memory-journal-mcp 6.1.2 → 6.2.1

package/tests/codemode/sandbox.test.ts

@@ -1,190 +0,0 @@
-/**
- * Code Mode Sandbox Tests (VM-based)
- *
- * Tests for CodeModeSandbox and SandboxPool non-execution paths.
- * Note: Actual code execution is tested via Playwright E2E tests because
- * vm.createContext async IIFEs don't resolve Promises correctly in vitest's
- * module environment (the Promise microtask queue in the VM context doesn't
- * interop with the host event loop).
- *
- * Covers:
- * - Sandbox construction and options
- * - Compilation cache (LRU)
- * - Pool construction and configuration
- * - Pool concurrency tracking
- */
-
-import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest'
-import * as vm from 'node:vm'
-import { CodeModeSandbox, SandboxPool } from '../../src/codemode/index.js'
-
-describe('CodeModeSandbox', () => {
-    let sandbox: CodeModeSandbox
-
-    beforeEach(() => {
-        sandbox = new CodeModeSandbox()
-    })
-
-    // =========================================================================
-    // Construction
-    // =========================================================================
-
-    describe('construction', () => {
-        it('should create with default options', () => {
-            expect(sandbox).toBeDefined()
-        })
-
-        it('should accept custom options', () => {
-            const custom = new CodeModeSandbox({
-                timeoutMs: 5000,
-                memoryLimitMb: 64,
-                cpuLimitMs: 5000,
-            })
-            expect(custom).toBeDefined()
-        })
-    })
-
-    // =========================================================================
-    // Compilation Cache
-    // =========================================================================
-
-    describe('cache', () => {
-        it('should start with empty cache', () => {
-            expect(sandbox.getCacheSize()).toBe(0)
-        })
-
-        it('should clear cache without errors', () => {
-            sandbox.clearCache()
-            expect(sandbox.getCacheSize()).toBe(0)
-        })
-
-        it('should report cache size as a number', () => {
-            expect(typeof sandbox.getCacheSize()).toBe('number')
-        })
-    })
-
-    // =========================================================================
-    // Execution
-    // =========================================================================
-
-    describe('execute', () => {
-        let runInContextSpy: any
-
-        beforeEach(() => {
-            runInContextSpy = vi
-                .spyOn(vm.Script.prototype, 'runInContext')
-                .mockReturnValue(Promise.resolve(42) as any)
-        })
-
-        afterEach(() => {
-            if (runInContextSpy) runInContextSpy.mockRestore()
-        })
-
-        it('should execute code returning a valid result', async () => {
-            const result = await sandbox.execute('return 42', {})
-            expect(result.success).toBe(true)
-            if (result.success) {
-                expect(result.result).toBe(42)
-                expect(result.metrics).toBeDefined()
-            }
-        })
-
-        it('should catch errors thrown during execution', async () => {
-            runInContextSpy.mockImplementation(() => {
-                throw new Error('VM crash')
-            })
-            const result = await sandbox.execute('throw new Error("Crash")', {})
-            expect(result.success).toBe(false)
-            if (!result.success) {
-                expect(result.error).toBe('VM crash')
-            }
-        })
-
-        it('should provide wrapped console methods', async () => {
-            // This will execute against the mock, but the console wrappers are created
-            // within the 'execute' setup before runInContext is called.
-            const result = await sandbox.execute(
-                `
-                console.log("log entry");
-                console.warn("warn entry");
-                console.error("error entry");
-                return true;
-            `,
-                {}
-            )
-            expect(result.success).toBe(true)
-        })
-
-        it('should evict oldest entries when cache exceeds capacity', async () => {
-            // Max capacity of ScriptCache is 50. Generate 55 unique scripts.
-            for (let i = 0; i < 55; i++) {
-                await sandbox.execute(`return ${i}`, {})
-            }
-            expect(sandbox.getCacheSize()).toBe(50)
-        })
-    })
-})
-
-// =============================================================================
-// SandboxPool
-// =============================================================================
-
-describe('SandboxPool', () => {
-    it('should create with default options', () => {
-        const pool = new SandboxPool()
-        expect(pool).toBeDefined()
-    })
-
-    it('should create with custom options', () => {
-        const pool = new SandboxPool(
-            { timeoutMs: 5000 },
-            { maxInstances: 5, minInstances: 1, idleTimeoutMs: 30000 }
-        )
-        expect(pool).toBeDefined()
-    })
-
-    it('should track active count starting at zero', () => {
-        const pool = new SandboxPool()
-        expect(pool.getActiveCount()).toBe(0)
-    })
-
-    it('should have a unique pool ID', () => {
-        const pool1 = new SandboxPool()
-        const pool2 = new SandboxPool()
-        expect(pool1.poolId).toBeDefined()
-        expect(pool2.poolId).toBeDefined()
-        expect(pool1.poolId).not.toBe(pool2.poolId)
-    })
-
-    it('should generate valid UUID pool IDs', () => {
-        const pool = new SandboxPool()
-        // UUID v4 format: 8-4-4-4-12 hex characters
-        expect(pool.poolId).toMatch(
-            /^[\da-f]{8}-[\da-f]{4}-4[\da-f]{3}-[89ab][\da-f]{3}-[\da-f]{12}$/i
-        )
-    })
-
-    it('should refuse execution if max instances exceeded', async () => {
-        const pool = new SandboxPool({}, { maxInstances: 0 })
-        const result = await pool.execute('return 1', {})
-        expect(result.success).toBe(false)
-        expect(result.error).toContain('exhausted')
-    })
-
-    it('should decrement active count on execution completion', async () => {
-        const pool = new SandboxPool({}, { maxInstances: 5 })
-        expect(pool.getActiveCount()).toBe(0)
-
-        // Mock the actual execution to avoid vm hanging in vitest
-        const executeSpy = vi.spyOn(CodeModeSandbox.prototype, 'execute').mockResolvedValue({
-            success: true,
-            result: 1,
-            metrics: { durationMs: 1, memoryBytes: 0, peakMemoryBytes: 0 },
-        })
-
-        await pool.execute('return 1', {})
-        expect(pool.getActiveCount()).toBe(0)
-
-        executeSpy.mockRestore()
-    })
-})

package/tests/codemode/security.test.ts

@@ -1,242 +0,0 @@
-/**
- * Code Mode Security Tests
- *
- * Tests for CodeModeSecurityManager:
- * - Code validation (length, empty, blocked patterns)
- * - Rate limiting (allow, deny, window reset)
- * - Result size validation (pass, oversized, non-serializable)
- * - Config accessors
- */
-
-import { describe, it, expect, beforeEach } from 'vitest'
-import { CodeModeSecurityManager, DEFAULT_SECURITY_CONFIG } from '../../src/codemode/index.js'
-
-describe('CodeModeSecurityManager', () => {
-    let security: CodeModeSecurityManager
-
-    beforeEach(() => {
-        security = new CodeModeSecurityManager()
-    })
-
-    // =========================================================================
-    // Code Validation
-    // =========================================================================
-
-    describe('validateCode', () => {
-        it('should accept valid code', () => {
-            const result = security.validateCode('const x = 1 + 2; return x;')
-            expect(result.valid).toBe(true)
-            expect(result.errors).toHaveLength(0)
-        })
-
-        it('should reject empty code', () => {
-            const result = security.validateCode('   ')
-            expect(result.valid).toBe(false)
-            expect(result.errors).toContain('Code cannot be empty')
-        })
-
-        it('should reject code exceeding max length', () => {
-            const mgr = new CodeModeSecurityManager({ maxCodeLength: 100 })
-            const longCode = 'a'.repeat(200)
-            const result = mgr.validateCode(longCode)
-            expect(result.valid).toBe(false)
-            expect(result.errors[0]).toContain('maximum length')
-        })
-
-        it('should reject require() calls', () => {
-            const result = security.validateCode('const fs = require("fs")')
-            expect(result.valid).toBe(false)
-            expect(result.errors.some((e) => e.includes('blocked pattern'))).toBe(true)
-        })
-
-        it('should reject dynamic import()', () => {
-            const result = security.validateCode('const m = await import("os")')
-            expect(result.valid).toBe(false)
-            expect(result.errors.some((e) => e.includes('blocked pattern'))).toBe(true)
-        })
-
-        it('should reject process access', () => {
-            const result = security.validateCode('process.exit(1)')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject global access', () => {
-            const result = security.validateCode('global.foo = "bar"')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject globalThis access', () => {
-            const result = security.validateCode('globalThis.foo = "bar"')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject eval()', () => {
-            const result = security.validateCode('eval("1+1")')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject Function constructor', () => {
-            const result = security.validateCode('new Function ("return 1")')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject __proto__ access', () => {
-            const result = security.validateCode('const x = {}.__proto__')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject constructor.constructor chaining', () => {
-            const result = security.validateCode('x.constructor.constructor("alert")')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject child_process', () => {
-            const result = security.validateCode('const cp = child_process.exec("ls")')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject fs access', () => {
-            const result = security.validateCode('fs.readFileSync("/etc/passwd")')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject net access', () => {
-            const result = security.validateCode('net.createServer()')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject http access', () => {
-            const result = security.validateCode('http.createServer()')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject https access', () => {
-            const result = security.validateCode('https.get("http://evil.com")')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject bracket-notation constructor access', () => {
-            const result = security.validateCode('x["constructor"]')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should reject Reflect.construct', () => {
-            const result = security.validateCode('Reflect.construct(Function, ["return 1"])')
-            expect(result.valid).toBe(false)
-        })
-
-        it('should accumulate multiple violations', () => {
-            const result = security.validateCode('require("fs"); process.exit(1)')
-            expect(result.valid).toBe(false)
-            expect(result.errors.length).toBeGreaterThanOrEqual(2)
-        })
-
-        it('should allow safe API calls', () => {
-            const result = security.validateCode(
-                'const entries = await mj.core.getRecentEntries({ limit: 5 }); return entries;'
-            )
-            expect(result.valid).toBe(true)
-        })
-    })
-
-    // =========================================================================
-    // Rate Limiting
-    // =========================================================================
-
-    describe('checkRateLimit', () => {
-        it('should allow first execution', () => {
-            expect(security.checkRateLimit('client-a')).toBe(true)
-        })
-
-        it('should allow up to maxExecutionsPerMinute', () => {
-            const mgr = new CodeModeSecurityManager({ maxExecutionsPerMinute: 3 })
-            expect(mgr.checkRateLimit('client-b')).toBe(true)
-            expect(mgr.checkRateLimit('client-b')).toBe(true)
-            expect(mgr.checkRateLimit('client-b')).toBe(true)
-            // 4th should be denied
-            expect(mgr.checkRateLimit('client-b')).toBe(false)
-        })
-
-        it('should track clients independently', () => {
-            const mgr = new CodeModeSecurityManager({ maxExecutionsPerMinute: 1 })
-            expect(mgr.checkRateLimit('client-x')).toBe(true)
-            expect(mgr.checkRateLimit('client-x')).toBe(false)
-            // Different client should still be allowed
-            expect(mgr.checkRateLimit('client-y')).toBe(true)
-        })
-
-        it('should reset after window expires', () => {
-            const mgr = new CodeModeSecurityManager({ maxExecutionsPerMinute: 1 })
-            expect(mgr.checkRateLimit('client-z')).toBe(true)
-            expect(mgr.checkRateLimit('client-z')).toBe(false)
-
-            // Simulate window expiry by cleaning up (entry will be stale next check)
-            mgr.cleanupRateLimits()
-            // The cleanup only removes entries past resetTime — not enough time has passed
-            // But the state should still be consistent
-            expect(mgr.checkRateLimit('client-z')).toBe(false)
-        })
-    })
-
-    describe('cleanupRateLimits', () => {
-        it('should not throw when empty', () => {
-            expect(() => security.cleanupRateLimits()).not.toThrow()
-        })
-
-        it('should remove expired entries', () => {
-            // Add an entry, then cleanup — entry should still be present (not expired yet)
-            security.checkRateLimit('cleanup-test')
-            security.cleanupRateLimits()
-            // The entry should still exist since it hasn't expired
-            expect(security.checkRateLimit('cleanup-test')).toBe(true)
-        })
-    })
-
-    // =========================================================================
-    // Result Size Validation
-    // =========================================================================
-
-    describe('validateResultSize', () => {
-        it('should accept small results', () => {
-            const result = security.validateResultSize({ data: 'hello' })
-            expect(result.valid).toBe(true)
-        })
-
-        it('should reject oversized results', () => {
-            const mgr = new CodeModeSecurityManager({ maxResultSize: 100 })
-            const largeData = { data: 'x'.repeat(200) }
-            const result = mgr.validateResultSize(largeData)
-            expect(result.valid).toBe(false)
-            expect(result.errors[0]).toContain('maximum size')
-        })
-
-        it('should reject non-serializable results', () => {
-            const circular: Record<string, unknown> = {}
-            circular['self'] = circular
-            const result = security.validateResultSize(circular)
-            expect(result.valid).toBe(false)
-            expect(result.errors[0]).toContain('serialized')
-        })
-    })
-
-    // =========================================================================
-    // Config Access
-    // =========================================================================
-
-    describe('getConfig', () => {
-        it('should return default config', () => {
-            const config = security.getConfig()
-            expect(config.maxCodeLength).toBe(DEFAULT_SECURITY_CONFIG.maxCodeLength)
-            expect(config.maxExecutionsPerMinute).toBe(
-                DEFAULT_SECURITY_CONFIG.maxExecutionsPerMinute
-            )
-            expect(config.maxResultSize).toBe(DEFAULT_SECURITY_CONFIG.maxResultSize)
-            expect(config.blockedPatterns.length).toBeGreaterThan(0)
-        })
-
-        it('should reflect custom config', () => {
-            const mgr = new CodeModeSecurityManager({ maxCodeLength: 999 })
-            expect(mgr.getConfig().maxCodeLength).toBe(999)
-        })
-    })
-})

package/tests/codemode/worker-sandbox.test.ts

@@ -1,106 +0,0 @@
-import { describe, it, expect, beforeAll, afterAll } from 'vitest'
-import { execSync } from 'node:child_process'
-import * as fs from 'node:fs'
-import * as path from 'node:path'
-import { WorkerSandbox, WorkerSandboxPool } from '../../src/codemode/index.js'
-
-const workerScriptSrc = path.join(__dirname, '../../src/codemode/worker-script.ts')
-const workerScriptJs = path.join(__dirname, '../../src/codemode/worker-script.js')
-
-beforeAll(() => {
-    // Compile worker-script.ts to .js specifically for test execution
-    // worker_threads cannot run .ts files directly in this vitest setup
-    if (!fs.existsSync(workerScriptJs)) {
-        execSync(
-            `npx esbuild ${workerScriptSrc} --bundle --platform=node --format=esm --outfile=${workerScriptJs}`
-        )
-    }
-})
-
-afterAll(() => {
-    // Cleanup generated JS file
-    if (fs.existsSync(workerScriptJs)) {
-        fs.unlinkSync(workerScriptJs)
-    }
-})
-
-describe('WorkerSandbox', () => {
-    it('should execute basic code successfully', async () => {
-        const sandbox = new WorkerSandbox()
-        const result = await sandbox.execute('return 42', {})
-        expect(result.success).toBe(true)
-        expect(result.result).toBe(42)
-        expect(result.metrics).toBeDefined()
-    })
-
-    it('should call api bindings correctly', async () => {
-        const sandbox = new WorkerSandbox()
-        const bindings = {
-            core: {
-                testFunc: async (x: number) => x * 2,
-            },
-        }
-        const code = 'return await mj.core.testFunc(21)'
-        const result = await sandbox.execute(code, bindings)
-        expect(result.success).toBe(true)
-        expect(result.result).toBe(42)
-    })
-
-    it('should handle top-level bindings correctly', async () => {
-        const sandbox = new WorkerSandbox()
-        const bindings = {
-            testFunc: async (x: number) => x * 3,
-        }
-        const code = 'return await mj.testFunc(14)'
-        const result = await sandbox.execute(code, bindings)
-        expect(result.success).toBe(true)
-        expect(result.result).toBe(42)
-    })
-
-    it('should enforce timeout limiting', async () => {
-        // Provide a very short timeout
-        const sandbox = new WorkerSandbox({ timeoutMs: 50 })
-        const code = `
-            while(true) {
-                // Infinite loop
-            }
-        `
-        const result = await sandbox.execute(code, {})
-        expect(result.success).toBe(false)
-        expect(result.error).toContain('timed out')
-    })
-
-    it('should catch synchronous syntax errors or throw', async () => {
-        const sandbox = new WorkerSandbox()
-        const result = await sandbox.execute('throw new Error("test abort")', {})
-        expect(result.success).toBe(false)
-        expect(result.error).toContain('test abort')
-    })
-})
-
-describe('WorkerSandboxPool', () => {
-    it('should create and execute using pool', async () => {
-        const pool = new WorkerSandboxPool({}, { maxInstances: 2 })
-        const result = await pool.execute('return "pooled"', {})
-        expect(result.success).toBe(true)
-        expect(result.result).toBe('pooled')
-        expect(pool.getActiveCount()).toBe(0)
-    })
-
-    it('should enforce max instances exhaustion', async () => {
-        const pool = new WorkerSandboxPool({}, { maxInstances: 1 })
-
-        // Start one long-running execution that won't finish immediately
-        const slowCode = 'await new Promise(r => setTimeout(r, 200)); return 1;'
-        const exec1 = pool.execute(slowCode, {}).catch((e) => null)
-
-        // Pool is now at 1/1 active count
-        // Attempting a second execution should fail immediately with an exhausted error
-        const result2 = await pool.execute('return 2', {})
-        expect(result2.success).toBe(false)
-        expect(result2.error).toContain('Sandbox pool exhausted')
-
-        await exec1 // wait for the first to finish
-        expect(pool.getActiveCount()).toBe(0)
-    })
-})

package/tests/constants/icons.test.ts

@@ -1,101 +0,0 @@
-/**
- * Icons Tests
- *
- * Tests icon constants and getToolIcon function.
- */
-
-import { describe, it, expect } from 'vitest'
-import {
-    ICON_CORE,
-    ICON_SEARCH,
-    ICON_ANALYTICS,
-    ICON_RELATIONSHIPS,
-    ICON_EXPORT,
-    ICON_ADMIN,
-    ICON_GITHUB,
-    ICON_BACKUP,
-    ICON_BRIEFING,
-    ICON_CLOCK,
-    ICON_TAG,
-    ICON_STAR,
-    ICON_ISSUE,
-    ICON_PR,
-    ICON_PROMPT,
-    getToolIcon,
-} from '../../src/constants/icons.js'
-
-// ============================================================================
-// Tool Group Icons
-// ============================================================================
-
-describe('Tool group icons', () => {
-    const toolIcons = [
-        { name: 'ICON_CORE', icon: ICON_CORE },
-        { name: 'ICON_SEARCH', icon: ICON_SEARCH },
-        { name: 'ICON_ANALYTICS', icon: ICON_ANALYTICS },
-        { name: 'ICON_RELATIONSHIPS', icon: ICON_RELATIONSHIPS },
-        { name: 'ICON_EXPORT', icon: ICON_EXPORT },
-        { name: 'ICON_ADMIN', icon: ICON_ADMIN },
-        { name: 'ICON_GITHUB', icon: ICON_GITHUB },
-        { name: 'ICON_BACKUP', icon: ICON_BACKUP },
-    ]
-
-    it.each(toolIcons)('$name should have valid SVG data URI', ({ icon }) => {
-        expect(icon.src).toMatch(/^data:image\/svg\+xml/)
-        expect(icon.mimeType).toBe('image/svg+xml')
-        expect(icon.sizes).toContain('24x24')
-    })
-})
-
-// ============================================================================
-// Resource Icons
-// ============================================================================
-
-describe('Resource icons', () => {
-    const resourceIcons = [
-        { name: 'ICON_BRIEFING', icon: ICON_BRIEFING },
-        { name: 'ICON_CLOCK', icon: ICON_CLOCK },
-        { name: 'ICON_TAG', icon: ICON_TAG },
-
-        { name: 'ICON_STAR', icon: ICON_STAR },
-        { name: 'ICON_ISSUE', icon: ICON_ISSUE },
-        { name: 'ICON_PR', icon: ICON_PR },
-        { name: 'ICON_PROMPT', icon: ICON_PROMPT },
-    ]
-
-    it.each(resourceIcons)('$name should have valid SVG data URI', ({ icon }) => {
-        expect(icon.src).toMatch(/^data:image\/svg\+xml/)
-        expect(icon.mimeType).toBe('image/svg+xml')
-        expect(icon.sizes).toContain('24x24')
-    })
-})
-
-// ============================================================================
-// getToolIcon
-// ============================================================================
-
-describe('getToolIcon', () => {
-    it('should return icon array for valid groups', () => {
-        const groups = [
-            'core',
-            'search',
-            'analytics',
-            'relationships',
-            'export',
-            'admin',
-            'github',
-            'backup',
-        ]
-
-        for (const group of groups) {
-            const icons = getToolIcon(group)
-            expect(icons).toBeDefined()
-            expect(Array.isArray(icons)).toBe(true)
-            expect(icons!.length).toBeGreaterThan(0)
-        }
-    })
-
-    it('should return undefined for unknown group', () => {
-        expect(getToolIcon('nonexistent')).toBeUndefined()
-    })
-})