memory-journal-mcp 4.3.0 → 4.4.0

package/tests/utils/logger.test.ts

@@ -0,0 +1,180 @@
+/**
+ * Logger Tests
+ *
+ * Tests the stderr Logger class: level filtering, formatting, sanitization.
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
+import { logger } from '../../src/utils/logger.js'
+
+describe('Logger', () => {
+    let errorSpy: ReturnType<typeof vi.spyOn>
+
+    beforeEach(() => {
+        errorSpy = vi.spyOn(console, 'error').mockImplementation(() => {})
+    })
+
+    afterEach(() => {
+        errorSpy.mockRestore()
+        // Reset to default level
+        logger.setLevel('info')
+    })
+
+    // ========================================================================
+    // Level filtering
+    // ========================================================================
+
+    describe('level filtering', () => {
+        it('should log messages at or below the configured level', () => {
+            logger.setLevel('info')
+            logger.info('info message')
+            logger.error('error message')
+
+            expect(errorSpy).toHaveBeenCalledTimes(2)
+        })
+
+        it('should suppress messages above the configured level', () => {
+            logger.setLevel('error')
+            logger.debug('debug message')
+            logger.info('info message')
+            logger.notice('notice message')
+            logger.warning('warning message')
+
+            expect(errorSpy).not.toHaveBeenCalled()
+        })
+
+        it('should allow debug messages at debug level', () => {
+            logger.setLevel('debug')
+            logger.debug('debug message')
+
+            expect(errorSpy).toHaveBeenCalledTimes(1)
+        })
+
+        it('should log critical messages at any level', () => {
+            logger.setLevel('critical')
+            logger.critical('critical failure')
+
+            expect(errorSpy).toHaveBeenCalledTimes(1)
+        })
+    })
+
+    // ========================================================================
+    // Formatting
+    // ========================================================================
+
+    describe('formatting', () => {
+        it('should include timestamp, level, and message', () => {
+            logger.info('test message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            // [timestamp] [LEVEL   ] message
+            expect(output).toMatch(/^\[.+\] \[INFO\s+\]/)
+            expect(output).toContain('test message')
+        })
+
+        it('should include module when provided', () => {
+            logger.info('test', { module: 'TestModule' })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            expect(output).toContain('[TestModule]')
+        })
+
+        it('should include operation when provided', () => {
+            logger.info('test', { operation: 'doSomething' })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            expect(output).toContain('[doSomething]')
+        })
+
+        it('should include extra context fields as JSON', () => {
+            logger.info('test', { module: 'M', entityId: 42 })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            expect(output).toContain('"entityId":42')
+        })
+
+        it('should omit extras JSON when no extra fields', () => {
+            logger.info('plain message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            // Should not contain JSON braces (from extras)
+            expect(output).not.toContain('{')
+        })
+    })
+
+    // ========================================================================
+    // Sanitization
+    // ========================================================================
+
+    describe('sanitization', () => {
+        it('should sanitize error field containing tokens', () => {
+            const token = 'ghp_' + 'X'.repeat(36)
+            logger.error('Request failed', {
+                module: 'GitHub',
+                error: `Token ${token} expired`,
+            })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            expect(output).not.toContain(token)
+            expect(output).toContain('[REDACTED]')
+        })
+
+        it('should not sanitize non-string error fields', () => {
+            logger.error('Error occurred', {
+                module: 'DB',
+                error: 500,
+            })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            expect(output).toContain('"error":500')
+        })
+    })
+
+    // ========================================================================
+    // setLevel
+    // ========================================================================
+
+    describe('setLevel', () => {
+        it('should change the minimum log level', () => {
+            logger.setLevel('critical')
+            logger.error('should not appear')
+            expect(errorSpy).not.toHaveBeenCalled()
+
+            logger.setLevel('error')
+            logger.error('should appear')
+            expect(errorSpy).toHaveBeenCalledTimes(1)
+        })
+    })
+
+    // ========================================================================
+    // Convenience methods
+    // ========================================================================
+
+    describe('convenience methods', () => {
+        it('should log via debug()', () => {
+            logger.setLevel('debug')
+            logger.debug('debug msg')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('DEBUG')
+        })
+
+        it('should log via notice()', () => {
+            logger.notice('notice msg')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('NOTICE')
+        })
+
+        it('should log via warning()', () => {
+            logger.warning('warning msg')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('WARNING')
+        })
+
+        it('should log via critical()', () => {
+            logger.setLevel('critical')
+            logger.critical('critical msg')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('CRITICAL')
+        })
+    })
+})

package/tests/utils/mcp-logger.test.ts

@@ -0,0 +1,212 @@
+/**
+ * McpLogger Tests
+ *
+ * Tests the MCP Protocol Logger: level filtering, stderr fallback, MCP send.
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
+import { McpLogger, mcpLogger } from '../../src/utils/McpLogger.js'
+
+describe('McpLogger', () => {
+    let mcpLog: McpLogger
+    let errorSpy: ReturnType<typeof vi.spyOn>
+
+    beforeEach(() => {
+        mcpLog = new McpLogger()
+        errorSpy = vi.spyOn(console, 'error').mockImplementation(() => {})
+    })
+
+    afterEach(() => {
+        errorSpy.mockRestore()
+    })
+
+    // ========================================================================
+    // Level management
+    // ========================================================================
+
+    describe('setLevel / getLevel', () => {
+        it('should default to info level', () => {
+            expect(mcpLog.getLevel()).toBe('info')
+        })
+
+        it('should set and get level correctly', () => {
+            mcpLog.setLevel('debug')
+            expect(mcpLog.getLevel()).toBe('debug')
+        })
+
+        it('should accept all valid MCP log levels', () => {
+            const levels = [
+                'debug',
+                'info',
+                'notice',
+                'warning',
+                'error',
+                'critical',
+                'alert',
+                'emergency',
+            ] as const
+
+            for (const level of levels) {
+                mcpLog.setLevel(level)
+                expect(mcpLog.getLevel()).toBe(level)
+            }
+        })
+    })
+
+    // ========================================================================
+    // Level filtering
+    // ========================================================================
+
+    describe('level filtering', () => {
+        it('should log messages at or below configured severity', () => {
+            mcpLog.setLevel('info')
+            mcpLog.log('info', 'test', { message: 'info msg' })
+            mcpLog.log('error', 'test', { message: 'error msg' })
+
+            expect(errorSpy).toHaveBeenCalledTimes(2)
+        })
+
+        it('should suppress messages above configured severity', () => {
+            mcpLog.setLevel('error')
+            mcpLog.log('info', 'test', { message: 'should be suppressed' })
+            mcpLog.log('debug', 'test', { message: 'also suppressed' })
+
+            expect(errorSpy).not.toHaveBeenCalled()
+        })
+
+        it('should log emergency at any level', () => {
+            mcpLog.setLevel('emergency')
+            mcpLog.log('emergency', 'test', { message: 'critical system failure' })
+
+            expect(errorSpy).toHaveBeenCalledTimes(1)
+        })
+    })
+
+    // ========================================================================
+    // stderr fallback (no server)
+    // ========================================================================
+
+    describe('stderr fallback', () => {
+        it('should format output with timestamp, level, and logger name', () => {
+            mcpLog.log('info', 'MyModule', { message: 'hello world' })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            expect(output).toMatch(/^\[.+\] \[INFO\s+\]/)
+            expect(output).toContain('[MyModule]')
+            expect(output).toContain('hello world')
+        })
+
+        it('should include extra context in stderr output', () => {
+            mcpLog.log('warning', 'DB', {
+                message: 'Slow query',
+                operation: 'SELECT',
+                duration: 2500,
+            })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+
+            expect(output).toContain('"operation":"SELECT"')
+            expect(output).toContain('"duration":2500')
+        })
+    })
+
+    // ========================================================================
+    // MCP server integration
+    // ========================================================================
+
+    describe('MCP server send', () => {
+        it('should send via MCP protocol when server is set', () => {
+            const mockServer = {
+                sendLoggingMessage: vi.fn(),
+            }
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            mcpLog.setServer(mockServer as any)
+
+            mcpLog.log('info', 'test', { message: 'via MCP' })
+
+            expect(mockServer.sendLoggingMessage).toHaveBeenCalledWith({
+                level: 'info',
+                logger: 'test',
+                data: { message: 'via MCP' },
+            })
+            // Should also log to stderr
+            expect(errorSpy).toHaveBeenCalled()
+        })
+
+        it('should fall back to stderr if MCP send throws', () => {
+            const mockServer = {
+                sendLoggingMessage: vi.fn(() => {
+                    throw new Error('Transport error')
+                }),
+            }
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            mcpLog.setServer(mockServer as any)
+
+            // Should not throw
+            mcpLog.log('error', 'test', { message: 'fallback test' })
+
+            // Should still log to stderr (fallback + always-log)
+            expect(errorSpy).toHaveBeenCalled()
+        })
+    })
+
+    // ========================================================================
+    // Convenience methods
+    // ========================================================================
+
+    describe('convenience methods', () => {
+        it('should log via debug()', () => {
+            mcpLog.setLevel('debug')
+            mcpLog.debug('mod', 'debug message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('DEBUG')
+            expect(output).toContain('debug message')
+        })
+
+        it('should log via info()', () => {
+            mcpLog.info('mod', 'info message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('INFO')
+        })
+
+        it('should log via notice()', () => {
+            mcpLog.notice('mod', 'notice message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('NOTICE')
+        })
+
+        it('should log via warning()', () => {
+            mcpLog.warning('mod', 'warning message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('WARNING')
+        })
+
+        it('should log via error()', () => {
+            mcpLog.error('mod', 'error message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('ERROR')
+        })
+
+        it('should log via critical()', () => {
+            mcpLog.setLevel('critical')
+            mcpLog.critical('mod', 'critical message')
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('CRITICAL')
+        })
+
+        it('should pass context through convenience methods', () => {
+            mcpLog.info('mod', 'msg', { extra: 'data' })
+            const output = errorSpy.mock.calls[0]?.[0] as string
+            expect(output).toContain('"extra":"data"')
+        })
+    })
+
+    // ========================================================================
+    // Singleton
+    // ========================================================================
+
+    describe('singleton', () => {
+        it('should export mcpLogger as a McpLogger instance', () => {
+            expect(mcpLogger).toBeInstanceOf(McpLogger)
+        })
+    })
+})

package/tests/utils/progress-utils.test.ts

@@ -0,0 +1,156 @@
+/**
+ * Progress Utilities Tests
+ *
+ * Tests sendProgress and createBatchProgressReporter with mock NotificationSender.
+ */
+
+import { describe, it, expect, vi } from 'vitest'
+import { sendProgress, createBatchProgressReporter } from '../../src/utils/progress-utils.js'
+import type { ProgressContext } from '../../src/utils/progress-utils.js'
+
+/** Create a mock ProgressContext */
+function createMockContext(token?: string | number): {
+    ctx: ProgressContext
+    notifications: { progress: number; total?: number; message?: string }[]
+} {
+    const notifications: { progress: number; total?: number; message?: string }[] = []
+    const ctx: ProgressContext = {
+        server: {
+            notification: vi.fn(async (n) => {
+                notifications.push(n.params)
+            }),
+        },
+        progressToken: token,
+    }
+    return { ctx, notifications }
+}
+
+// ============================================================================
+// sendProgress
+// ============================================================================
+
+describe('sendProgress', () => {
+    it('should no-op when context is undefined', async () => {
+        // Should not throw
+        await sendProgress(undefined, 5, 10, 'working')
+    })
+
+    it('should no-op when progressToken is undefined', async () => {
+        const { ctx } = createMockContext(undefined)
+        await sendProgress(ctx, 5, 10, 'working')
+        expect(ctx.server.notification).not.toHaveBeenCalled()
+    })
+
+    it('should send notification with correct shape', async () => {
+        const { ctx, notifications } = createMockContext('token-1')
+        await sendProgress(ctx, 3, 10, 'Processing')
+
+        expect(notifications).toHaveLength(1)
+        expect(notifications[0]).toEqual({
+            progressToken: 'token-1',
+            progress: 3,
+            total: 10,
+            message: 'Processing',
+        })
+    })
+
+    it('should omit total when undefined', async () => {
+        const { ctx, notifications } = createMockContext('t2')
+        await sendProgress(ctx, 5, undefined, 'step')
+
+        expect(notifications[0]).not.toHaveProperty('total')
+        expect(notifications[0]?.progress).toBe(5)
+    })
+
+    it('should omit message when undefined', async () => {
+        const { ctx, notifications } = createMockContext('t3')
+        await sendProgress(ctx, 7, 10)
+
+        expect(notifications[0]).not.toHaveProperty('message')
+    })
+
+    it('should omit message when empty string', async () => {
+        const { ctx, notifications } = createMockContext('t4')
+        await sendProgress(ctx, 1, 5, '')
+
+        expect(notifications[0]).not.toHaveProperty('message')
+    })
+
+    it('should accept numeric progressToken', async () => {
+        const { ctx, notifications } = createMockContext(42)
+        await sendProgress(ctx, 1, 1, 'done')
+
+        expect(notifications[0]?.progressToken).toBe(42)
+    })
+
+    it('should silently handle notification errors', async () => {
+        const ctx: ProgressContext = {
+            server: {
+                notification: vi.fn(async () => {
+                    throw new Error('Transport closed')
+                }),
+            },
+            progressToken: 'token',
+        }
+
+        // Should not throw
+        await sendProgress(ctx, 1, 10, 'test')
+    })
+})
+
+// ============================================================================
+// createBatchProgressReporter
+// ============================================================================
+
+describe('createBatchProgressReporter', () => {
+    it('should report at throttle intervals', async () => {
+        const { ctx, notifications } = createMockContext('batch-1')
+        const report = createBatchProgressReporter(ctx, 100, 10)
+
+        // Report items 1 through 30
+        for (let i = 1; i <= 30; i++) {
+            await report(i, `Item ${i}`)
+        }
+
+        // Should have reported at 10, 20, 30
+        expect(notifications).toHaveLength(3)
+        expect(notifications[0]?.progress).toBe(10)
+        expect(notifications[1]?.progress).toBe(20)
+        expect(notifications[2]?.progress).toBe(30)
+    })
+
+    it('should always report on completion', async () => {
+        const { ctx, notifications } = createMockContext('batch-2')
+        const total = 15
+        const report = createBatchProgressReporter(ctx, total, 10)
+
+        // Report items 1 through 15 (total)
+        for (let i = 1; i <= total; i++) {
+            await report(i)
+        }
+
+        // Should report at 10 and 15 (completion)
+        expect(notifications).toHaveLength(2)
+        expect(notifications[1]?.progress).toBe(15)
+    })
+
+    it('should skip intermediate items below throttle', async () => {
+        const { ctx, notifications } = createMockContext('batch-3')
+        const report = createBatchProgressReporter(ctx, 100, 20)
+
+        await report(5)
+        await report(10)
+        await report(15)
+
+        expect(notifications).toHaveLength(0)
+    })
+
+    it('should work with undefined context', async () => {
+        const report = createBatchProgressReporter(undefined, 50, 10)
+
+        // Should not throw
+        for (let i = 1; i <= 50; i++) {
+            await report(i)
+        }
+    })
+})

package/tests/utils/security-utils.test.ts

@@ -0,0 +1,82 @@
+/**
+ * Security Utilities Tests - sanitizeErrorForLogging
+ *
+ * Covers the token scrubbing function not tested by sql-injection.test.ts.
+ */
+
+import { describe, it, expect } from 'vitest'
+import { sanitizeErrorForLogging } from '../../src/utils/security-utils.js'
+
+describe('sanitizeErrorForLogging', () => {
+    it('should redact GitHub classic PATs (ghp_)', () => {
+        const token = 'ghp_' + 'A'.repeat(36)
+        const message = `Request failed: token ${token} is invalid`
+        const result = sanitizeErrorForLogging(message)
+
+        expect(result).not.toContain(token)
+        expect(result).toContain('[REDACTED]')
+        expect(result).toBe('Request failed: token [REDACTED] is invalid')
+    })
+
+    it('should redact GitHub fine-grained PATs (github_pat_)', () => {
+        const token = 'github_pat_' + 'B'.repeat(82)
+        const message = `Auth error with ${token}`
+        const result = sanitizeErrorForLogging(message)
+
+        expect(result).not.toContain(token)
+        expect(result).toContain('[REDACTED]')
+    })
+
+    it('should redact Authorization headers with token', () => {
+        const message =
+            'Failed request with Authorization: token ghp_secret123456789012345678901234567890'
+        const result = sanitizeErrorForLogging(message)
+
+        expect(result).toContain('[REDACTED]')
+        expect(result).not.toContain('ghp_secret')
+    })
+
+    it('should redact Authorization headers with Bearer', () => {
+        const message = 'Error: Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.payload.sig'
+        const result = sanitizeErrorForLogging(message)
+
+        expect(result).toContain('[REDACTED]')
+        expect(result).not.toContain('eyJhbGciOiJIUzI1NiJ9')
+    })
+
+    it('should redact generic Bearer tokens', () => {
+        const message = 'Token expired: Bearer abc123.def456.ghi789+/=='
+        const result = sanitizeErrorForLogging(message)
+
+        expect(result).toContain('[REDACTED]')
+        expect(result).not.toContain('abc123.def456')
+    })
+
+    it('should pass through clean messages unchanged', () => {
+        const message = 'Database connection failed at localhost:5432'
+        expect(sanitizeErrorForLogging(message)).toBe(message)
+    })
+
+    it('should pass through empty string', () => {
+        expect(sanitizeErrorForLogging('')).toBe('')
+    })
+
+    it('should handle multiple tokens in one message', () => {
+        const token1 = 'ghp_' + 'C'.repeat(36)
+        const token2 = 'ghp_' + 'D'.repeat(36)
+        const message = `Token1: ${token1}, Token2: ${token2}`
+        const result = sanitizeErrorForLogging(message)
+
+        expect(result).not.toContain(token1)
+        expect(result).not.toContain(token2)
+        expect(result).toBe('Token1: [REDACTED], Token2: [REDACTED]')
+    })
+
+    it('should be idempotent - calling twice yields same result', () => {
+        const token = 'ghp_' + 'E'.repeat(36)
+        const message = `Error with ${token}`
+        const first = sanitizeErrorForLogging(message)
+        const second = sanitizeErrorForLogging(first)
+        expect(first).toBe(second)
+    })
+})