memory-journal-mcp 4.4.2 → 5.0.0

package/tests/handlers/tool-handler-coverage.test.ts

@@ -0,0 +1,469 @@
+/**
+ * Tool Handler Coverage Tests
+ *
+ * Additional tests for uncovered code paths in:
+ * - admin.ts (update_entry not found, vectorManager, merge_tags errors)
+ * - relationships.ts (duplicate link, invalid type, tag filtering, no entries)
+ * - backup.ts (restore_backup, cleanup_backups)
+ * - analytics.ts (date ranges, project_breakdown, error branches)
+ * - core.ts (create_entry with teamDb sharing, auto-context, Zod errors)
+ */
+
+import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest'
+import { callTool } from '../../src/handlers/tools/index.js'
+import { SqliteAdapter } from '../../src/database/SqliteAdapter.js'
+import type { VectorSearchManager } from '../../src/vector/VectorSearchManager.js'
+
+function createMockVector(overrides: Partial<Record<string, unknown>> = {}): VectorSearchManager {
+    const defaults = {
+        isInitialized: vi.fn().mockReturnValue(true),
+        initialize: vi.fn().mockResolvedValue(undefined),
+        search: vi.fn().mockResolvedValue([]),
+        addEntry: vi.fn().mockResolvedValue(true),
+        removeEntry: vi.fn().mockResolvedValue(true),
+        rebuildIndex: vi.fn().mockResolvedValue(5),
+        getStats: vi.fn().mockResolvedValue({
+            itemCount: 10,
+            modelName: 'Xenova/all-MiniLM-L6-v2',
+            dimensions: 384,
+        }),
+        generateEmbedding: vi.fn().mockResolvedValue(new Array(384).fill(0)),
+    }
+    return { ...defaults, ...overrides } as unknown as VectorSearchManager
+}
+
+describe('Tool Handler Coverage', () => {
+    let db: SqliteAdapter
+    let teamDb: SqliteAdapter
+    const testDbPath = './test-tool-cov.db'
+    const teamDbPath = './test-tool-team-cov.db'
+
+    beforeAll(async () => {
+        db = new SqliteAdapter(testDbPath)
+        await db.initialize()
+        teamDb = new SqliteAdapter(teamDbPath)
+        await teamDb.initialize()
+    })
+
+    afterAll(() => {
+        db.close()
+        teamDb.close()
+        try {
+            const fs = require('node:fs')
+            for (const p of [testDbPath, teamDbPath]) {
+                if (fs.existsSync(p)) fs.unlinkSync(p)
+            }
+        } catch {
+            // Ignore cleanup errors
+        }
+    })
+
+    // ========================================================================
+    // admin.ts — update_entry
+    // ========================================================================
+
+    describe('update_entry - coverage', () => {
+        it('should return error for nonexistent entry', async () => {
+            const result = (await callTool(
+                'update_entry',
+                { entry_id: 99999, content: 'Updated' },
+                db
+            )) as { success: boolean; error: string }
+
+            expect(result.success).toBe(false)
+            expect(result.error).toContain('not found')
+        })
+
+        it('should re-index when content changes and vectorManager present', async () => {
+            const entry = db.createEntry({ content: 'To be updated with vector' })
+            const vectorManager = createMockVector()
+
+            const result = (await callTool(
+                'update_entry',
+                { entry_id: entry.id, content: 'Updated content with vector' },
+                db,
+                vectorManager
+            )) as { success: boolean; entry: { content: string } }
+
+            expect(result.success).toBe(true)
+            expect(result.entry.content).toBe('Updated content with vector')
+            // vectorManager.addEntry should have been called
+            expect(vectorManager.addEntry).toHaveBeenCalled()
+        })
+
+        it('should handle invalid entry_type with Zod error', async () => {
+            const entry = db.createEntry({ content: 'For invalid type test' })
+            const result = (await callTool(
+                'update_entry',
+                { entry_id: entry.id, entry_type: 'completely_invalid_type' },
+                db
+            )) as { error: string }
+
+            expect(result.error).toBeDefined()
+        })
+    })
+
+    // ========================================================================
+    // admin.ts — delete_entry with vectorManager
+    // ========================================================================
+
+    describe('delete_entry - coverage', () => {
+        it('should remove from vector index on delete', async () => {
+            const entry = db.createEntry({ content: 'Delete with vector' })
+            const vectorManager = createMockVector()
+
+            const result = (await callTool(
+                'delete_entry',
+                { entry_id: entry.id },
+                db,
+                vectorManager
+            )) as { success: boolean }
+
+            expect(result.success).toBe(true)
+            expect(vectorManager.removeEntry).toHaveBeenCalledWith(entry.id)
+        })
+
+        it('should handle permanent delete', async () => {
+            const entry = db.createEntry({ content: 'Permanent delete test' })
+            const result = (await callTool(
+                'delete_entry',
+                { entry_id: entry.id, permanent: true },
+                db
+            )) as { success: boolean; permanent: boolean }
+
+            expect(result.success).toBe(true)
+            expect(result.permanent).toBe(true)
+        })
+    })
+
+    // ========================================================================
+    // admin.ts — merge_tags
+    // ========================================================================
+
+    describe('merge_tags - coverage', () => {
+        it('should return error when source equals target', async () => {
+            const result = (await callTool(
+                'merge_tags',
+                { source_tag: 'same', target_tag: 'same' },
+                db
+            )) as { success: boolean; error: string }
+
+            expect(result.success).toBe(false)
+            expect(result.error).toContain('different')
+        })
+
+        it('should return error for nonexistent source tag', async () => {
+            const result = (await callTool(
+                'merge_tags',
+                { source_tag: 'nonexistent_src_xyz', target_tag: 'nonexistent_tgt_xyz' },
+                db
+            )) as { success: boolean; error: string }
+
+            // mergeTags throws "Source tag not found" for nonexistent source
+            expect(result.success).toBe(false)
+            expect(result.error).toContain('Source tag not found')
+        })
+    })
+
+    // ========================================================================
+    // relationships.ts — link_entries edge cases
+    // ========================================================================
+
+    describe('link_entries - coverage', () => {
+        it('should return duplicate when relationship already exists', async () => {
+            const e1 = db.createEntry({ content: 'Link source dup' })
+            const e2 = db.createEntry({ content: 'Link target dup' })
+
+            // Create first
+            await callTool(
+                'link_entries',
+                {
+                    from_entry_id: e1.id,
+                    to_entry_id: e2.id,
+                    relationship_type: 'references',
+                },
+                db
+            )
+
+            // Create duplicate
+            const result = (await callTool(
+                'link_entries',
+                {
+                    from_entry_id: e1.id,
+                    to_entry_id: e2.id,
+                    relationship_type: 'references',
+                },
+                db
+            )) as { success: boolean; duplicate: boolean; message: string }
+
+            expect(result.success).toBe(true)
+            expect(result.duplicate).toBe(true)
+            expect(result.message).toContain('already exists')
+        })
+
+        it('should return Zod error for invalid relationship_type', async () => {
+            const result = (await callTool(
+                'link_entries',
+                {
+                    from_entry_id: 1,
+                    to_entry_id: 2,
+                    relationship_type: 'invalid_type_xyz',
+                },
+                db
+            )) as { success: boolean; message?: string; error?: string }
+
+            // Should return an error (Zod or domain)
+            expect(result.success === false || result.error !== undefined).toBe(true)
+        })
+    })
+
+    // ========================================================================
+    // relationships.ts — visualize_relationships edge cases
+    // ========================================================================
+
+    describe('visualize_relationships - coverage', () => {
+        it('should return no entries for nonexistent entry_id', async () => {
+            const result = (await callTool('visualize_relationships', { entry_id: 99999 }, db)) as {
+                entry_count: number
+                mermaid: null
+                message: string
+            }
+
+            expect(result.entry_count).toBe(0)
+            expect(result.mermaid).toBeNull()
+            expect(result.message).toContain('not found')
+        })
+
+        it('should filter by tags', async () => {
+            const e1 = db.createEntry({ content: 'Tag viz entry', tags: ['viz-tag1'] })
+            const e2 = db.createEntry({ content: 'Tag viz entry 2', tags: ['viz-tag1'] })
+            await callTool(
+                'link_entries',
+                {
+                    from_entry_id: e1.id,
+                    to_entry_id: e2.id,
+                    relationship_type: 'references',
+                },
+                db
+            )
+
+            const result = (await callTool(
+                'visualize_relationships',
+                { tags: ['viz-tag1'] },
+                db
+            )) as { entry_count: number; mermaid: string | null }
+
+            expect(result.entry_count).toBeGreaterThan(0)
+        })
+
+        it('should show all relationship entries when no filters', async () => {
+            const result = (await callTool('visualize_relationships', {}, db)) as {
+                entry_count: number
+            }
+
+            // Should return entries that have relationships
+            expect(result.entry_count).toBeGreaterThanOrEqual(0)
+        })
+
+        it('should handle entries with tags but no relationships', async () => {
+            db.createEntry({ content: 'Isolated tag entry', tags: ['isolated-tag-xyz'] })
+
+            const result = (await callTool(
+                'visualize_relationships',
+                { tags: ['isolated-tag-xyz'] },
+                db
+            )) as { entry_count: number; relationship_count: number }
+
+            // Entry is found by tag query, but has 0 relationships
+            expect(result.entry_count).toBeGreaterThanOrEqual(1)
+            expect(result.relationship_count).toBe(0)
+        })
+    })
+
+    // ========================================================================
+    // backup.ts — restore_backup, cleanup_backups
+    // ========================================================================
+
+    describe('restore_backup - coverage', () => {
+        it('should return error for nonexistent backup', async () => {
+            const result = (await callTool(
+                'restore_backup',
+                { filename: 'nonexistent_backup.db' },
+                db
+            )) as { success: boolean; error?: string; message?: string }
+
+            expect(result.success).toBe(false)
+        })
+    })
+
+    describe('cleanup_backups - coverage', () => {
+        it('should clean up old backups', async () => {
+            const result = (await callTool('cleanup_backups', { keep_count: 5 }, db)) as {
+                success: boolean
+                message: string
+            }
+
+            expect(result.success).toBe(true)
+            expect(result.message).toBeDefined()
+        })
+    })
+
+    // ========================================================================
+    // analytics.ts — get_statistics
+    // ========================================================================
+
+    describe('get_statistics - coverage', () => {
+        it('should support group_by month', async () => {
+            const result = (await callTool('get_statistics', { group_by: 'month' }, db)) as {
+                groupBy: string
+            }
+
+            expect(result.groupBy).toBe('month')
+        })
+
+        it('should support date range filter', async () => {
+            const today = new Date().toISOString().split('T')[0]!
+            const result = (await callTool(
+                'get_statistics',
+                { start_date: today, end_date: today },
+                db
+            )) as { totalEntries: number }
+
+            expect(result.totalEntries).toBeGreaterThanOrEqual(0)
+        })
+
+        it('should support project_breakdown', async () => {
+            const result = (await callTool('get_statistics', { project_breakdown: true }, db)) as {
+                totalEntries: number
+            }
+
+            expect(result.totalEntries).toBeGreaterThanOrEqual(0)
+        })
+
+        it('should return error for invalid group_by', async () => {
+            const result = (await callTool('get_statistics', { group_by: 'invalid' }, db)) as {
+                error?: string
+            }
+
+            // Should return Zod validation error
+            expect(result.error).toBeDefined()
+        })
+    })
+
+    // ========================================================================
+    // analytics.ts — get_cross_project_insights
+    // ========================================================================
+
+    describe('get_cross_project_insights - coverage', () => {
+        it('should support date range filter', async () => {
+            const today = new Date().toISOString().split('T')[0]!
+            const result = (await callTool(
+                'get_cross_project_insights',
+                {
+                    min_entries: 1,
+                    start_date: today,
+                    end_date: today,
+                },
+                db
+            )) as { project_count: number }
+
+            expect(result.project_count).toBeGreaterThanOrEqual(0)
+        })
+    })
+
+    // ========================================================================
+    // core.ts — create_entry with team sharing
+    // ========================================================================
+
+    describe('create_entry - team sharing coverage', () => {
+        it('should attempt team sharing when share_with_team is true', async () => {
+            const result = (await callTool(
+                'create_entry',
+                {
+                    content: 'Team shared entry test',
+                    share_with_team: true,
+                    is_personal: false,
+                },
+                db,
+                undefined,
+                undefined,
+                undefined,
+                undefined,
+                teamDb
+            )) as { success: boolean; sharedWithTeam?: boolean }
+
+            // Entry is always created in personal DB regardless of team share outcome
+            expect(result.success).toBe(true)
+            // Team share may silently fail (missing author column in test schema)
+            // — the important thing is coverage of the share_with_team code path
+        })
+
+        it('should not share when no teamDb', async () => {
+            const result = (await callTool(
+                'create_entry',
+                {
+                    content: 'No team entry test',
+                    share_with_team: true,
+                },
+                db
+            )) as { success: boolean; sharedWithTeam?: boolean }
+
+            expect(result.success).toBe(true)
+            // No teamDb, so sharedWithTeam shouldn't be present
+            expect(result.sharedWithTeam).toBeUndefined()
+        })
+    })
+
+    // ========================================================================
+    // core.ts — create_entry Zod errors
+    // ========================================================================
+
+    describe('create_entry - Zod errors', () => {
+        it('should return error for invalid entry_type', async () => {
+            const result = (await callTool(
+                'create_entry',
+                { content: 'Test', entry_type: 'invalid_type_xyz' },
+                db
+            )) as { error: string }
+
+            expect(result.error).toBeDefined()
+        })
+
+        it('should return error for invalid significance_type', async () => {
+            const result = (await callTool(
+                'create_entry',
+                { content: 'Test', significance_type: 'invalid_sig' },
+                db
+            )) as { error: string }
+
+            expect(result.error).toBeDefined()
+        })
+
+        it('should return error for empty content', async () => {
+            const result = (await callTool('create_entry', { content: '' }, db)) as {
+                error: string
+            }
+
+            expect(result.error).toBeDefined()
+        })
+    })
+
+    // ========================================================================
+    // core.ts — get_entry_by_id without relationships
+    // ========================================================================
+
+    describe('get_entry_by_id - coverage', () => {
+        it('should return entry without relationships when include_relationships is false', async () => {
+            const entry = db.createEntry({ content: 'No relationships entry' })
+
+            const result = (await callTool(
+                'get_entry_by_id',
+                { entry_id: entry.id, include_relationships: false },
+                db
+            )) as { entry: { id: number }; relationships?: unknown[] }
+
+            expect(result.entry.id).toBe(entry.id)
+            expect(result.relationships).toBeUndefined()
+        })
+    })
+})

package/tests/handlers/tool-handlers.test.ts

@@ -96,7 +96,7 @@ describe('Tool Handlers', () => {
                 'create_entry',
                 {
                     content: 'Full tool entry',
-                    entry_type: 'decision',
+                    entry_type: 'project_decision',
                     tags: ['tool-tag-a', 'tool-tag-b'],
                     is_personal: false,
                     significance_type: 'milestone',
@@ -105,7 +105,7 @@ describe('Tool Handlers', () => {
             )) as { success: boolean; entry: { entryType: string; tags: string[] } }
 
             expect(result.success).toBe(true)
-            expect(result.entry.entryType).toBe('decision')
+            expect(result.entry.entryType).toBe('project_decision')
             expect(result.entry.tags).toContain('tool-tag-a')
         })
     })

package/tests/security/sql-injection.test.ts

@@ -10,11 +10,8 @@ import { SqliteAdapter } from '../../src/database/SqliteAdapter.js'
 import {
     validateDateFormatPattern,
     sanitizeSearchQuery,
-    containsSqlInjection,
-    assertNoSqlInjection,
     assertNoPathTraversal,
     InvalidDateFormatError,
-    SqlInjectionError,
     PathTraversalError,
 } from '../../src/utils/security-utils.js'
 
@@ -120,52 +117,6 @@ describe('Security Utilities', () => {
         })
     })
 
-    describe('containsSqlInjection', () => {
-        it('should detect stacked query injection', () => {
-            expect(containsSqlInjection('; DROP TABLE users')).toBe(true)
-            expect(containsSqlInjection("'; DELETE FROM logs --")).toBe(true)
-        })
-
-        it('should detect comment injection', () => {
-            expect(containsSqlInjection('value -- comment')).toBe(true)
-            expect(containsSqlInjection('test /* block */ comment')).toBe(true)
-        })
-
-        it('should detect UNION injection', () => {
-            expect(containsSqlInjection("' UNION SELECT * FROM users")).toBe(true)
-            expect(containsSqlInjection("' UNION ALL SELECT 1")).toBe(true)
-        })
-
-        it('should detect boolean bypass', () => {
-            expect(containsSqlInjection("' OR '1'='1")).toBe(true)
-        })
-
-        it('should detect SQLite-specific attacks', () => {
-            expect(containsSqlInjection("ATTACH DATABASE 'mal.db' AS x")).toBe(true)
-            expect(containsSqlInjection("load_extension('evil.so')")).toBe(true)
-        })
-
-        it('should not flag safe inputs', () => {
-            for (const input of SAFE_INPUTS) {
-                expect(containsSqlInjection(input)).toBe(false)
-            }
-        })
-    })
-
-    describe('assertNoSqlInjection', () => {
-        it('should throw SqlInjectionError for injection attempts', () => {
-            for (const payload of INJECTION_PAYLOADS) {
-                expect(() => assertNoSqlInjection(payload)).toThrow(SqlInjectionError)
-            }
-        })
-
-        it('should not throw for safe inputs', () => {
-            for (const input of SAFE_INPUTS) {
-                expect(() => assertNoSqlInjection(input)).not.toThrow()
-            }
-        })
-    })
-
     describe('assertNoPathTraversal', () => {
         it('should throw for path traversal attempts', () => {
             expect(() => assertNoPathTraversal('../secret')).toThrow(PathTraversalError)
@@ -314,16 +265,14 @@ describe('SqliteAdapter SQL Injection Protection', () => {
     describe('restoreFromFile - Path Traversal Protection', () => {
         it('should reject filenames with path traversal', async () => {
             await expect(db.restoreFromFile('../../../etc/passwd')).rejects.toThrow(
-                'Invalid backup filename: path separators not allowed'
+                PathTraversalError
             )
 
             await expect(db.restoreFromFile('..\\..\\windows\\system32')).rejects.toThrow(
-                'Invalid backup filename: path separators not allowed'
+                PathTraversalError
             )
 
-            await expect(db.restoreFromFile('/etc/passwd')).rejects.toThrow(
-                'Invalid backup filename: path separators not allowed'
-            )
+            await expect(db.restoreFromFile('/etc/passwd')).rejects.toThrow(PathTraversalError)
         })
     })