rebar-mcp 2.0.0

package/src/tests/enterprise.test.ts

@@ -0,0 +1,483 @@
+/**
+ * Integration tests for Rebar enterprise tools
+ * rebar_apply_compliance, rebar_create_ci_workflow,
+ * rebar_create_security_hook, rebar_generate_mcp_config
+ */
+import { describe, it, before } from "node:test";
+import * as assert from "node:assert";
+import * as fs from "node:fs/promises";
+import * as path from "node:path";
+import {
+  createTestDir,
+  createMockProject,
+  readTestFile,
+  testFileExists,
+  readTestJson,
+  assertToolSuccess,
+  getToolResultText,
+  parseToolResultJson,
+  createMinimalClaudeMd,
+} from "./test-utils.js";
+import { initializeTools, invokeTool } from "./tool-harness.js";
+
+// Initialize tools before all tests
+before(() => {
+  initializeTools();
+});
+
+describe("rebar_apply_compliance", () => {
+  it("should apply HIPAA compliance pack", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir, {
+        existingClaudeMd: createMinimalClaudeMd(),
+      });
+
+      const result = await invokeTool("rebar_apply_compliance", {
+        project_path: testDir,
+        standard: "hipaa",
+        scope: "full",
+      });
+
+      assertToolSuccess(result);
+
+      const text = getToolResultText(result);
+      assert.ok(text.includes("HIPAA"), "Should mention HIPAA");
+
+      // Should have added hooks to settings
+      const settings = await readTestJson<Record<string, unknown>>(
+        testDir,
+        ".claude/settings.json"
+      );
+      assert.ok(settings, "Settings should exist");
+      assert.ok(settings.hooks, "Should have hooks");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should apply SOC2 compliance pack", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir, {
+        existingClaudeMd: createMinimalClaudeMd(),
+      });
+
+      const result = await invokeTool("rebar_apply_compliance", {
+        project_path: testDir,
+        standard: "soc2",
+        scope: "full",
+      });
+
+      assertToolSuccess(result);
+
+      const text = getToolResultText(result);
+      assert.ok(text.includes("SOC2"), "Should mention SOC2");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support hooks_only scope", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir, {
+        existingClaudeMd: createMinimalClaudeMd(),
+      });
+
+      const result = await invokeTool("rebar_apply_compliance", {
+        project_path: testDir,
+        standard: "pci-dss",
+        scope: "hooks_only",
+      });
+
+      assertToolSuccess(result);
+
+      // Should have hooks but not skills
+      const settings = await readTestJson<Record<string, unknown>>(
+        testDir,
+        ".claude/settings.json"
+      );
+      assert.ok(settings?.hooks, "Should have hooks");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support dry_run mode", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir, {
+        existingClaudeMd: createMinimalClaudeMd(),
+      });
+
+      const result = await invokeTool("rebar_apply_compliance", {
+        project_path: testDir,
+        standard: "sox",
+        scope: "full",
+        dry_run: true,
+        output_format: "json",
+      });
+
+      assertToolSuccess(result);
+
+      const parsed = parseToolResultJson<Record<string, unknown>>(result);
+      assert.strictEqual(parsed.dry_run, true);
+
+      // Settings should NOT be modified
+      assert.ok(
+        !(await testFileExists(testDir, ".claude/settings.json")),
+        "Settings should not be created in dry-run"
+      );
+    } finally {
+      await cleanup();
+    }
+  });
+});
+
+describe("rebar_create_ci_workflow", () => {
+  it("should create GitHub Actions workflow", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_create_ci_workflow", {
+        repo_path: testDir,
+        review_focus: "security",
+        branch_pattern: "main",
+      });
+
+      assertToolSuccess(result);
+
+      assert.ok(
+        await testFileExists(testDir, ".github/workflows/claude-review.yml"),
+        "Workflow file should be created"
+      );
+
+      const workflow = await readTestFile(
+        testDir,
+        ".github/workflows/claude-review.yml"
+      );
+      assert.ok(workflow, "Workflow should have content");
+      assert.ok(workflow.includes("Claude Code Review"), "Should have workflow name");
+      assert.ok(workflow.includes("pull_request"), "Should trigger on PRs");
+      assert.ok(workflow.includes("security"), "Should include security focus");
+      assert.ok(workflow.includes("ANTHROPIC_API_KEY"), "Should reference API key secret");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support different review focuses", async () => {
+    const focuses = ["security", "performance", "style", "all"] as const;
+
+    for (const focus of focuses) {
+      const { path: testDir, cleanup } = await createTestDir();
+
+      try {
+        await createMockProject(testDir);
+
+        const result = await invokeTool("rebar_create_ci_workflow", {
+          repo_path: testDir,
+          review_focus: focus,
+        });
+
+        assertToolSuccess(result);
+
+        const workflow = await readTestFile(
+          testDir,
+          ".github/workflows/claude-review.yml"
+        );
+        assert.ok(workflow?.includes(focus), `Should include ${focus} focus`);
+      } finally {
+        await cleanup();
+      }
+    }
+  });
+
+  it("should support dry_run mode", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_create_ci_workflow", {
+        repo_path: testDir,
+        review_focus: "all",
+        dry_run: true,
+        output_format: "json",
+      });
+
+      assertToolSuccess(result);
+
+      const parsed = parseToolResultJson<Record<string, unknown>>(result);
+      assert.strictEqual(parsed.dry_run, true);
+
+      // Workflow should NOT be created
+      assert.ok(
+        !(await testFileExists(testDir, ".github/workflows/claude-review.yml")),
+        "Workflow should not be created in dry-run"
+      );
+    } finally {
+      await cleanup();
+    }
+  });
+});
+
+describe("rebar_create_security_hook", () => {
+  it("should create security hook with standard strictness", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_create_security_hook", {
+        project_path: testDir,
+        strictness: "standard",
+      });
+
+      assertToolSuccess(result);
+
+      // Should create blocker script
+      assert.ok(
+        await testFileExists(testDir, ".claude/scripts/security-blocker.sh"),
+        "Blocker script should be created"
+      );
+
+      // Should update settings
+      const settings = await readTestJson<Record<string, unknown>>(
+        testDir,
+        ".claude/settings.json"
+      );
+      assert.ok(settings, "Settings should exist");
+      assert.ok(settings.hooks, "Should have hooks");
+      assert.ok(settings.permissions, "Should have permissions");
+
+      const perms = settings.permissions as Record<string, unknown>;
+      assert.ok(Array.isArray(perms.deny), "Should have deny list");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support strict strictness level", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_create_security_hook", {
+        project_path: testDir,
+        strictness: "strict",
+      });
+
+      assertToolSuccess(result);
+
+      const script = await readTestFile(
+        testDir,
+        ".claude/scripts/security-blocker.sh"
+      );
+      assert.ok(script, "Script should exist");
+      assert.ok(script.includes("strict"), "Should mention strict level");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support paranoid strictness level", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_create_security_hook", {
+        project_path: testDir,
+        strictness: "paranoid",
+      });
+
+      assertToolSuccess(result);
+
+      const script = await readTestFile(
+        testDir,
+        ".claude/scripts/security-blocker.sh"
+      );
+      assert.ok(script, "Script should exist");
+      assert.ok(script.includes("paranoid"), "Should mention paranoid level");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support dry_run mode", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_create_security_hook", {
+        project_path: testDir,
+        strictness: "standard",
+        dry_run: true,
+        output_format: "json",
+      });
+
+      assertToolSuccess(result);
+
+      const parsed = parseToolResultJson<Record<string, unknown>>(result);
+      assert.strictEqual(parsed.dry_run, true);
+
+      // Script should NOT be created
+      assert.ok(
+        !(await testFileExists(testDir, ".claude/scripts/security-blocker.sh")),
+        "Script should not be created in dry-run"
+      );
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should make blocker script executable", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      await invokeTool("rebar_create_security_hook", {
+        project_path: testDir,
+        strictness: "standard",
+      });
+
+      const scriptPath = path.join(testDir, ".claude/scripts/security-blocker.sh");
+      const stats = await fs.stat(scriptPath);
+
+      // Check if executable bit is set (mode & 0o111)
+      assert.ok(
+        (stats.mode & 0o111) !== 0,
+        "Script should be executable"
+      );
+    } finally {
+      await cleanup();
+    }
+  });
+});
+
+describe("rebar_generate_mcp_config", () => {
+  it("should generate project-scoped MCP config", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_generate_mcp_config", {
+        project_path: testDir,
+        services: ["github", "slack"],
+        scope: "project",
+      });
+
+      assertToolSuccess(result);
+
+      assert.ok(
+        await testFileExists(testDir, ".mcp.json"),
+        "MCP config should be created"
+      );
+
+      const config = await readTestJson<Record<string, unknown>>(testDir, ".mcp.json");
+      assert.ok(config, "Config should be valid JSON");
+      assert.ok(config.mcpServers, "Should have mcpServers");
+
+      const servers = config.mcpServers as Record<string, unknown>;
+      assert.ok(servers.github, "Should have github server");
+      assert.ok(servers.slack, "Should have slack server");
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support multiple services", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const services = ["github", "slack", "sentry", "postgres"] as const;
+
+      const result = await invokeTool("rebar_generate_mcp_config", {
+        project_path: testDir,
+        services: [...services],
+        scope: "project",
+      });
+
+      assertToolSuccess(result);
+
+      const config = await readTestJson<Record<string, unknown>>(testDir, ".mcp.json");
+      const servers = config?.mcpServers as Record<string, unknown>;
+
+      for (const service of services) {
+        assert.ok(servers[service], `Should have ${service} server`);
+      }
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should support dry_run mode", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_generate_mcp_config", {
+        project_path: testDir,
+        services: ["github"],
+        scope: "project",
+        dry_run: true,
+        output_format: "json",
+      });
+
+      assertToolSuccess(result);
+
+      const parsed = parseToolResultJson<Record<string, unknown>>(result);
+      assert.strictEqual(parsed.dry_run, true);
+
+      // Config should NOT be created (unless project already had one)
+      // Actually the mock creates a basic one, so check would_create is empty
+      const wouldCreate = parsed.would_create as unknown[];
+      // In dry-run, if file doesn't exist, would_create should have it
+      // Since createMockProject doesn't create .mcp.json by default, it should be in would_create
+    } finally {
+      await cleanup();
+    }
+  });
+
+  it("should return JSON output when requested", async () => {
+    const { path: testDir, cleanup } = await createTestDir();
+
+    try {
+      await createMockProject(testDir);
+
+      const result = await invokeTool("rebar_generate_mcp_config", {
+        project_path: testDir,
+        services: ["github", "slack"],
+        scope: "project",
+        output_format: "json",
+      });
+
+      assertToolSuccess(result);
+
+      const parsed = parseToolResultJson<Record<string, unknown>>(result);
+      assert.strictEqual(parsed.success, true);
+      assert.strictEqual(parsed.operation, "generate_mcp_config");
+
+      const data = parsed.data as Record<string, unknown>;
+      assert.ok(data.config_path, "Should have config_path");
+      assert.ok(Array.isArray(data.services), "Should have services array");
+    } finally {
+      await cleanup();
+    }
+  });
+});