memory-journal-mcp 6.1.2 → 6.2.1

package/tests/database/tags.test.ts

@@ -1,134 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
-import Database from 'better-sqlite3'
-import { NativeConnectionManager } from '../../src/database/sqlite-adapter/native-connection.js'
-import { TagsManager } from '../../src/database/sqlite-adapter/tags.js'
-
-vi.mock('../../src/utils/logger.js', () => ({
-    logger: { info: vi.fn(), warning: vi.fn(), error: vi.fn(), debug: vi.fn() },
-}))
-
-function createTagsManager(): { conn: NativeConnectionManager; manager: TagsManager } {
-    const conn = new NativeConnectionManager(':memory:')
-    const db = new Database(':memory:')
-
-    db.exec(`
-        CREATE TABLE IF NOT EXISTS memory_journal (
-            id INTEGER PRIMARY KEY AUTOINCREMENT
-        );
-        CREATE TABLE IF NOT EXISTS tags (
-            id INTEGER PRIMARY KEY AUTOINCREMENT,
-            name TEXT UNIQUE NOT NULL,
-            usage_count INTEGER DEFAULT 0
-        );
-        CREATE TABLE IF NOT EXISTS entry_tags (
-            entry_id INTEGER NOT NULL,
-            tag_id INTEGER NOT NULL,
-            PRIMARY KEY(entry_id, tag_id)
-        );
-    `)
-
-    Object.assign(conn, { db, initialized: true })
-    const manager = new TagsManager(conn)
-    return { conn, manager }
-}
-
-describe('TagsManager', () => {
-    let conn: NativeConnectionManager
-    let manager: TagsManager
-
-    beforeEach(() => {
-        vi.clearAllMocks()
-        const setup = createTagsManager()
-        conn = setup.conn
-        manager = setup.manager
-    })
-
-    afterEach(() => {
-        conn.close()
-    })
-
-    it('should link tags to entry', () => {
-        const db = conn.getRawDb() as Database
-        db.prepare('INSERT INTO memory_journal (id) VALUES (1)').run()
-
-        manager.linkTagsToEntry(1, ['tag1', 'tag2'])
-
-        const tags = manager.getTagsForEntry(1)
-        expect(tags).toContain('tag1')
-        expect(tags).toContain('tag2')
-    })
-
-    it('should ignore linking zero tags', () => {
-        expect(() => manager.linkTagsToEntry(1, [])).not.toThrow()
-    })
-
-    it('should support batch retrieval', () => {
-        const db = conn.getRawDb() as Database
-        db.prepare('INSERT INTO memory_journal (id) VALUES (1)').run()
-        db.prepare('INSERT INTO memory_journal (id) VALUES (2)').run()
-
-        manager.linkTagsToEntry(1, ['tag1'])
-        manager.linkTagsToEntry(2, ['tag1', 'tag2'])
-
-        const map = manager.batchGetTagsForEntries([1, 2])
-        expect(map.get(1)).toContain('tag1')
-        expect(map.get(2)).toContain('tag2')
-    })
-
-    it('should support empty array batch get', () => {
-        const map = manager.batchGetTagsForEntries([])
-        expect(map.size).toBe(0)
-    })
-
-    it('should list tags ordered by usage', () => {
-        const db = conn.getRawDb() as Database
-        db.prepare('INSERT INTO memory_journal (id) VALUES (1)').run()
-        manager.linkTagsToEntry(1, ['tag1', 'tag2'])
-
-        const tags = manager.listTags()
-        expect(tags.length).toBe(2)
-        expect(tags[0]!.name).toBeDefined()
-        expect(tags[0]!.usageCount).toBe(1)
-    })
-
-    it('should merge tags properly', () => {
-        const db = conn.getRawDb() as Database
-        db.prepare('INSERT INTO memory_journal (id) VALUES (1)').run()
-        manager.linkTagsToEntry(1, ['sourceTag'])
-
-        const result = manager.mergeTags('sourceTag', 'targetTag')
-        expect(result.entriesUpdated).toBe(1)
-        expect(result.sourceDeleted).toBe(true)
-
-        const tags = manager.getTagsForEntry(1)
-        expect(tags).not.toContain('sourceTag')
-        expect(tags).toContain('targetTag')
-    })
-
-    it('should merge tags when target already has it but ignore duplicates', () => {
-        const db = conn.getRawDb() as Database
-        db.prepare('INSERT INTO memory_journal (id) VALUES (1)').run()
-        db.prepare('INSERT INTO memory_journal (id) VALUES (2)').run()
-
-        manager.linkTagsToEntry(1, ['sourceTag', 'targetTag'])
-        manager.linkTagsToEntry(2, ['sourceTag'])
-
-        const result = manager.mergeTags('sourceTag', 'targetTag')
-        expect(result.entriesUpdated).toBe(1) // only entry 2 updated
-        expect(manager.getTagsForEntry(1)).toContain('targetTag')
-        expect(manager.getTagsForEntry(2)).toContain('targetTag')
-    })
-
-    it('should handle merge when target tag does not exist yet', () => {
-        const db = conn.getRawDb() as Database
-        db.prepare('INSERT INTO memory_journal (id) VALUES (1)').run()
-        manager.linkTagsToEntry(1, ['sourceTag'])
-
-        manager.mergeTags('sourceTag', 'newTargetTag')
-        expect(manager.getTagsForEntry(1)).toContain('newTargetTag')
-    })
-
-    it('should throw on merging a non-existent tag', () => {
-        expect(() => manager.mergeTags('ghostTag', 'targetTag')).toThrow(/not found/i)
-    })
-})

package/tests/e2e/README.md

@@ -1,39 +0,0 @@
-# Memory Journal MCP - Playwright Suite (E2E)
-
-> **⚠️ AI AGENT INSTRUCTIONS:** Read these rules before creating, modifying, or running tests in this directory.
-
-## 📌 Framework & Purpose
-
-- **Framework:** Playwright (`playwright.config.ts`)
-- **Purpose:** End-to-End (E2E) protocol, transport, and integration parity testing.
-- **Focus:** HTTP/SSE transport, sessions, CORS, security headers, rate limiting, stateless mode, and automated schedulers.
-- **Database:** Uses a dedicated isolated test DB (`.test-output/e2e/test-e2e.db`).
-
-## 🚨 AI Agent Testing Rules
-
-### 1. Scope of E2E Tests
-
-- **DO NOT** write tests here to verify core handler logic (e.g., does `create_entry` work in SQLite?). That belongs in the Vitest suite (`tests/README.md`).
-- **DO** write tests here to ensure the complete HTTP system correctly negotiates protocols, streams SSE events, handles standard MCP payloads, manages stateless instances, or evaluates server-level behaviors.
-
-### 2. Execution Protocol
-
-- Run via npm scripts: `npm run test:e2e`
-- For targeted test files: `npx playwright test tests/e2e/your-file.spec.ts`
-- Playwright automatically handles spinning up the development server via the `webServer` config in `playwright.config.ts`.
-- Check output carefully to verify that the server started successfully before tests executed.
-
-### 3. File Naming & Structure
-
-- Naming convention: `<feature>.spec.ts` (e.g., `payloads-admin.spec.ts`, `health.spec.ts`, `streaming.spec.ts`).
-- **Never** use PascalCase or camelCase. Use `kebab-case`.
-- Helper functions belong in `tests/e2e/helpers.ts`. Do not duplicate initialization and HTTP request logic across tests. Use the provided helpers for MCP handshakes, session initialization, and request execution.
-
-### 4. Flakiness & Determinism
-
-- Do not rely on fixed `setTimeout()` unless absolutely necessary. Rely on Playwright's auto-retry assertions (e.g., `expect.poll`).
-- Tests should clean up their state or be isolated from one another. Wait for scheduled intervals to conclude securely or manage time appropriately.
-
----
-
-_For a complete code map and directory breakdown, see `test-server/code-map.md`._

package/tests/e2e/auth.spec.ts

@@ -1,106 +0,0 @@
-/**
- * E2E Tests: Bearer Token Authentication
- *
- * Tests the --auth-token middleware. Uses a test-local server
- * on port 3101 to avoid conflicting with the main webServer.
- */
-
-import { test, expect } from '@playwright/test'
-import { startServer, stopServer } from './helpers.js'
-
-const AUTH_TOKEN = 'test-secret-token-e2e'
-const AUTH_PORT = 3101
-const AUTH_BASE = `http://localhost:${AUTH_PORT}`
-
-test.describe('Bearer Token Authentication', () => {
-    test.beforeAll(async () => {
-        await startServer(AUTH_PORT, ['--auth-token', AUTH_TOKEN], 'auth')
-    })
-
-    test.afterAll(() => {
-        stopServer(AUTH_PORT)
-    })
-
-    test('/health should be accessible without token (exempt)', async () => {
-        const response = await fetch(`${AUTH_BASE}/health`)
-        expect(response.status).toBe(200)
-
-        const body = await response.json()
-        expect(body).toHaveProperty('status', 'healthy')
-    })
-
-    test('POST /mcp should return 401 without Authorization header', async () => {
-        const response = await fetch(`${AUTH_BASE}/mcp`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                Accept: 'application/json, text/event-stream',
-            },
-            body: JSON.stringify({
-                jsonrpc: '2.0',
-                id: 1,
-                method: 'initialize',
-                params: {
-                    protocolVersion: '2025-03-26',
-                    capabilities: {},
-                    clientInfo: { name: 'test', version: '1.0' },
-                },
-            }),
-        })
-
-        expect(response.status).toBe(401)
-        const body = await response.json()
-        expect(body).toHaveProperty('error', 'Unauthorized')
-    })
-
-    test('POST /mcp should return 401 with wrong token', async () => {
-        const response = await fetch(`${AUTH_BASE}/mcp`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                Accept: 'application/json, text/event-stream',
-                Authorization: 'Bearer wrong-token',
-            },
-            body: JSON.stringify({
-                jsonrpc: '2.0',
-                id: 1,
-                method: 'initialize',
-                params: {
-                    protocolVersion: '2025-03-26',
-                    capabilities: {},
-                    clientInfo: { name: 'test', version: '1.0' },
-                },
-            }),
-        })
-
-        expect(response.status).toBe(401)
-    })
-
-    test('POST /mcp should succeed with correct Bearer token', async () => {
-        const response = await fetch(`${AUTH_BASE}/mcp`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                Accept: 'application/json, text/event-stream',
-                Authorization: `Bearer ${AUTH_TOKEN}`,
-            },
-            body: JSON.stringify({
-                jsonrpc: '2.0',
-                id: 1,
-                method: 'initialize',
-                params: {
-                    protocolVersion: '2025-03-26',
-                    capabilities: {},
-                    clientInfo: { name: 'test', version: '1.0' },
-                },
-            }),
-        })
-
-        expect(response.status).toBe(200)
-    })
-
-    test('GET / should return 401 without token', async () => {
-        const response = await fetch(`${AUTH_BASE}/`)
-        expect(response.status).toBe(401)
-    })
-})

package/tests/e2e/codemode-abuse.spec.ts

@@ -1,75 +0,0 @@
-/**
- * E2E Tests: Code Mode Abuse & Timeouts
- *
- * Tests the worker sandbox's ability to terminate hung operations
- * (infinite loops, unresolving promises) without affecting the
- * HTTP transport layer or crashing the server.
- */
-
-import { test, expect } from '@playwright/test'
-import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { createClient } from './helpers.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('Payload Contracts: Code Mode Abuse', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        client = await createClient()
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('mj_execute_code with infinite loop aborts via timeout instead of hanging HTTP', async () => {
-        const response = await client.callTool({
-            name: 'mj_execute_code',
-            arguments: {
-                code: 'while(true) {}',
-                timeout: 50, // Very sharp timeout for the test
-            },
-        })
-
-        expect(Array.isArray(response.content)).toBe(true)
-        const payload = JSON.parse((response.content as Array<{ text: string }>)[0]!.text)
-
-        expect(payload.success).toBe(false)
-        expect(payload.error).toContain('timed out')
-    })
-
-    test('mj_execute_code with unresolving promise aborts via timeout', async () => {
-        const response = await client.callTool({
-            name: 'mj_execute_code',
-            arguments: {
-                code: 'await new Promise(() => {})', // Never resolves
-                timeout: 50,
-            },
-        })
-
-        expect(Array.isArray(response.content)).toBe(true)
-        const payload = JSON.parse((response.content as Array<{ text: string }>)[0]!.text)
-
-        expect(payload.success).toBe(false)
-        // Unresolving promise causes worker exit (code 1) rather than the named timeout path
-        const isTimeoutError = /timed out|Worker exited/i.test(String(payload.error))
-        expect(isTimeoutError).toBe(true)
-    })
-
-    test('server handles subsequent valid Code Mode requests normally after worker drop', async () => {
-        // This proves the transport stays up and worker pool recovers
-        const response = await client.callTool({
-            name: 'mj_execute_code',
-            arguments: {
-                code: 'return 1 + 1', // Must use return; code is wrapped in (async () => { ${code} })()
-            },
-        })
-
-        expect(Array.isArray(response.content)).toBe(true)
-        const payload = JSON.parse((response.content as Array<{ text: string }>)[0]!.text)
-
-        expect(payload.success).toBe(true)
-        expect(payload.result).toBe(2)
-    })
-})

package/tests/e2e/health.spec.ts

@@ -1,63 +0,0 @@
-/**
- * E2E Tests: Health & Root Info
- *
- * Verifies the HTTP server's health check and root info endpoints
- * return correct responses with expected structure.
- */
-
-import { test, expect } from '@playwright/test'
-
-test.describe('Health & Root Info', () => {
-    test('should return 200 OK from /health endpoint', async ({ request }) => {
-        const response = await request.get('/health')
-        expect(response.status()).toBe(200)
-
-        const body = await response.json()
-        expect(body).toHaveProperty('status', 'healthy')
-        expect(body).toHaveProperty('timestamp')
-        // Timestamp should be a valid ISO string
-        expect(new Date(body.timestamp).toISOString()).toBe(body.timestamp)
-    })
-
-    test('should return server metadata on GET /', async ({ request }) => {
-        const response = await request.get('/')
-        expect(response.status()).toBe(200)
-
-        const body = await response.json()
-        expect(body).toHaveProperty('name', 'memory-journal-mcp')
-        expect(body).toHaveProperty('version')
-        expect(body).toHaveProperty('description')
-        expect(body).toHaveProperty('endpoints')
-        expect(body.endpoints).toHaveProperty('POST /mcp')
-        expect(body.endpoints).toHaveProperty('GET /sse')
-        expect(body.endpoints).toHaveProperty('GET /health')
-    })
-
-    test('should accept MCP initialization request on /mcp', async ({ request }) => {
-        const response = await request.post('/mcp', {
-            headers: {
-                Accept: 'application/json, text/event-stream',
-            },
-            data: {
-                jsonrpc: '2.0',
-                id: 1,
-                method: 'initialize',
-                params: {
-                    protocolVersion: '2025-03-26',
-                    capabilities: {},
-                    clientInfo: {
-                        name: 'playwright-test',
-                        version: '1.0.0',
-                    },
-                },
-            },
-        })
-
-        expect(response.status()).toBe(200)
-        // Session ID should be returned in response headers
-        const sessionId = response.headers()['mcp-session-id']
-        expect(sessionId).toBeDefined()
-        expect(typeof sessionId).toBe('string')
-        expect(sessionId!.length).toBeGreaterThan(0)
-    })
-})

package/tests/e2e/helpers.ts

@@ -1,139 +0,0 @@
-/**
- * Shared E2E test helpers for payload contract tests.
- *
- * Provides:
- * - createClient() — Streamable HTTP client factory
- * - callToolAndParse() — call tool + parse JSON response
- * - expectSuccess() — assert payload is not a structured error
- * - startServer() / stopServer() — managed child-process server lifecycle
- */
-
-import { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js'
-import { expect } from '@playwright/test'
-import { type ChildProcess, spawn } from 'node:child_process'
-import { setTimeout as delay } from 'node:timers/promises'
-import { join } from 'node:path'
-
-/**
- * Create and connect a Streamable HTTP MCP client.
- * Caller is responsible for calling client.close() in afterAll.
- */
-export async function createClient(port = 3100): Promise<Client> {
-    const transport = new StreamableHTTPClientTransport(new URL(`http://localhost:${port}/mcp`))
-    const client = new Client(
-        { name: 'payload-contract-test', version: '1.0.0' },
-        { capabilities: {} }
-    )
-    await client.connect(transport)
-    return client
-}
-
-/**
- * Call a tool and parse the JSON text response into a typed object.
- * Asserts the response has text content and returns the parsed payload.
- */
-export async function callToolAndParse(
-    client: Client,
-    toolName: string,
-    args: Record<string, unknown>
-): Promise<Record<string, unknown>> {
-    const response = await client.callTool({ name: toolName, arguments: args })
-
-    expect(response.isError).toBeUndefined()
-    expect(Array.isArray(response.content)).toBe(true)
-
-    const content = response.content as Array<{ type: string; text?: string }>
-    expect(content.length).toBeGreaterThan(0)
-
-    const first = content[0]!
-    expect(first.type).toBe('text')
-
-    return JSON.parse(first.text!) as Record<string, unknown>
-}
-
-/**
- * Assert that a parsed payload is NOT a structured error.
- * Throws a descriptive error if the tool returned { success: false, error: "..." }.
- */
-export function expectSuccess(payload: Record<string, unknown>): void {
-    if (payload.success === false) {
-        throw new Error(`Tool returned error: ${JSON.stringify(payload.error)}`)
-    }
-}
-
-// =============================================================================
-// Server Process Management
-// =============================================================================
-
-interface ManagedServer {
-    process: ChildProcess
-    port: number
-}
-
-const managedServers = new Map<number, ManagedServer>()
-
-/**
- * Start an MCP server as a child process with custom CLI args.
- * Waits for /health to become reachable before returning.
- *
- * @param port - Port to start the server on
- * @param args - Additional CLI args (e.g., ['--stateless', '--auth-token', 'secret'])
- * @param dbSuffix - Database file suffix to avoid collisions (default: port number)
- */
-export async function startServer(
-    port: number,
-    args: string[] = [],
-    dbSuffix?: string,
-    options?: { cwd?: string }
-): Promise<void> {
-    const suffix = dbSuffix ?? String(port)
-    const serverProcess = spawn(
-        'node',
-        [
-            join(process.cwd(), 'dist/cli.js'),
-            '--transport',
-            'http',
-            '--port',
-            String(port),
-            '--db',
-            join(process.cwd(), '.test-output', 'e2e', `test-e2e-${suffix}.db`),
-            ...args,
-        ],
-        {
-            cwd: options?.cwd ?? process.cwd(),
-            stdio: 'pipe',
-            env: {
-                ...process.env,
-                MCP_RATE_LIMIT_MAX: args.some((a) => a === '--rate-limit-max')
-                    ? undefined
-                    : '10000',
-            },
-        }
-    )
-
-    managedServers.set(port, { process: serverProcess, port })
-
-    const maxAttempts = 30
-    for (let i = 0; i < maxAttempts; i++) {
-        try {
-            const res = await fetch(`http://localhost:${port}/health`)
-            if (res.ok) return
-        } catch {
-            // Server not ready yet
-        }
-        await delay(500)
-    }
-    throw new Error(`Server on port ${port} did not start within timeout`)
-}
-
-/**
- * Stop a managed server by port number.
- */
-export function stopServer(port: number): void {
-    const server = managedServers.get(port)
-    if (server) {
-        server.process.kill('SIGTERM')
-        managedServers.delete(port)
-    }
-}

package/tests/e2e/oauth-discovery.spec.ts

@@ -1,102 +0,0 @@
-/**
- * E2E Tests: OAuth 2.1 Discovery Endpoint
- *
- * Tests the RFC 9728 Protected Resource Metadata endpoint
- * (/.well-known/oauth-protected-resource) behavior with
- * and without OAuth enabled.
- */
-
-import { test, expect } from '@playwright/test'
-import { startServer, stopServer } from './helpers.js'
-
-const OAUTH_PORT = 3105
-
-test.describe('OAuth 2.1 Discovery', () => {
-    test.describe('Without OAuth enabled (default)', () => {
-        test('/.well-known/oauth-protected-resource should return 404', async ({ request }) => {
-            // Default webServer on port 3100 does not have OAuth enabled
-            const response = await request.get('/.well-known/oauth-protected-resource')
-
-            // Without OAuth, the endpoint should not be registered
-            expect(response.status()).toBe(404)
-        })
-    })
-
-    test.describe('With OAuth enabled', () => {
-        test.beforeAll(async () => {
-            await startServer(
-                OAUTH_PORT,
-                [
-                    '--oauth-enabled',
-                    '--oauth-issuer',
-                    'https://auth.example.com/realms/test',
-                    '--oauth-audience',
-                    'memory-journal-mcp',
-                ],
-                'oauth'
-            )
-        })
-
-        test.afterAll(() => {
-            stopServer(OAUTH_PORT)
-        })
-
-        test('/.well-known/oauth-protected-resource should return RFC 9728 metadata', async () => {
-            const response = await fetch(
-                `http://localhost:${OAUTH_PORT}/.well-known/oauth-protected-resource`
-            )
-
-            expect(response.status).toBe(200)
-            const body = await response.json()
-
-            // RFC 9728 required fields
-            expect(body).toHaveProperty('resource')
-            expect(body).toHaveProperty('authorization_servers')
-            expect(Array.isArray(body.authorization_servers)).toBe(true)
-            expect(body.authorization_servers.length).toBeGreaterThan(0)
-
-            // Should include the issuer we configured
-            expect(body.authorization_servers).toContain('https://auth.example.com/realms/test')
-        })
-
-        test('/.well-known/oauth-protected-resource should include scopes', async () => {
-            const response = await fetch(
-                `http://localhost:${OAUTH_PORT}/.well-known/oauth-protected-resource`
-            )
-
-            const body = await response.json()
-            expect(body).toHaveProperty('scopes_supported')
-            expect(Array.isArray(body.scopes_supported)).toBe(true)
-
-            // Should include the 3 scope levels
-            const scopes = body.scopes_supported as string[]
-            expect(scopes).toContain('read')
-            expect(scopes).toContain('write')
-            expect(scopes).toContain('admin')
-        })
-
-        test('MCP endpoints should require authentication with OAuth enabled', async () => {
-            // POST to /mcp without a token should be rejected
-            const response = await fetch(`http://localhost:${OAUTH_PORT}/mcp`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    Accept: 'application/json, text/event-stream',
-                },
-                body: JSON.stringify({
-                    jsonrpc: '2.0',
-                    id: 1,
-                    method: 'initialize',
-                    params: {
-                        protocolVersion: '2025-03-26',
-                        capabilities: {},
-                        clientInfo: { name: 'oauth-test', version: '1.0' },
-                    },
-                }),
-            })
-
-            // Should be 401 (unauthorized) since no valid JWT is provided
-            expect(response.status).toBe(401)
-        })
-    })
-})