memory-journal-mcp 6.1.2 → 6.2.1

package/tests/e2e/resources-instructions-levels.spec.ts

@@ -1,145 +0,0 @@
-/**
- * E2E Tests: memory://instructions Resource — Tool-Filter Gating
- *
- * The memory://instructions resource always serves full-level instructions
- * but conditions sections on which tool groups are enabled via --tool-filter.
- *
- * Validated section gates (from server-instructions.ts):
- *   Code Mode section  — present only when `codemode` group enabled
- *   GitHub Integration — present only when `github` group enabled
- *   Copilot Review     — present only when `github` group enabled
- *   Semantic search row in Quick Access — `search` group only
- *
- * This exercises the HTTP-transport path for instructions, which is
- * distinct from the stdio path tested in test-filter-instructions.mjs.
- *
- * Uses dedicated server ports 3110, 3111.
- */
-
-import { test, expect } from '@playwright/test'
-import { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js'
-import { startServer, stopServer } from './helpers.js'
-
-const CORE_ONLY_PORT = 3110 // --tool-filter core  (no codemode, no github, no search)
-const NO_GITHUB_PORT = 3111 // --tool-filter -github (all except github)
-
-/** Read memory://instructions text from a client */
-async function readInstructions(client: Client): Promise<string> {
-    const response = await client.readResource({ uri: 'memory://instructions' })
-    expect(response.contents).toBeDefined()
-    expect(response.contents.length).toBeGreaterThan(0)
-    return response.contents[0]!.text as string
-}
-
-// ============================================================================
-// core-only filter: no codemode, no github, no search
-// ============================================================================
-
-test.describe('memory://instructions: core-only filter gating', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        await startServer(CORE_ONLY_PORT, ['--tool-filter', 'core'], 'instr-core-only')
-        const transport = new StreamableHTTPClientTransport(
-            new URL(`http://localhost:${CORE_ONLY_PORT}/mcp`)
-        )
-        client = new Client(
-            { name: 'instr-core-only-test', version: '1.0.0' },
-            { capabilities: {} }
-        )
-        await client.connect(transport)
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-        stopServer(CORE_ONLY_PORT)
-    })
-
-    test('core-only: core section (Rule & Skill Suggestions) is always present', async () => {
-        const text = await readInstructions(client)
-        expect(text).toContain('Rule & Skill Suggestions')
-    })
-
-    test('core-only: Active Tools section lists only core group', async () => {
-        const text = await readInstructions(client)
-        // Active Tools section should mention core tools
-        expect(text).toContain('## Active Tools')
-        expect(text).toContain('core')
-    })
-
-    test('core-only: Code Mode section is absent (codemode group disabled)', async () => {
-        const text = await readInstructions(client)
-        expect(text).not.toContain('Code Mode (Token-Efficient')
-    })
-
-    test('core-only: GitHub Integration section is absent (github group disabled)', async () => {
-        const text = await readInstructions(client)
-        expect(text).not.toContain('## GitHub Integration')
-    })
-
-    test('core-only: Copilot Review Patterns section is absent (github group disabled)', async () => {
-        const text = await readInstructions(client)
-        expect(text).not.toContain('Copilot Review Patterns')
-    })
-
-    test('core-only: semantic_search Quick Access row is absent (search group disabled)', async () => {
-        const text = await readInstructions(client)
-        expect(text).not.toContain('| Semantic search |')
-    })
-})
-
-// ============================================================================
-// -github filter: all groups except github
-// ============================================================================
-
-test.describe('memory://instructions: -github filter gating', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        await startServer(NO_GITHUB_PORT, ['--tool-filter', '-github'], 'instr-no-github')
-        const transport = new StreamableHTTPClientTransport(
-            new URL(`http://localhost:${NO_GITHUB_PORT}/mcp`)
-        )
-        client = new Client(
-            { name: 'instr-no-github-test', version: '1.0.0' },
-            { capabilities: {} }
-        )
-        await client.connect(transport)
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-        stopServer(NO_GITHUB_PORT)
-    })
-
-    test('-github: core section is present', async () => {
-        const text = await readInstructions(client)
-        expect(text).toContain('Rule & Skill Suggestions')
-    })
-
-    test('-github: Code Mode section is present (codemode group enabled)', async () => {
-        const text = await readInstructions(client)
-        expect(text).toContain('Code Mode (Token-Efficient')
-    })
-
-    test('-github: GitHub Integration section is absent (github group removed)', async () => {
-        const text = await readInstructions(client)
-        expect(text).not.toContain('## GitHub Integration')
-    })
-
-    test('-github: Copilot Review Patterns section is absent (github group removed)', async () => {
-        const text = await readInstructions(client)
-        expect(text).not.toContain('Copilot Review Patterns')
-    })
-
-    test('-github: semantic_search Quick Access row is present (search group enabled)', async () => {
-        const text = await readInstructions(client)
-        expect(text).toContain('| Semantic search |')
-    })
-
-    test('-github: Active Tools section does not list github tools', async () => {
-        const text = await readInstructions(client)
-        expect(text).not.toContain('get_github_issues')
-    })
-})

package/tests/e2e/resources-templates.spec.ts

@@ -1,123 +0,0 @@
-/**
- * E2E Tests: Template Resource Reads via SDK Client
- *
- * Validates that all 8 template resources can be fetched by URI
- * without throwing a raw MCP protocol exception. Since the E2E test
- * environment has no GitHub token, GitHub-backed templates will return
- * structured error JSON rather than real data — both outcomes are valid.
- *
- * Also verifies memory://help/{group} returns per-group tool details.
- */
-
-import { test, expect } from '@playwright/test'
-import { createClient } from './helpers.js'
-import type { Client } from '@modelcontextprotocol/sdk/client/index.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('E2E Resource Reads: Template Resources', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        client = await createClient()
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    /**
-     * Read a template resource URI and assert we get a non-empty text response.
-     * MCP protocol exceptions (thrown, not returned) are re-thrown so the test fails.
-     * Structured JSON errors (returned as content) count as valid responses.
-     */
-    async function readTemplateResource(uri: string): Promise<string> {
-        const response = await client.readResource({ uri })
-        expect(response.contents).toBeDefined()
-        expect(response.contents.length).toBeGreaterThan(0)
-        const text = response.contents[0]!.text as string
-        expect(typeof text).toBe('string')
-        expect(text.length).toBeGreaterThan(0)
-        return text
-    }
-
-    // --- memory://help/{group} — dynamic per-group tool reference ---
-
-    test('memory://help/core returns per-group tool list', async () => {
-        const text = await readTemplateResource('memory://help/core')
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('group', 'core')
-        expect(parsed).toHaveProperty('tools')
-        expect(Array.isArray(parsed.tools)).toBe(true)
-        expect(parsed.tools.length).toBeGreaterThanOrEqual(5)
-    })
-
-    test('memory://help/search returns search group tools', async () => {
-        const text = await readTemplateResource('memory://help/search')
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('group', 'search')
-        expect(Array.isArray(parsed.tools)).toBe(true)
-    })
-
-    test('memory://help/github returns github group tools', async () => {
-        const text = await readTemplateResource('memory://help/github')
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('group', 'github')
-        expect(Array.isArray(parsed.tools)).toBe(true)
-        expect(parsed.tools.length).toBeGreaterThanOrEqual(16)
-    })
-
-    test('memory://help/team returns team group tools', async () => {
-        const text = await readTemplateResource('memory://help/team')
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('group', 'team')
-        expect(Array.isArray(parsed.tools)).toBe(true)
-        expect(parsed.tools.length).toBeGreaterThanOrEqual(20)
-    })
-
-    test('memory://help/codemode returns codemode group tools', async () => {
-        const text = await readTemplateResource('memory://help/codemode')
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('group', 'codemode')
-        expect(Array.isArray(parsed.tools)).toBe(true)
-        expect(parsed.tools.length).toBeGreaterThanOrEqual(1)
-    })
-
-    // --- GitHub-backed template resources (no token — structured error or data) ---
-
-    test('memory://projects/1/timeline returns valid response', async () => {
-        const text = await readTemplateResource('memory://projects/1/timeline')
-        // Either a structured JSON error or a timeline object
-        expect(text.length).toBeGreaterThan(0)
-    })
-
-    test('memory://issues/1/entries returns valid response', async () => {
-        const text = await readTemplateResource('memory://issues/1/entries')
-        expect(text.length).toBeGreaterThan(0)
-    })
-
-    test('memory://prs/1/entries returns valid response', async () => {
-        const text = await readTemplateResource('memory://prs/1/entries')
-        expect(text.length).toBeGreaterThan(0)
-    })
-
-    test('memory://prs/1/timeline returns valid response', async () => {
-        const text = await readTemplateResource('memory://prs/1/timeline')
-        expect(text.length).toBeGreaterThan(0)
-    })
-
-    test('memory://kanban/1 returns valid response', async () => {
-        const text = await readTemplateResource('memory://kanban/1')
-        expect(text.length).toBeGreaterThan(0)
-    })
-
-    test('memory://kanban/1/diagram returns valid response', async () => {
-        const text = await readTemplateResource('memory://kanban/1/diagram')
-        expect(text.length).toBeGreaterThan(0)
-    })
-
-    test('memory://milestones/1 returns valid response', async () => {
-        const text = await readTemplateResource('memory://milestones/1')
-        expect(text.length).toBeGreaterThan(0)
-    })
-})

package/tests/e2e/resources.spec.ts

@@ -1,103 +0,0 @@
-/**
- * E2E Tests: MCP Resource Reads via SDK Client
- *
- * Uses the official @modelcontextprotocol/sdk client to connect
- * via Streamable HTTP transport and read resources end-to-end.
- */
-
-import { test, expect } from '@playwright/test'
-import { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js'
-
-test.describe.configure({ mode: 'serial' })
-
-test.describe('E2E Resource Reads (via MCP SDK Client)', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3100/mcp'))
-        client = new Client(
-            { name: 'playwright-resource-test', version: '1.0.0' },
-            { capabilities: {} }
-        )
-        await client.connect(transport)
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('should list available resources', async () => {
-        const listResponse = await client.listResources()
-
-        expect(listResponse.resources).toBeDefined()
-        expect(Array.isArray(listResponse.resources)).toBe(true)
-        expect(listResponse.resources.length).toBeGreaterThan(0)
-
-        const uris = listResponse.resources.map((r) => r.uri)
-        expect(uris).toContain('memory://health')
-        expect(uris).toContain('memory://briefing')
-        expect(uris).toContain('memory://recent')
-        expect(uris).toContain('memory://statistics')
-    })
-
-    test('should read memory://health resource', async () => {
-        const response = await client.readResource({ uri: 'memory://health' })
-
-        expect(response.contents).toBeDefined()
-        expect(response.contents.length).toBeGreaterThan(0)
-
-        const text = response.contents[0]!.text as string
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('database')
-        expect(parsed).toHaveProperty('vectorIndex')
-        expect(parsed).toHaveProperty('scheduler')
-    })
-
-    test('should read memory://briefing resource', async () => {
-        const response = await client.readResource({ uri: 'memory://briefing' })
-
-        expect(response.contents).toBeDefined()
-        expect(response.contents.length).toBeGreaterThan(0)
-
-        const text = response.contents[0]!.text as string
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('userMessage')
-        expect(parsed).toHaveProperty('journal')
-    })
-
-    test('should read memory://recent resource', async () => {
-        const response = await client.readResource({ uri: 'memory://recent' })
-
-        expect(response.contents).toBeDefined()
-        expect(response.contents.length).toBeGreaterThan(0)
-
-        const text = response.contents[0]!.text as string
-        const parsed = JSON.parse(text)
-        // May be empty if no entries exist, but should be valid JSON
-        expect(parsed).toBeDefined()
-    })
-
-    test('should read memory://statistics resource', async () => {
-        const response = await client.readResource({ uri: 'memory://statistics' })
-
-        expect(response.contents).toBeDefined()
-        expect(response.contents.length).toBeGreaterThan(0)
-
-        const text = response.contents[0]!.text as string
-        const parsed = JSON.parse(text)
-        expect(parsed).toHaveProperty('totalEntries')
-    })
-
-    test('should list resource templates', async () => {
-        const response = await client.listResourceTemplates()
-
-        expect(response.resourceTemplates).toBeDefined()
-        expect(Array.isArray(response.resourceTemplates)).toBe(true)
-        expect(response.resourceTemplates.length).toBeGreaterThan(0)
-
-        const uriTemplates = response.resourceTemplates.map((t) => t.uriTemplate)
-        expect(uriTemplates).toContain('memory://issues/{issue_number}/entries')
-        expect(uriTemplates).toContain('memory://kanban/{project_number}')
-    })
-})

package/tests/e2e/scheduler.spec.ts

@@ -1,79 +0,0 @@
-/**
- * E2E Tests: Scheduler Activation
- *
- * Verifies that the automated scheduler is active and visible
- * in the memory://health resource when the server is started
- * with scheduler flags (--backup-interval, --vacuum-interval, etc.)
- */
-
-import { test, expect } from '@playwright/test'
-import { Client } from '@modelcontextprotocol/sdk/client/index.js'
-import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js'
-
-test.describe('Scheduler Activation (HTTP Only)', () => {
-    let client: Client
-
-    test.beforeAll(async () => {
-        const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3100/mcp'))
-        client = new Client(
-            { name: 'playwright-scheduler-test', version: '1.0.0' },
-            { capabilities: {} }
-        )
-        await client.connect(transport)
-    })
-
-    test.afterAll(async () => {
-        await client.close()
-    })
-
-    test('memory://health should show scheduler.active as true', async () => {
-        const response = await client.readResource({ uri: 'memory://health' })
-
-        expect(response.contents).toBeDefined()
-        expect(response.contents.length).toBeGreaterThan(0)
-
-        const text = response.contents[0]!.text as string
-        const health = JSON.parse(text)
-
-        expect(health).toHaveProperty('scheduler')
-        expect(health.scheduler).toHaveProperty('active', true)
-    })
-
-    test('memory://health should show 3 scheduler jobs', async () => {
-        const response = await client.readResource({ uri: 'memory://health' })
-        const health = JSON.parse(response.contents[0]!.text as string)
-
-        expect(health.scheduler).toHaveProperty('jobs')
-        expect(Array.isArray(health.scheduler.jobs)).toBe(true)
-        expect(health.scheduler.jobs.length).toBe(3)
-
-        const jobNames = health.scheduler.jobs.map((j: { name: string }) => j.name)
-        expect(jobNames).toContain('backup')
-        expect(jobNames).toContain('vacuum')
-        expect(jobNames).toContain('rebuild-index')
-    })
-
-    test('scheduler jobs should have nextRun timestamps', async () => {
-        const response = await client.readResource({ uri: 'memory://health' })
-        const health = JSON.parse(response.contents[0]!.text as string)
-
-        for (const job of health.scheduler.jobs) {
-            expect(job).toHaveProperty('nextRun')
-            // nextRun should be a valid ISO 8601 timestamp
-            const nextRun = new Date(job.nextRun)
-            expect(nextRun.toISOString()).toBe(job.nextRun)
-            // nextRun should be in the future (or very close to now)
-            expect(nextRun.getTime()).toBeGreaterThan(Date.now() - 60000)
-        }
-    })
-
-    test('scheduler jobs should have run count fields', async () => {
-        const response = await client.readResource({ uri: 'memory://health' })
-        const health = JSON.parse(response.contents[0]!.text as string)
-
-        for (const job of health.scheduler.jobs) {
-            expect(job).toHaveProperty('runCount')
-            expect(typeof job.runCount).toBe('number')
-        }
-    })
-})

package/tests/e2e/security.spec.ts

@@ -1,112 +0,0 @@
-/**
- * E2E Tests: Security & Limits
- *
- * Tests HTTP transport security hardening: security headers,
- * body size limits, 404 handler, CORS, and HSTS.
- */
-
-import { test, expect } from '@playwright/test'
-import { startServer, stopServer } from './helpers.js'
-
-test.describe('HTTP Transport Security & Limits', () => {
-    test('should return 404 Not Found for unknown endpoints', async ({ request }) => {
-        const response = await request.get('/non-existent-path')
-        expect(response.status()).toBe(404)
-
-        const body = await response.json()
-        expect(body).toHaveProperty('error', 'Not found')
-    })
-
-    test('should return 413 Payload Too Large for excessive POST bodies', async ({ request }) => {
-        // Generate a payload over 1 MB (1,048,576 bytes)
-        const bulkyData = 'A'.repeat(1024 * 1025) // ~1.025 MB string
-
-        const response = await request.post('/mcp', {
-            headers: {
-                Accept: 'application/json, text/event-stream',
-            },
-            data: {
-                jsonrpc: '2.0',
-                id: 1,
-                method: 'initialize',
-                params: { testData: bulkyData },
-            },
-        })
-
-        expect(response.status()).toBe(413)
-    })
-
-    test('should inject security headers on responses', async ({ request }) => {
-        const response = await request.get('/health')
-        expect(response.status()).toBe(200)
-
-        const headers = response.headers()
-        expect(headers['x-content-type-options']).toBe('nosniff')
-        expect(headers['x-frame-options']).toBe('DENY')
-        expect(headers['cache-control']).toBe('no-store, no-cache, must-revalidate')
-        expect(headers['content-security-policy']).toBe(
-            "default-src 'none'; frame-ancestors 'none'"
-        )
-        expect(headers['referrer-policy']).toBe('no-referrer')
-        expect(headers['permissions-policy']).toBe('camera=(), microphone=(), geolocation=()')
-    })
-
-    test('should respond with 204 to CORS preflight OPTIONS requests', async ({ request }) => {
-        const response = await request.fetch('/mcp', {
-            method: 'OPTIONS',
-        })
-
-        expect(response.status()).toBe(204)
-    })
-
-    test('should include CORS headers on responses', async ({ request }) => {
-        const response = await request.get('/health')
-        const headers = response.headers()
-
-        // Default CORS origin is * (configurable via --cors-origin)
-        expect(headers['access-control-allow-origin']).toBe('*')
-        expect(headers['access-control-allow-methods']).toContain('POST')
-        expect(headers['access-control-allow-methods']).toContain('GET')
-        expect(headers['access-control-expose-headers']).toContain('mcp-session-id')
-    })
-
-    test('should NOT include HSTS header without enableHSTS config', async ({ request }) => {
-        // HSTS is now config-driven (enableHSTS: true), not header-sniffed.
-        // Without explicit config, X-Forwarded-Proto alone should NOT trigger HSTS.
-        const response = await request.get('/health', {
-            headers: {
-                'X-Forwarded-Proto': 'https',
-            },
-        })
-
-        expect(response.status()).toBe(200)
-        const headers = response.headers()
-        expect(headers['strict-transport-security']).toBeUndefined()
-    })
-
-    test('should NOT include HSTS header without X-Forwarded-Proto', async ({ request }) => {
-        const response = await request.get('/health')
-        expect(response.status()).toBe(200)
-
-        const headers = response.headers()
-        expect(headers['strict-transport-security']).toBeUndefined()
-    })
-
-    test('should include HSTS header when --enable-hsts is configured', async () => {
-        const HSTS_PORT = 3106
-
-        await startServer(HSTS_PORT, ['--enable-hsts'], 'hsts')
-
-        try {
-            const response = await fetch(`http://localhost:${HSTS_PORT}/health`)
-            expect(response.status).toBe(200)
-
-            const hsts = response.headers.get('strict-transport-security')
-            expect(hsts).toBeDefined()
-            expect(hsts).toContain('max-age=')
-            expect(hsts).toContain('includeSubDomains')
-        } finally {
-            stopServer(HSTS_PORT)
-        }
-    })
-})