memory-journal-mcp 6.1.2 → 6.2.1

package/tests/e2e/oauth-scopes.spec.ts

@@ -1,222 +0,0 @@
-/**
- * E2E Tests: OAuth 2.1 Scope Enforcement
- *
- * Verifies that the HTTP middleware enforces RFC 8414/9728 scope logic
- * per tool group before requests reach the MCP handler.
- *
- * read:  get_recent_entries (core group)
- * write: get_github_issues  (github group)
- * admin: rebuild_vector_index (admin group)
- */
-
-import { test, expect } from '@playwright/test'
-import { spawn, type ChildProcess } from 'node:child_process'
-import { setTimeout as delay } from 'node:timers/promises'
-import * as jose from 'jose'
-import express from 'express'
-import type { Server } from 'node:http'
-
-const OAUTH_SCOPES_PORT = 3113
-const JWKS_PORT = 3114
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('OAuth 2.1 Scope Enforcement E2E', () => {
-    let serverProcess: ChildProcess
-    let jwksServer: Server
-    let privateKey: jose.KeyLike
-    let publicKey: jose.KeyLike
-
-    // JWTs
-    let readToken: string
-    let writeToken: string
-    let adminToken: string
-
-    // To gracefully exit HTTP servers
-    const closeServer = (server: Server) =>
-        new Promise<void>((resolve) => server.close(() => resolve()))
-
-    test.beforeAll(async () => {
-        // 1. Generate local keypair
-        const keypair = await jose.generateKeyPair('RS256')
-        privateKey = keypair.privateKey
-        publicKey = keypair.publicKey
-
-        const jwk = await jose.exportJWK(publicKey)
-        jwk.kid = 'test-kid-1'
-        jwk.use = 'sig'
-        jwk.alg = 'RS256'
-
-        // 2. Start mock JWKS HTTP server
-        const app = express()
-        app.get('/jwks', (req, res) => {
-            res.json({ keys: [jwk] })
-        })
-        await new Promise<void>((resolve) => {
-            jwksServer = app.listen(JWKS_PORT, () => resolve())
-        })
-
-        // 3. Generate tokens
-        const issuer = 'https://auth.example.com/mock'
-        const audience = 'memory-journal-mcp'
-
-        const makeToken = async (scope: string) => {
-            return await new jose.SignJWT({ scope })
-                .setProtectedHeader({ alg: 'RS256', kid: 'test-kid-1' })
-                .setIssuedAt()
-                .setIssuer(issuer)
-                .setAudience(audience)
-                .setExpirationTime('1h')
-                .sign(privateKey)
-        }
-
-        readToken = await makeToken('read')
-        writeToken = await makeToken('read write') // Usually inclusive
-        adminToken = await makeToken('admin read write') // Admin includes all
-
-        // 4. Start MCP Server with OAuth enabled
-        serverProcess = spawn(
-            'node',
-            [
-                'dist/cli.js',
-                '--transport',
-                'http',
-                '--port',
-                String(OAUTH_SCOPES_PORT),
-                '--db',
-                './.test-output/e2e/test-oauth-scopes.db',
-                '--oauth-enabled',
-                '--oauth-issuer',
-                issuer,
-                '--oauth-audience',
-                audience,
-                '--oauth-jwks-uri',
-                `http://localhost:${JWKS_PORT}/jwks`,
-            ],
-            {
-                cwd: process.cwd(),
-                stdio: 'pipe',
-                env: { ...process.env, MCP_RATE_LIMIT_MAX: '10000' },
-            }
-        )
-
-        for (let i = 0; i < 30; i++) {
-            try {
-                const res = await fetch(`http://localhost:${OAUTH_SCOPES_PORT}/health`)
-                if (res.ok) break
-            } catch {}
-            await delay(500)
-        }
-    })
-
-    test.afterAll(async () => {
-        if (serverProcess) {
-            serverProcess.kill('SIGTERM')
-        }
-        if (jwksServer) {
-            await closeServer(jwksServer)
-        }
-    })
-
-    /**
-     * Execute a tool call directly against the MCP endpoint.
-     *
-     * For scope-denied cases (expectSuccess=false): a bare tools/call POST with no
-     * session hits the scope middleware BEFORE session validation → 403.
-     *
-     * For scope-allowed cases (expectSuccess=true): performs a full session handshake
-     * (initialize → mcp-session-id → tools/call) so the MCP handler receives a
-     * valid request and returns 200.
-     */
-    async function executeToolDirectly(
-        token: string,
-        tool: string,
-        args: Record<string, unknown>,
-        expectSuccess: boolean
-    ) {
-        const base = `http://localhost:${OAUTH_SCOPES_PORT}/mcp`
-        const headers = {
-            'Content-Type': 'application/json',
-            Accept: 'application/json, text/event-stream',
-            Authorization: `Bearer ${token}`,
-        }
-
-        if (!expectSuccess) {
-            // Scope middleware fires before session check → expect 403 immediately
-            const res = await fetch(base, {
-                method: 'POST',
-                headers,
-                body: JSON.stringify({
-                    jsonrpc: '2.0',
-                    id: Math.floor(Math.random() * 10000),
-                    method: 'tools/call',
-                    params: { name: tool, arguments: args },
-                }),
-            })
-            expect(res.status).toBe(403)
-            const body = (await res.json()) as Record<string, unknown>
-            expect(body.error).toBe('insufficient_scope')
-            return
-        }
-
-        // Success path: need a valid session (stateful server)
-        const initRes = await fetch(base, {
-            method: 'POST',
-            headers,
-            body: JSON.stringify({
-                jsonrpc: '2.0',
-                id: 1,
-                method: 'initialize',
-                params: {
-                    protocolVersion: '2025-03-26',
-                    capabilities: {},
-                    clientInfo: { name: 'test-client', version: '1.0' },
-                },
-            }),
-        })
-        expect(initRes.status).toBe(200)
-        const sessionId = initRes.headers.get('mcp-session-id')
-        expect(sessionId).toBeTruthy()
-
-        // Notify server that client is initialized
-        await fetch(base, {
-            method: 'POST',
-            headers: { ...headers, 'mcp-session-id': sessionId! },
-            body: JSON.stringify({ jsonrpc: '2.0', method: 'notifications/initialized' }),
-        })
-
-        // Now call the tool on the established session
-        const res = await fetch(base, {
-            method: 'POST',
-            headers: { ...headers, 'mcp-session-id': sessionId! },
-            body: JSON.stringify({
-                jsonrpc: '2.0',
-                id: 2,
-                method: 'tools/call',
-                params: { name: tool, arguments: args },
-            }),
-        })
-        expect(res.status).toBe(200)
-    }
-
-    test('read token can read core tools, but gets 403 on write-scoped tools', async () => {
-        // Read-scoped core tool — allowed (core group requires read)
-        await executeToolDirectly(readToken, 'get_recent_entries', { limit: 1 }, true)
-
-        // Write-scoped tool — blocked (github group requires write)
-        await executeToolDirectly(readToken, 'get_github_issues', {}, false)
-    })
-
-    test('write token can call write-scoped tools, but gets 403 on admin tools', async () => {
-        // Write-scoped tool allowed (github group requires write, write token has write scope)
-        await executeToolDirectly(writeToken, 'get_github_issues', {}, true)
-
-        // Admin tools blocked (admin group requires admin, write token has only read+write)
-        await executeToolDirectly(writeToken, 'rebuild_vector_index', {}, false)
-    })
-
-    test('admin token can call admin-scoped tools', async () => {
-        // Admin access granted (admin scope satisfies admin group requirement)
-        await executeToolDirectly(adminToken, 'rebuild_vector_index', {}, true)
-    })
-})

package/tests/e2e/payloads-admin.spec.ts

@@ -1,76 +0,0 @@
-/**
- * Payload Contract Tests: Admin
- *
- * Validates response shapes for 5 admin tools:
- * update_entry, delete_entry, merge_tags, rebuild_vector_index, add_to_vector_index.
- */
-
-import { test, expect } from '@playwright/test'
-import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { createClient, callToolAndParse, expectSuccess } from './helpers.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('Payload Contracts: Admin', () => {
-    let client: Client
-    let entryId: number
-
-    test.beforeAll(async () => {
-        client = await createClient()
-        // Create an entry for admin operations
-        const e = await callToolAndParse(client, 'create_entry', {
-            content: 'Admin test entry',
-            entry_type: 'test_entry',
-            tags: ['admin-test', 'merge-source'],
-        })
-        entryId = (e.entry as Record<string, unknown>).id as number
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('update_entry returns { success, entry }', async () => {
-        const payload = await callToolAndParse(client, 'update_entry', {
-            entry_id: entryId,
-            content: 'Updated admin test entry',
-        })
-        expectSuccess(payload)
-        expect(payload.success).toBe(true)
-        expect(payload.entry).toBeDefined()
-    })
-
-    test('add_to_vector_index returns { success, entryId }', async () => {
-        const payload = await callToolAndParse(client, 'add_to_vector_index', {
-            entry_id: entryId,
-        })
-        // Vector search may not be available in test environments
-        expect(typeof payload.success).toBe('boolean')
-        expect(payload.entryId).toBe(entryId)
-    })
-
-    test('merge_tags returns merge result', async () => {
-        const payload = await callToolAndParse(client, 'merge_tags', {
-            source_tag: 'merge-source',
-            target_tag: 'admin-test',
-        })
-        expectSuccess(payload)
-        expect(typeof payload).toBe('object')
-    })
-
-    test('rebuild_vector_index returns { success, entriesIndexed }', async () => {
-        const payload = await callToolAndParse(client, 'rebuild_vector_index', {})
-        // Embedding model may not be available in test environments
-        expect(typeof payload.success).toBe('boolean')
-        expect(typeof payload.entriesIndexed).toBe('number')
-    })
-
-    test('delete_entry returns { success, entryId }', async () => {
-        const payload = await callToolAndParse(client, 'delete_entry', {
-            entry_id: entryId,
-        })
-        expectSuccess(payload)
-        expect(payload.success).toBeDefined()
-        expect(payload.entryId).toBe(entryId)
-    })
-})

package/tests/e2e/payloads-analytics.spec.ts

@@ -1,37 +0,0 @@
-/**
- * Payload Contract Tests: Analytics
- *
- * Validates response shapes for 2 analytics tools:
- * get_statistics, get_cross_project_insights.
- */
-
-import { test, expect } from '@playwright/test'
-import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { createClient, callToolAndParse, expectSuccess } from './helpers.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('Payload Contracts: Analytics', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        client = await createClient()
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('get_statistics returns stats object', async () => {
-        const payload = await callToolAndParse(client, 'get_statistics', {})
-        expectSuccess(payload)
-        expect(typeof payload.groupBy).toBe('string')
-        expect(typeof payload).toBe('object')
-    })
-
-    test('get_cross_project_insights returns insights', async () => {
-        const payload = await callToolAndParse(client, 'get_cross_project_insights', {})
-        expectSuccess(payload)
-        expect(typeof payload).toBe('object')
-    })
-})

package/tests/e2e/payloads-backup-restore.spec.ts

@@ -1,102 +0,0 @@
-/**
- * Payload Contract Tests: Backup Restore
- *
- * Tests the restore_backup workflow that was missing from
- * payloads-backup.spec.ts: confirm=false rejection, nonexistent
- * backup error, and full backup→restore cycle.
- */
-
-import { test, expect } from '@playwright/test'
-import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { createClient, callToolAndParse, expectSuccess } from './helpers.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('Payload Contracts: Backup Restore', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        client = await createClient()
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('restore_backup(confirm: false) returns structured validation error', async () => {
-        // When confirm is false, the handler returns a structured error response.
-        // The MCP SDK marks tool responses containing { success: false } as isError when
-        // the outputSchema is validated — use raw callTool here instead of callToolAndParse.
-        const response = await client.callTool({
-            name: 'restore_backup',
-            arguments: {
-                filename: 'nonexistent.db',
-                confirm: false,
-            },
-        })
-
-        // isError may be true because the SDK detected a structured error response
-        // The key assertion is that the content is a well-formed error, not an exception
-        expect(Array.isArray(response.content)).toBe(true)
-        const content = response.content as Array<{ type: string; text?: string }>
-        expect(content.length).toBeGreaterThan(0)
-        expect(content[0]!.type).toBe('text')
-
-        const payload = JSON.parse(content[0]!.text!) as Record<string, unknown>
-        expect(payload.success).toBe(false)
-        expect(typeof payload.error).toBe('string')
-        expect((payload.error as string).toLowerCase()).toContain('confirm')
-        expect(payload.code).toBe('VALIDATION_ERROR')
-        expect(payload.category).toBe('validation')
-    })
-
-    test('restore_backup with nonexistent file returns structured error', async () => {
-        const response = await client.callTool({
-            name: 'restore_backup',
-            arguments: {
-                filename: 'nonexistent-backup-file-that-does-not-exist.db',
-                confirm: true,
-            },
-        })
-
-        expect(Array.isArray(response.content)).toBe(true)
-        const payload = JSON.parse(
-            (response.content as Array<{ type: string; text: string }>)[0]!.text
-        ) as Record<string, unknown>
-        expect(payload.success).toBe(false)
-        expect(typeof payload.error).toBe('string')
-    })
-
-    test('full backup → restore cycle succeeds', async () => {
-        // Step 1: Create an entry so the DB is non-empty
-        const entry = await callToolAndParse(client, 'create_entry', {
-            content: 'Backup restore cycle test entry',
-            entry_type: 'test_entry',
-            tags: ['backup-restore-test'],
-        })
-        expectSuccess(entry)
-
-        // Step 2: Create a backup
-        const backup = await callToolAndParse(client, 'backup_journal', {})
-        expectSuccess(backup)
-        expect(backup.success).toBe(true)
-        expect(typeof backup.filename).toBe('string')
-
-        const backupFilename = backup.filename as string
-
-        // Step 3: Restore from the backup (use filename directly from backup result)
-        const restore = await client.callTool({
-            name: 'restore_backup',
-            arguments: {
-                filename: backupFilename,
-                confirm: true,
-            },
-        })
-
-        expect(Array.isArray(restore.content)).toBe(true)
-        const restorePayload = JSON.parse(
-            (restore.content as Array<{ type: string; text: string }>)[0]!.text
-        ) as Record<string, unknown>
-        expect(restorePayload.success).toBe(true)
-    })
-})

package/tests/e2e/payloads-backup.spec.ts

@@ -1,44 +0,0 @@
-/**
- * Payload Contract Tests: Backup
- *
- * Validates response shapes for 4 backup tools:
- * backup_journal, list_backups, cleanup_backups, restore_backup.
- */
-
-import { test, expect } from '@playwright/test'
-import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { createClient, callToolAndParse, expectSuccess } from './helpers.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('Payload Contracts: Backup', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        client = await createClient()
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('backup_journal returns { success }', async () => {
-        const payload = await callToolAndParse(client, 'backup_journal', {})
-        expectSuccess(payload)
-        expect(payload.success).toBe(true)
-    })
-
-    test('list_backups returns backup list', async () => {
-        const payload = await callToolAndParse(client, 'list_backups', {})
-        expectSuccess(payload)
-        expect(typeof payload).toBe('object')
-    })
-
-    test('cleanup_backups returns cleanup result', async () => {
-        const payload = await callToolAndParse(client, 'cleanup_backups', {
-            keep_count: 5,
-        })
-        expectSuccess(payload)
-        expect(typeof payload).toBe('object')
-    })
-})

package/tests/e2e/payloads-codemode-api.spec.ts

@@ -1,131 +0,0 @@
-/**
- * Payload Contract Tests: Code Mode API Bridge Depth
- *
- * Exercises the mj.* API bridge beyond basic execution:
- * - mj.search.searchEntries() returns { entries, count }
- * - mj.analytics.getStatistics() returns stats object
- * - Multi-step: createEntry + searchEntries with data dependency
- * - mj.help() returns API group listing with expected group names
- * - mj.help() lists all expected top-level namespaces
- *
- * Note: Code Mode wraps execution results as { success, result, metrics }.
- * The user's return value is in payload.result; we stringify payload to check
- * presence of expected fields across both paths.
- */
-
-import { test, expect } from '@playwright/test'
-import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { createClient, callToolAndParse } from './helpers.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('Payload Contracts: Code Mode API Bridge Depth', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        client = await createClient()
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('mj.search.searchEntries() returns { entries, count }', async () => {
-        const payload = await callToolAndParse(client, 'mj_execute_code', {
-            code: `
-                const result = await mj.search.searchEntries({ query: 'test' });
-                return result;
-            `,
-        })
-
-        expect(typeof payload).toBe('object')
-        // Code Mode result is in payload.result; but we stringify for robustness
-        const flat = JSON.stringify(payload)
-        // Should contain entries array field
-        expect(flat).toMatch(/"entries"/)
-    })
-
-    test('mj.analytics.getStatistics() returns stats object with expected fields', async () => {
-        const payload = await callToolAndParse(client, 'mj_execute_code', {
-            code: `
-                const result = await mj.analytics.getStatistics({});
-                return result;
-            `,
-        })
-
-        expect(typeof payload).toBe('object')
-        // Should not be a hard failure
-        expect(JSON.stringify(payload)).not.toContain('"success":false')
-        // Stats response should have groupBy or totalEntries
-        const flat = JSON.stringify(payload)
-        expect(flat).toMatch(/groupBy|totalEntries/)
-    })
-
-    test('multi-step: createEntry then searchEntries finds created content', async () => {
-        const uniqueTag = `codemode-api-e2e-${Date.now()}`
-
-        const payload = await callToolAndParse(client, 'mj_execute_code', {
-            code: `
-                // Step 1: create entry with a unique tag
-                const created = await mj.core.createEntry({
-                    content: 'Code mode API bridge depth test',
-                    entry_type: 'test_entry',
-                    tags: ['${uniqueTag}'],
-                });
-
-                // Step 2: search using the tag
-                const results = await mj.search.searchEntries({ query: '${uniqueTag}' });
-
-                return {
-                    createdId: created.entry?.id,
-                    foundCount: results.count,
-                    createSuccess: created.success,
-                };
-            `,
-        })
-
-        expect(typeof payload).toBe('object')
-        // Overall execution must succeed
-        const flat = JSON.stringify(payload)
-        expect(flat).not.toContain('"success":false')
-        // The entry was created (result.createdId should be a number)
-        const result = payload.result as Record<string, unknown> | undefined
-        if (result) {
-            expect(typeof result.createdId).toBe('number')
-            // Both API calls returned well-formed results (count is a number)
-            expect(typeof result.foundCount).toBe('number')
-        }
-    })
-
-    test('mj.help() returns API group listing', async () => {
-        const payload = await callToolAndParse(client, 'mj_execute_code', {
-            code: `
-                const help = await mj.help();
-                return { help, type: typeof help };
-            `,
-        })
-
-        expect(typeof payload).toBe('object')
-        // Either the call succeeded with a result, or we at least got a non-null response
-        const flat = JSON.stringify(payload)
-        // help() should produce something non-empty
-        expect(flat.length).toBeGreaterThan(10)
-    })
-
-    test('mj.help() output mentions expected API groups', async () => {
-        const payload = await callToolAndParse(client, 'mj_execute_code', {
-            code: `
-                const help = await mj.help();
-                const helpText = JSON.stringify(help);
-                return { helpText };
-            `,
-        })
-
-        expect(typeof payload).toBe('object')
-        // Full serialized payload should mention core and search group names
-        const flat = JSON.stringify(payload)
-        expect(flat).toMatch(/core/i)
-        expect(flat).toMatch(/search/i)
-        expect(flat).toMatch(/analytics/i)
-    })
-})