joonecli 0.1.1 → 0.2.0

package/src/__tests__/sandbox.test.ts

@@ -1,102 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import { SandboxManager } from "../sandbox/manager.js";
-
-// Mock the e2b SDK since we don't want real sandbox creation in tests
-vi.mock("e2b", () => {
-  const mockSandbox = {
-    sandboxId: "test-sandbox-123",
-    commands: {
-      run: vi.fn().mockResolvedValue({
-        stdout: "mock output",
-        stderr: "",
-        exitCode: 0,
-      }),
-    },
-    files: {
-      write: vi.fn().mockResolvedValue(undefined),
-      read: vi.fn().mockResolvedValue("file content"),
-      list: vi.fn().mockResolvedValue([]),
-    },
-    kill: vi.fn().mockResolvedValue(undefined),
-    isRunning: vi.fn().mockResolvedValue(true),
-    setTimeout: vi.fn().mockResolvedValue(undefined),
-  };
-
-  return {
-    Sandbox: {
-      create: vi.fn().mockResolvedValue(mockSandbox),
-    },
-  };
-});
-
-describe("SandboxManager", () => {
-  let manager: SandboxManager;
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    manager = new SandboxManager({ apiKey: "test-e2b-key" });
-  });
-
-  afterEach(async () => {
-    // Ensure sandbox is cleaned up after each test
-    try {
-      await manager.destroy();
-    } catch {
-      // Already destroyed or never created
-    }
-  });
-
-  // ─── Test #15: SandboxManager.create() initializes a sandbox ───
-
-  it("creates a sandbox and returns the sandbox ID", async () => {
-    const sandboxId = await manager.create();
-
-    expect(sandboxId).toBe("test-sandbox-123");
-    expect(manager.isActive()).toBe(true);
-  });
-
-  // ─── Test #16: SandboxManager.destroy() cleans up the sandbox ───
-
-  it("destroys the sandbox and marks it as inactive", async () => {
-    await manager.create();
-    expect(manager.isActive()).toBe(true);
-
-    await manager.destroy();
-    expect(manager.isActive()).toBe(false);
-  });
-
-  // ─── Test #17: SandboxManager.exec() runs a command in the sandbox ───
-
-  it("executes a command in the sandbox and returns output", async () => {
-    await manager.create();
-
-    const result = await manager.exec("echo hello");
-
-    expect(result.stdout).toBe("mock output");
-    expect(result.exitCode).toBe(0);
-  });
-
-  // ─── Test #18: SandboxManager.exec() throws if sandbox not active ───
-
-  it("throws an error if exec is called before create", async () => {
-    await expect(manager.exec("echo hello")).rejects.toThrow(
-      /sandbox is not active/i
-    );
-  });
-
-  // ─── Test #19: SandboxManager.uploadFile() writes a file to the sandbox ───
-
-  it("uploads a file to the sandbox filesystem", async () => {
-    await manager.create();
-
-    await manager.uploadFile("/workspace/src/foo.ts", "const x = 1;");
-
-    // Verify the E2B files.write was called
-    const { Sandbox } = await import("e2b");
-    const mockSandbox = await Sandbox.create();
-    expect(mockSandbox.files.write).toHaveBeenCalledWith(
-      "/workspace/src/foo.ts",
-      "const x = 1;"
-    );
-  });
-});

package/src/__tests__/security.test.ts

@@ -1,122 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import {
-  SecurityScanTool,
-  DepScanTool,
-  bindSecuritySandbox,
-} from "../tools/security.js";
-import { SandboxManager } from "../sandbox/manager.js";
-import { LazyInstaller } from "../sandbox/bootstrap.js";
-
-// Helpers
-const createMockSandbox = (active = true) => ({
-  exec: vi.fn(),
-  isActive: vi.fn().mockReturnValue(active),
-  create: vi.fn(),
-  destroy: vi.fn(),
-  uploadFile: vi.fn(),
-  getSandbox: vi.fn(),
-});
-
-describe("SecurityScanTool", () => {
-  let mockSandbox: ReturnType<typeof createMockSandbox>;
-  let installer: LazyInstaller;
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    mockSandbox = createMockSandbox();
-    // Use custom template mode so ensureGeminiCli is instant
-    installer = new LazyInstaller(true);
-    bindSecuritySandbox(
-      mockSandbox as unknown as SandboxManager,
-      installer
-    );
-  });
-
-  // ─── Test #39: Runs security:analyze and returns report ───
-
-  it("runs gemini security:analyze and returns the report", async () => {
-    mockSandbox.exec.mockResolvedValueOnce({
-      exitCode: 0,
-      stdout: "## Security Report\n\nNo critical vulnerabilities found.",
-      stderr: "",
-    });
-
-    const result = await SecurityScanTool.execute({ target: "changes" });
-
-    expect(result.content).toContain("Security Report");
-    expect(mockSandbox.exec).toHaveBeenCalledWith(
-      expect.stringContaining("security:analyze")
-    );
-  });
-
-  // ─── Test #40: Returns error for file scan without path ───
-
-  it("returns error when target is 'file' but no path provided", async () => {
-    const result = await SecurityScanTool.execute({ target: "file" });
-
-    expect(result.content).toMatch(/path.*required/i);
-  });
-
-  // ─── Test #41: Handles failed scans gracefully ───
-
-  it("returns failure info when scan exits with non-zero code", async () => {
-    mockSandbox.exec.mockResolvedValueOnce({
-      exitCode: 1,
-      stdout: "",
-      stderr: "Some error occurred",
-    });
-
-    const result = await SecurityScanTool.execute({ target: "changes" });
-
-    expect(result.content).toContain("failed");
-    expect(result.content).toContain("Some error occurred");
-  });
-});
-
-describe("DepScanTool", () => {
-  let mockSandbox: ReturnType<typeof createMockSandbox>;
-  let installer: LazyInstaller;
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    mockSandbox = createMockSandbox();
-    installer = new LazyInstaller(true); // pre-baked template
-    bindSecuritySandbox(
-      mockSandbox as unknown as SandboxManager,
-      installer
-    );
-  });
-
-  // ─── Test #42: OSV-Scanner returns vulnerability report ───
-
-  it("runs osv-scanner and returns the report", async () => {
-    mockSandbox.exec.mockResolvedValueOnce({
-      exitCode: 0,
-      stdout: "Found 2 vulnerabilities:\n- CVE-2024-1234\n- CVE-2024-5678",
-      stderr: "",
-    });
-
-    const result = await DepScanTool.execute({ format: "summary" });
-
-    expect(result.content).toContain("CVE-2024-1234");
-    expect(result.content).toContain("CVE-2024-5678");
-  });
-
-  // ─── Test #43: Falls back to npm audit when OSV-Scanner fails ───
-
-  it("falls back to npm audit if osv-scanner returns empty output", async () => {
-    // OSV-Scanner: empty output
-    mockSandbox.exec
-      .mockResolvedValueOnce({ exitCode: 1, stdout: "", stderr: "error" })
-      // npm audit fallback
-      .mockResolvedValueOnce({
-        exitCode: 0,
-        stdout: "found 0 vulnerabilities",
-        stderr: "",
-      });
-
-    const result = await DepScanTool.execute({ format: "summary" });
-
-    expect(result.content).toContain("0 vulnerabilities");
-  });
-});

package/src/__tests__/streaming.test.ts

@@ -1,82 +0,0 @@
-import { describe, it, expect, vi } from "vitest";
-import { AIMessageChunk } from "@langchain/core/messages";
-import { ExecutionHarness } from "../core/agentLoop.js";
-import { ContextState } from "../core/promptBuilder.js";
-
-/**
- * Creates a mock LLM that yields predefined chunks when .stream() is called.
- * This avoids real API calls while testing streaming behavior.
- */
-function createMockStreamingLlm(chunks: AIMessageChunk[]) {
-  return {
-    invoke: vi.fn(),
-    stream: vi.fn().mockResolvedValue({
-      async *[Symbol.asyncIterator]() {
-        for (const chunk of chunks) {
-          yield chunk;
-        }
-      },
-    }),
-  };
-}
-
-describe("ExecutionHarness Streaming", () => {
-  const baseState: ContextState = {
-    globalSystemInstructions: "You are a helpful assistant.",
-    projectMemory: "",
-    sessionContext: "",
-    conversationHistory: [],
-  };
-
-  // ─── RED Test #8: streamStep emits text chunks to a callback ───
-
-  it("emits text content chunks to an onToken callback", async () => {
-    const chunks = [
-      new AIMessageChunk({ content: "Hello" }),
-      new AIMessageChunk({ content: " world" }),
-      new AIMessageChunk({ content: "!" }),
-    ];
-    const mockLlm = createMockStreamingLlm(chunks);
-    const harness = new ExecutionHarness(mockLlm as any);
-
-    const receivedTokens: string[] = [];
-    const result = await harness.streamStep(baseState, {
-      onToken: (token: string) => receivedTokens.push(token),
-    });
-
-    // Callback should have received each text chunk
-    expect(receivedTokens).toEqual(["Hello", " world", "!"]);
-
-    // The returned message should contain the full concatenated content
-    expect(result.content).toBe("Hello world!");
-  });
-
-  // ─── RED Test #9: streamStep buffers tool calls and returns complete AIMessage ───
-
-  it("buffers tool call chunks and returns a complete AIMessage with tool_calls", async () => {
-    const chunks = [
-      new AIMessageChunk({
-        content: "",
-        tool_call_chunks: [
-          { name: "read_file", args: '{"path": "', index: 0, id: "tc_1", type: "tool_call_chunk" },
-        ],
-      }),
-      new AIMessageChunk({
-        content: "",
-        tool_call_chunks: [
-          { name: undefined, args: 'src/index.ts"}', index: 0, id: undefined, type: "tool_call_chunk" },
-        ],
-      }),
-    ];
-    const mockLlm = createMockStreamingLlm(chunks);
-    const harness = new ExecutionHarness(mockLlm as any);
-
-    const result = await harness.streamStep(baseState, {});
-
-    // The result should have tool_calls populated
-    expect(result.tool_calls).toBeDefined();
-    expect(result.tool_calls!.length).toBe(1);
-    expect(result.tool_calls![0].name).toBe("read_file");
-    expect(result.tool_calls![0].args).toEqual({ path: "src/index.ts" });
-  });
-});

package/src/__tests__/toolRouter.test.ts

@@ -1,52 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { ToolRouter, ToolTarget } from "../tools/router.js";
-
-describe("Tool Router", () => {
-  let router: ToolRouter;
-
-  beforeEach(() => {
-    router = new ToolRouter();
-  });
-
-  // ─── Test #20: Routes write_file to host ───
-
-  it("routes write_file to the host", () => {
-    expect(router.getTarget("write_file")).toBe(ToolTarget.HOST);
-  });
-
-  // ─── Test #21: Routes read_file to host ───
-
-  it("routes read_file to the host", () => {
-    expect(router.getTarget("read_file")).toBe(ToolTarget.HOST);
-  });
-
-  // ─── Test #22: Routes bash to sandbox ───
-
-  it("routes bash to the sandbox", () => {
-    expect(router.getTarget("bash")).toBe(ToolTarget.SANDBOX);
-  });
-
-  // ─── Test #23: Routes run_tests to sandbox ───
-
-  it("routes run_tests to the sandbox", () => {
-    expect(router.getTarget("run_tests")).toBe(ToolTarget.SANDBOX);
-  });
-
-  // ─── Test #24: Routes install_deps to sandbox ───
-
-  it("routes install_deps to the sandbox", () => {
-    expect(router.getTarget("install_deps")).toBe(ToolTarget.SANDBOX);
-  });
-
-  // ─── Test #25: Routes search_tools to host ───
-
-  it("routes search_tools to the host", () => {
-    expect(router.getTarget("search_tools")).toBe(ToolTarget.HOST);
-  });
-
-  // ─── Test #26: Unknown tools default to sandbox (safe) ───
-
-  it("defaults unknown tools to sandbox for safety", () => {
-    expect(router.getTarget("unknown_tool")).toBe(ToolTarget.SANDBOX);
-  });
-});

package/src/__tests__/tools.test.ts

@@ -1,146 +0,0 @@
-import { describe, it, expect, beforeEach, afterEach } from "vitest";
-import * as fs from "node:fs";
-import * as path from "node:path";
-import * as os from "node:os";
-import { ReadFileTool, WriteFileTool } from "../tools/index.js";
-
-describe("ReadFileTool", () => {
-  let tmpDir: string;
-
-  beforeEach(() => {
-    tmpDir = fs.mkdtempSync(path.join(process.cwd(), ".joone-tools-test-"));
-  });
-
-  afterEach(() => {
-    fs.rmSync(tmpDir, { recursive: true, force: true });
-  });
-
-  // ─── Test #27: Reads a normal file ───
-
-  it("reads a small file and returns its content", async () => {
-    const filePath = path.join(tmpDir, "hello.txt");
-    fs.writeFileSync(filePath, "Hello, world!", "utf-8");
-
-    const result = await ReadFileTool.execute({ path: filePath });
-
-    expect(result.content).toBe("Hello, world!");
-  });
-
-  // ─── Test #28: Returns error for non-existent file ───
-
-  it("returns an error message for a non-existent file", async () => {
-    const result = await ReadFileTool.execute({
-      path: path.join(tmpDir, "nope.txt"),
-    });
-
-    expect(result.content).toMatch(/not found/i);
-  });
-
-  // ─── Test #29: File size guardrail rejects files over 512KB ───
-
-  it("rejects files larger than 512KB with a descriptive error", async () => {
-    const filePath = path.join(tmpDir, "big.txt");
-    // Create a 600KB file
-    const bigContent = "x".repeat(600 * 1024);
-    fs.writeFileSync(filePath, bigContent, "utf-8");
-
-    const result = await ReadFileTool.execute({ path: filePath });
-
-    expect(result.content).toMatch(/too large/i);
-    expect(result.content).toMatch(/512/);
-  });
-
-  // ─── Test #30: Line range slicing works ───
-
-  it("returns only the requested line range", async () => {
-    const filePath = path.join(tmpDir, "lines.txt");
-    const lines = Array.from({ length: 20 }, (_, i) => `Line ${i + 1}`);
-    fs.writeFileSync(filePath, lines.join("\n"), "utf-8");
-
-    const result = await ReadFileTool.execute({
-      path: filePath,
-      startLine: 5,
-      endLine: 7,
-    });
-
-    expect(result.content).toContain("5: Line 5");
-    expect(result.content).toContain("6: Line 6");
-    expect(result.content).toContain("7: Line 7");
-    expect(result.content).not.toContain("4: Line 4");
-    expect(result.content).not.toContain("8: Line 8");
-  });
-
-  // ─── Test #31: Line count guardrail truncates long files ───
-
-  it("truncates files with more than 2000 lines", async () => {
-    const filePath = path.join(tmpDir, "long.txt");
-    // Create a file with 2500 short lines (under 512KB)
-    const lines = Array.from({ length: 2500 }, (_, i) => `L${i + 1}`);
-    fs.writeFileSync(filePath, lines.join("\n"), "utf-8");
-
-    const result = await ReadFileTool.execute({ path: filePath });
-
-    expect(result.content).toMatch(/truncated at 2000 lines/i);
-    expect(result.content).toContain("1: L1");
-    expect(result.content).toContain("2000: L2000");
-    expect(result.content).not.toContain("2001: L2001");
-  });
-
-  // ─── Test #X: Security Guardrail Blocks Outside Files ───
-
-  it("blocks reading files outside the project workspace", async () => {
-    // Create a file in the OS tmp directory (guaranteed outside project workspace)
-    const outsideDir = fs.mkdtempSync(path.join(os.tmpdir(), "joone-outside-"));
-    const filePath = path.join(outsideDir, "secret.txt");
-    fs.writeFileSync(filePath, "secret token", "utf-8");
-
-    try {
-      const result = await ReadFileTool.execute({ path: filePath });
-      expect(result.isError).toBe(true);
-      expect(result.content).toMatch(/Security Error: Access Denied/i);
-      expect(result.content).toMatch(/outside the current project workspace/i);
-    } finally {
-      fs.rmSync(outsideDir, { recursive: true, force: true });
-    }
-  });
-});
-
-describe("WriteFileTool", () => {
-  let tmpDir: string;
-
-  beforeEach(() => {
-    tmpDir = fs.mkdtempSync(path.join(process.cwd(), ".joone-write-test-"));
-  });
-
-  afterEach(() => {
-    fs.rmSync(tmpDir, { recursive: true, force: true });
-  });
-
-  // ─── Test #32: Writes a file to disk ───
-
-  it("writes content to a file and confirms", async () => {
-    const filePath = path.join(tmpDir, "output.ts");
-
-    const result = await WriteFileTool.execute({
-      path: filePath,
-      content: "const x = 42;",
-    });
-
-    expect(result.content).toMatch(/file written/i);
-    expect(fs.readFileSync(filePath, "utf-8")).toBe("const x = 42;");
-  });
-
-  // ─── Test #33: Creates parent directories if needed ───
-
-  it("creates parent directories if they do not exist", async () => {
-    const filePath = path.join(tmpDir, "nested", "deep", "file.ts");
-
-    const result = await WriteFileTool.execute({
-      path: filePath,
-      content: "export {}",
-    });
-
-    expect(result.content).toMatch(/file written/i);
-    expect(fs.existsSync(filePath)).toBe(true);
-  });
-});