kushi-agents 5.2.0 → 5.3.0

package/src/promote.test.mjs

@@ -0,0 +1,161 @@
+// kushi v5.3.0 — promote operation tests.
+// MUST use $env:KUSHI_GLOBAL_ROOT under .testtmp/ — never the real ~/.kushi-global/.
+
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+import { detectIdentifiers, promote, globalInit } from './global-wiki.mjs';
+
+const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..');
+const TESTTMP = path.join(repoRoot, '.testtmp');
+
+function makeFixtureProject(label, body) {
+  const root = path.join(TESTTMP, `promote-${label}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`);
+  const evidence = path.join(root, 'projectroot', 'Evidence', 'acme', 'State', 'answers');
+  fs.mkdirSync(evidence, { recursive: true });
+  const page = path.join(evidence, '2026-05-27_confidence-ladder.md');
+  fs.writeFileSync(page, body);
+  return {
+    tmpRoot: root,
+    projectRoot: path.join(root, 'projectroot'),
+    globalRoot: path.join(root, 'global'),
+    sourcePath: page,
+    relSource: path.relative(path.join(root, 'projectroot'), page),
+  };
+}
+
+function rmrf(p) {
+  if (fs.existsSync(p)) fs.rmSync(p, { recursive: true, force: true });
+}
+
+test('promote: detectIdentifiers flags project name, alias, and external email', () => {
+  const body = [
+    '# notes',
+    'Acme is shipping in Q3 with help from lead@acme.com.',
+    'acme stakeholder pinged us; also internal kushikd@microsoft.com (ok).',
+    'Re-pinged Acme on Friday.',
+  ].join('\n');
+
+  const hits = detectIdentifiers(body, { project: 'acme', alias: 'acme' });
+  const literal = hits.find((h) => h.kind === 'project-or-alias');
+  assert.ok(literal, 'must flag project literal');
+  assert.ok(literal.count >= 3, `expected ≥3 acme hits, got ${literal.count}`);
+
+  const emails = hits.filter((h) => h.kind === 'external-email');
+  assert.equal(emails.length, 1, 'must flag exactly the external email');
+  assert.equal(emails[0].pattern, 'lead@acme.com');
+
+  const internalLeak = hits.find((h) => h.pattern && h.pattern.endsWith('@microsoft.com'));
+  assert.equal(internalLeak, undefined, '@microsoft.com must NOT be flagged');
+});
+
+test('promote: refuses without --force when identifiers are detected', () => {
+  const fx = makeFixtureProject(
+    'refuse',
+    '---\nkushi_state_page: true\n---\n\n# Acme confidence ladder\n\nAcme uses strong/weak/hypothesis tiers. Contact lead@acme.com.\n',
+  );
+  try {
+    globalInit({ root: fx.globalRoot });
+    const r = promote({
+      project: 'acme',
+      sourcePath: fx.sourcePath,
+      projectRoot: fx.projectRoot,
+      globalRoot: fx.globalRoot,
+    });
+    assert.equal(r.ok, false, 'must refuse');
+    assert.equal(r.refused, true);
+    assert.ok(r.detections.length >= 1, 'must surface detections');
+    // No target file written under answers/.
+    const answers = path.join(fx.globalRoot, 'State', 'answers');
+    const files = fs.existsSync(answers) ? fs.readdirSync(answers) : [];
+    assert.equal(files.length, 0, 'refusal must leave global answers/ empty');
+  } finally {
+    rmrf(fx.tmpRoot);
+  }
+});
+
+test('promote: --force writes redacted target, privacy callout, back-link, and dual log', () => {
+  const fx = makeFixtureProject(
+    'force',
+    '---\nkushi_state_page: true\n---\n\n# Acme confidence ladder\n\nAcme uses strong/weak/hypothesis tiers. Contact lead@acme.com.\n',
+  );
+  try {
+    globalInit({ root: fx.globalRoot });
+    const r = promote({
+      project: 'acme',
+      sourcePath: fx.sourcePath,
+      projectRoot: fx.projectRoot,
+      globalRoot: fx.globalRoot,
+      force: true,
+      now: new Date('2026-05-27T12:00:00Z'),
+    });
+
+    assert.equal(r.ok, true, 'forced promote must succeed');
+    assert.ok(r.target && fs.existsSync(r.target), 'target file must exist');
+    assert.ok(r.redactions.length >= 2, `expected ≥2 redactions, got ${r.redactions.length}`);
+
+    const targetBody = fs.readFileSync(r.target, 'utf8');
+    assert.match(targetBody, /^---\n/, 'target must start with frontmatter');
+    assert.match(targetBody, /scope: global/, 'target frontmatter must mark scope: global');
+    assert.match(targetBody, /promoted_from: "acme\//, 'target must record promoted_from');
+    assert.match(targetBody, /promoted_at:/, 'target must record promoted_at');
+    assert.match(targetBody, /\[REDACTED\]/, 'target body must contain [REDACTED]');
+    // Strip frontmatter AND the privacy callout block (which legitimately echoes the redacted labels) before scanning prose.
+    const prose = targetBody
+      .replace(/^---\n[\s\S]*?\n---\n/, '')
+      .replace(/> \[!warning\] potential-customer-leak[\s\S]*$/m, '');
+    assert.doesNotMatch(prose, /lead@acme\.com/, 'external email must be redacted in prose');
+    assert.doesNotMatch(prose, /\bAcme\b/i, 'project literal must be redacted in prose');
+    assert.match(targetBody, /> \[!warning\] potential-customer-leak/, 'target must carry privacy callout');
+
+    // Source must gain back-link callout.
+    const sourceBody = fs.readFileSync(fx.sourcePath, 'utf8');
+    assert.match(sourceBody, /> \[!info\] Promoted to global wiki/, 'source must carry back-link callout');
+    assert.match(sourceBody, /answers\/[a-z0-9-]+\.md/, 'back-link must reference the global slug');
+
+    // Dual log: both project State/log.md and global State/log.md updated.
+    // Project log lives at <projectRoot>/Evidence/acme/State/log.md
+    const projLog = path.join(fx.projectRoot, 'Evidence', 'acme', 'State', 'log.md');
+    assert.ok(fs.existsSync(projLog), 'project log must exist after promote');
+    assert.match(fs.readFileSync(projLog, 'utf8'), /promote\b/, 'project log must record promote op');
+
+    const globalLog = path.join(fx.globalRoot, 'State', 'log.md');
+    assert.match(fs.readFileSync(globalLog, 'utf8'), /promote-in/, 'global log must record promote-in op');
+  } finally {
+    rmrf(fx.tmpRoot);
+  }
+});
+
+test('promote: clean page (no identifiers) promotes without --force and emits no privacy callout', () => {
+  const fx = makeFixtureProject(
+    'clean',
+    '---\nkushi_state_page: true\n---\n\n# Confidence ladder pattern\n\nUse strong / weak / hypothesis tiers when reporting findings. Contact teammate@microsoft.com.\n',
+  );
+  try {
+    globalInit({ root: fx.globalRoot });
+    const r = promote({
+      project: 'acme',
+      sourcePath: fx.sourcePath,
+      projectRoot: fx.projectRoot,
+      globalRoot: fx.globalRoot,
+      // NOTE: source path lives under Evidence/acme/, so alias guess = 'acme'.
+      // Body never mentions 'acme' or 'Acme' literally, and @microsoft.com is allowed.
+    });
+    assert.equal(r.ok, true, 'clean page must promote without --force');
+    assert.equal(r.refused, false);
+    assert.equal(r.redactions.length, 0, 'clean page must produce zero redactions');
+
+    const targetBody = fs.readFileSync(r.target, 'utf8');
+    assert.doesNotMatch(
+      targetBody,
+      /> \[!warning\] potential-customer-leak/,
+      'clean promote must NOT emit a privacy callout',
+    );
+    assert.match(targetBody, /redactions: \[\]/, 'frontmatter must record empty redactions array');
+  } finally {
+    rmrf(fx.tmpRoot);
+  }
+});