
|
105
|
-
expect(result.ok).toBe(false);
|
|
106
|
-
if (!result.ok) {
|
|
107
|
-
expect(result.error.message).toContain("cloud metadata");
|
|
108
|
-
}
|
|
109
|
-
});
|
|
110
|
-
it("blocks AWS ECS metadata (169.254.170.2)", async () => {
|
|
111
|
-
mockLookup.mockResolvedValue({ address: "169.254.170.2", family: 4 });
|
|
112
|
-
const result = await validateUrl("http://169.254.170.2/v2/metadata");
|
|
113
|
-
expect(result.ok).toBe(false);
|
|
114
|
-
if (!result.ok) {
|
|
115
|
-
expect(result.error.message).toMatch(/cloud metadata|linkLocal/i);
|
|
116
|
-
}
|
|
117
|
-
});
|
|
118
|
-
it("blocks unspecified address (0.0.0.0)", async () => {
|
|
119
|
-
mockLookup.mockResolvedValue({ address: "0.0.0.0", family: 4 });
|
|
120
|
-
const result = await validateUrl("http://0.0.0.0/");
|
|
121
|
-
expect(result.ok).toBe(false);
|
|
122
|
-
if (!result.ok) {
|
|
123
|
-
expect(result.error.message).toContain("unspecified");
|
|
124
|
-
}
|
|
125
|
-
});
|
|
126
|
-
});
|
|
127
|
-
});
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
import { describe, it, expect } from "vitest";
|
|
2
|
-
import { generateStrongToken, generateRotationId } from "./token-generator.js";
|
|
3
|
-
describe("generateStrongToken", () => {
|
|
4
|
-
it("returns a string of exactly 64 characters", () => {
|
|
5
|
-
const token = generateStrongToken();
|
|
6
|
-
expect(token).toHaveLength(64);
|
|
7
|
-
});
|
|
8
|
-
it("output is URL-safe (base64url characters only)", () => {
|
|
9
|
-
const token = generateStrongToken();
|
|
10
|
-
expect(token).toMatch(/^[A-Za-z0-9_-]+$/);
|
|
11
|
-
});
|
|
12
|
-
it("produces different values on successive calls", () => {
|
|
13
|
-
const token1 = generateStrongToken();
|
|
14
|
-
const token2 = generateStrongToken();
|
|
15
|
-
expect(token1).not.toBe(token2);
|
|
16
|
-
});
|
|
17
|
-
});
|
|
18
|
-
describe("generateRotationId", () => {
|
|
19
|
-
it("returns baseId-{suffix} where suffix is 11 chars", () => {
|
|
20
|
-
const result = generateRotationId("my-token");
|
|
21
|
-
const parts = result.split("my-token-");
|
|
22
|
-
expect(parts).toHaveLength(2);
|
|
23
|
-
expect(parts[1]).toHaveLength(11);
|
|
24
|
-
});
|
|
25
|
-
it("produces different suffixes for the same baseId on successive calls", () => {
|
|
26
|
-
const id1 = generateRotationId("tok");
|
|
27
|
-
const id2 = generateRotationId("tok");
|
|
28
|
-
expect(id1).not.toBe(id2);
|
|
29
|
-
});
|
|
30
|
-
it("preserves the baseId prefix exactly", () => {
|
|
31
|
-
const baseId = "complex-base-id-123";
|
|
32
|
-
const result = generateRotationId(baseId);
|
|
33
|
-
expect(result.startsWith(`${baseId}-`)).toBe(true);
|
|
34
|
-
});
|
|
35
|
-
});
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1,112 +0,0 @@
|
|
|
1
|
-
import { describe, it, expect } from "vitest";
|
|
2
|
-
import { registerToolMetadata, getToolMetadata, getAllToolMetadata, truncateContentBlocks, _clearRegistryForTest, } from "./tool-metadata.js";
|
|
3
|
-
// ---------------------------------------------------------------------------
|
|
4
|
-
// Registry tests
|
|
5
|
-
// ---------------------------------------------------------------------------
|
|
6
|
-
describe("tool metadata registry", () => {
|
|
7
|
-
it("getToolMetadata returns undefined for unregistered tool", () => {
|
|
8
|
-
expect(getToolMetadata("nonexistent_tool_xyz")).toBeUndefined();
|
|
9
|
-
});
|
|
10
|
-
it("registerToolMetadata stores and retrieves metadata", () => {
|
|
11
|
-
registerToolMetadata("reg_test_store", {
|
|
12
|
-
maxResultSizeChars: 5000,
|
|
13
|
-
isReadOnly: true,
|
|
14
|
-
});
|
|
15
|
-
const meta = getToolMetadata("reg_test_store");
|
|
16
|
-
expect(meta).toBeDefined();
|
|
17
|
-
expect(meta.maxResultSizeChars).toBe(5000);
|
|
18
|
-
expect(meta.isReadOnly).toBe(true);
|
|
19
|
-
});
|
|
20
|
-
it("registerToolMetadata merges metadata incrementally", () => {
|
|
21
|
-
registerToolMetadata("reg_test_merge", { isReadOnly: true });
|
|
22
|
-
registerToolMetadata("reg_test_merge", { maxResultSizeChars: 10000 });
|
|
23
|
-
const meta = getToolMetadata("reg_test_merge");
|
|
24
|
-
expect(meta).toEqual({ isReadOnly: true, maxResultSizeChars: 10000 });
|
|
25
|
-
});
|
|
26
|
-
it("registerToolMetadata overwrites fields on re-register", () => {
|
|
27
|
-
registerToolMetadata("reg_test_overwrite", { maxResultSizeChars: 5000 });
|
|
28
|
-
registerToolMetadata("reg_test_overwrite", { maxResultSizeChars: 10000 });
|
|
29
|
-
const meta = getToolMetadata("reg_test_overwrite");
|
|
30
|
-
expect(meta.maxResultSizeChars).toBe(10000);
|
|
31
|
-
});
|
|
32
|
-
it("getAllToolMetadata returns ReadonlyMap", () => {
|
|
33
|
-
registerToolMetadata("reg_test_all_a", { isReadOnly: true });
|
|
34
|
-
registerToolMetadata("reg_test_all_b", { maxResultSizeChars: 2000 });
|
|
35
|
-
const all = getAllToolMetadata();
|
|
36
|
-
expect(all.has("reg_test_all_a")).toBe(true);
|
|
37
|
-
expect(all.has("reg_test_all_b")).toBe(true);
|
|
38
|
-
});
|
|
39
|
-
it("_clearRegistryForTest clears all entries", () => {
|
|
40
|
-
registerToolMetadata("reg_test_clear", { isReadOnly: true });
|
|
41
|
-
expect(getToolMetadata("reg_test_clear")).toBeDefined();
|
|
42
|
-
_clearRegistryForTest();
|
|
43
|
-
expect(getToolMetadata("reg_test_clear")).toBeUndefined();
|
|
44
|
-
// Clean up (registry already clear, but be explicit)
|
|
45
|
-
_clearRegistryForTest();
|
|
46
|
-
});
|
|
47
|
-
});
|
|
48
|
-
// ---------------------------------------------------------------------------
|
|
49
|
-
// Truncation tests
|
|
50
|
-
// ---------------------------------------------------------------------------
|
|
51
|
-
describe("truncateContentBlocks", () => {
|
|
52
|
-
it("returns original array when total chars under budget", () => {
|
|
53
|
-
const content = [{ type: "text", text: "x".repeat(100) }];
|
|
54
|
-
const result = truncateContentBlocks(content, 200);
|
|
55
|
-
expect(result).toBe(content); // Same reference
|
|
56
|
-
});
|
|
57
|
-
it("returns original array when total chars equal to budget", () => {
|
|
58
|
-
const content = [{ type: "text", text: "x".repeat(100) }];
|
|
59
|
-
const result = truncateContentBlocks(content, 100);
|
|
60
|
-
expect(result).toBe(content); // Same reference
|
|
61
|
-
});
|
|
62
|
-
it("truncates text blocks proportionally with 60/40 split", () => {
|
|
63
|
-
const content = [{ type: "text", text: "x".repeat(10000) }];
|
|
64
|
-
const result = truncateContentBlocks(content, 2000);
|
|
65
|
-
expect(result[0].text).toContain("chars truncated");
|
|
66
|
-
// Verify the truncated text has head (60%) + marker + tail (40%) structure
|
|
67
|
-
const text = result[0].text;
|
|
68
|
-
const markerIdx = text.indexOf("\n[...");
|
|
69
|
-
expect(markerIdx).toBeGreaterThan(0);
|
|
70
|
-
// Head should be roughly 60% of budget (2000 * 0.6 = 1200)
|
|
71
|
-
expect(markerIdx).toBeGreaterThanOrEqual(1100);
|
|
72
|
-
expect(markerIdx).toBeLessThanOrEqual(1300);
|
|
73
|
-
});
|
|
74
|
-
it("preserves non-text blocks unchanged", () => {
|
|
75
|
-
const imageBlock = { type: "image", url: "https://example.com/img.png" };
|
|
76
|
-
const textBlock = { type: "text", text: "x".repeat(5000) };
|
|
77
|
-
const content = [imageBlock, textBlock];
|
|
78
|
-
const result = truncateContentBlocks(content, 1000);
|
|
79
|
-
// Image block should be the exact same object reference
|
|
80
|
-
expect(result[0]).toBe(imageBlock);
|
|
81
|
-
// Text block should be truncated
|
|
82
|
-
expect(result[1].text).toContain("chars truncated");
|
|
83
|
-
});
|
|
84
|
-
it("enforces 500-char minimum per block", () => {
|
|
85
|
-
const content = [
|
|
86
|
-
{ type: "text", text: "x".repeat(8000) },
|
|
87
|
-
{ type: "text", text: "y".repeat(200) },
|
|
88
|
-
];
|
|
89
|
-
const result = truncateContentBlocks(content, 100);
|
|
90
|
-
// The small block (200 chars) gets minimum budget of 500, which is > its length
|
|
91
|
-
// so it should NOT be truncated (200 < 500 min budget)
|
|
92
|
-
expect(result[1].text).toBe("y".repeat(200));
|
|
93
|
-
});
|
|
94
|
-
it("marker text includes char count and guidance", () => {
|
|
95
|
-
const content = [{ type: "text", text: "x".repeat(10000) }];
|
|
96
|
-
const result = truncateContentBlocks(content, 2000);
|
|
97
|
-
const text = result[0].text;
|
|
98
|
-
expect(text).toContain("chars truncated");
|
|
99
|
-
expect(text).toContain("Reduce output scope");
|
|
100
|
-
});
|
|
101
|
-
it("handles empty content array", () => {
|
|
102
|
-
const content = [];
|
|
103
|
-
const result = truncateContentBlocks(content, 1000);
|
|
104
|
-
expect(result).toBe(content); // Same reference
|
|
105
|
-
});
|
|
106
|
-
it("handles blocks with no text field", () => {
|
|
107
|
-
const content = [{ type: "text" }]; // no text property
|
|
108
|
-
const result = truncateContentBlocks(content, 100);
|
|
109
|
-
// Total chars is 0 (no text), 0 <= 100, returns original
|
|
110
|
-
expect(result).toBe(content);
|
|
111
|
-
});
|
|
112
|
-
});
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|