strray-ai 1.0.17 → 1.0.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of strray-ai might be problematic. Click here for more details.
- package/opencode.json +1 -3
- package/package.json +2 -1
- package/scripts/postinstall.cjs +53 -0
- package/src/__tests__/agents/architect.test.ts +108 -0
- package/src/__tests__/agents/bug-triage-specialist.test.ts +246 -0
- package/src/__tests__/agents/code-reviewer.test.ts +242 -0
- package/src/__tests__/agents/enforcer.test.ts +179 -0
- package/src/__tests__/agents/index.test.ts +135 -0
- package/src/__tests__/agents/orchestrator.test.ts +228 -0
- package/src/__tests__/agents/refactorer.test.ts +248 -0
- package/src/__tests__/agents/security-auditor.test.ts +234 -0
- package/src/__tests__/agents/test-architect.test.ts +256 -0
- package/src/__tests__/agents/types.test.ts +210 -0
- package/src/__tests__/framework-enforcement-integration.test.ts +252 -0
- package/src/__tests__/framework-logger-persistence.test.ts +156 -0
- package/src/__tests__/integration/codex-enforcement-e2e.test.ts +195 -0
- package/src/__tests__/integration/codex-enforcement.test.ts +237 -0
- package/src/__tests__/integration/commit-batching-enforcement-integration.test.ts +343 -0
- package/src/__tests__/integration/context-providers-integration.test.ts +302 -0
- package/src/__tests__/integration/delegation-system.test.ts +263 -0
- package/src/__tests__/integration/e2e-framework-integration.test.ts +1524 -0
- package/src/__tests__/integration/framework-init.test.ts +327 -0
- package/src/__tests__/integration/json-codex-integration.test.ts +332 -0
- package/src/__tests__/integration/oh-my-opencode-integration.test.ts +240 -0
- package/src/__tests__/integration/orchestration-e2e.test.ts +176 -0
- package/src/__tests__/integration/orchestrator/basic-orchestrator.test.ts +53 -0
- package/src/__tests__/integration/orchestrator/concurrent-execution.test.ts +64 -0
- package/src/__tests__/integration/orchestrator/dependency-handling.test.ts +78 -0
- package/src/__tests__/integration/orchestrator-integration.test.ts.disabled +1279 -0
- package/src/__tests__/integration/postprocessor-integration.test.ts +64 -0
- package/src/__tests__/integration/security/security-integration.test.ts +160 -0
- package/src/__tests__/integration/server.test.ts +187 -0
- package/src/__tests__/integration/session-cleanup-validation.test.ts +612 -0
- package/src/__tests__/integration/session-lifecycle.test.ts +450 -0
- package/src/__tests__/integration/session-management.test.ts +168 -0
- package/src/__tests__/integration/session-monitoring-integration.test.ts +644 -0
- package/src/__tests__/integration/session-state-sharing.test.ts +601 -0
- package/src/__tests__/performance/enterprise-performance-tests.ts +1030 -0
- package/src/__tests__/performance/performance-system.test.ts +408 -0
- package/src/__tests__/plugins/marketplace-service.test.ts +1542 -0
- package/src/__tests__/plugins/marketplace-service.test.ts.disabled +1516 -0
- package/src/__tests__/postprocessor/escalation/EscalationEngine.test.ts +205 -0
- package/src/__tests__/postprocessor/success/SuccessHandler.test.ts +258 -0
- package/src/__tests__/setup.ts +220 -0
- package/src/__tests__/test-integration.ts +2 -0
- package/src/__tests__/test-processor.ts +1 -0
- package/src/__tests__/unit/agent-delegator.test.ts +949 -0
- package/src/__tests__/unit/analytics.test.ts +192 -0
- package/src/__tests__/unit/ast-code-parser.test.ts +342 -0
- package/src/__tests__/unit/benchmark.test.ts +201 -0
- package/src/__tests__/unit/blocked-test.test.ts +8 -0
- package/src/__tests__/unit/boot-orchestrator.test.ts +182 -0
- package/src/__tests__/unit/codebase-context-analyzer.test.ts +375 -0
- package/src/__tests__/unit/codex-injector.test.ts +282 -0
- package/src/__tests__/unit/codex-parser.test.ts +296 -0
- package/src/__tests__/unit/context-loader.test.ts +723 -0
- package/src/__tests__/unit/dependency-graph-builder.test.ts +531 -0
- package/src/__tests__/unit/monitoring.test.ts +115 -0
- package/src/__tests__/unit/orchestrator.test.ts +212 -0
- package/src/__tests__/unit/processor-activation.test.ts +878 -0
- package/src/__tests__/unit/rule-enforcer.test.ts +363 -0
- package/src/__tests__/unit/security/security-auditor.test.ts +226 -0
- package/src/__tests__/unit/security/security-hardener.test.ts +404 -0
- package/src/__tests__/unit/security/security-headers.test.ts +255 -0
- package/src/__tests__/unit/session-coordination-validator.test.ts +184 -0
- package/src/__tests__/unit/session-health-monitoring.test.ts +161 -0
- package/src/__tests__/unit/session-migration-logic.test.ts +153 -0
- package/src/__tests__/unit/session-migration-validator.test.ts +130 -0
- package/src/__tests__/unit/session-security-validator.test.ts +87 -0
- package/src/__tests__/unit/state-manager-persistence.test.ts +301 -0
- package/src/__tests__/unit/state-manager.test.ts +205 -0
- package/src/__tests__/utils/mock-framework.ts +392 -0
- package/src/__tests__/utils/mock-server.ts +72 -0
- package/src/__tests__/utils/test-data.ts +130 -0
- package/src/__tests__/utils/test-helpers.ts +640 -0
- package/src/__tests__/utils/test-utils.ts +241 -0
|
@@ -0,0 +1,248 @@
|
|
|
1
|
+
import { describe, it, expect } from "vitest";
|
|
2
|
+
import { refactorer } from "../../agents/refactorer.js";
|
|
3
|
+
import type { AgentConfig } from "../../agents/types.js";
|
|
4
|
+
|
|
5
|
+
describe("Refactorer Agent Configuration", () => {
|
|
6
|
+
it("should be a valid AgentConfig object", () => {
|
|
7
|
+
const config: AgentConfig = refactorer;
|
|
8
|
+
expect(config).toBeDefined();
|
|
9
|
+
});
|
|
10
|
+
|
|
11
|
+
describe("Basic Configuration", () => {
|
|
12
|
+
it("should have correct name and model", () => {
|
|
13
|
+
expect(refactorer.name).toBe("refactorer");
|
|
14
|
+
expect(refactorer.model).toBe("opencode/grok-code");
|
|
15
|
+
});
|
|
16
|
+
|
|
17
|
+
it("should be configured as subagent mode", () => {
|
|
18
|
+
expect(refactorer.mode).toBe("subagent");
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
it("should have low temperature for consistent refactoring decisions", () => {
|
|
22
|
+
expect(refactorer.temperature).toBe(0.1);
|
|
23
|
+
});
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
describe("Description and System Prompt", () => {
|
|
27
|
+
it("should have appropriate refactoring description", () => {
|
|
28
|
+
expect(refactorer.description).toContain("StringRay Framework refactorer");
|
|
29
|
+
expect(refactorer.description).toContain("technical debt elimination");
|
|
30
|
+
expect(refactorer.description).toContain("code consolidation");
|
|
31
|
+
});
|
|
32
|
+
|
|
33
|
+
it("should have comprehensive refactorer system prompt", () => {
|
|
34
|
+
const system = refactorer.system;
|
|
35
|
+
expect(system).toContain("StringRay Refactorer");
|
|
36
|
+
expect(system).toContain("technical debt elimination");
|
|
37
|
+
expect(system).toContain("surgical code improvements");
|
|
38
|
+
});
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
describe("Core Responsibilities", () => {
|
|
42
|
+
it("should define 5 core refactoring responsibilities", () => {
|
|
43
|
+
const system = refactorer.system;
|
|
44
|
+
expect(system).toContain("Technical Debt Elimination");
|
|
45
|
+
expect(system).toContain("Code Consolidation");
|
|
46
|
+
expect(system).toContain("Surgical Refactoring");
|
|
47
|
+
expect(system).toContain("Performance Optimization");
|
|
48
|
+
expect(system).toContain("Maintainability Enhancement");
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
it("should specify technical debt elimination focus", () => {
|
|
52
|
+
const system = refactorer.system;
|
|
53
|
+
expect(system).toContain("reduce code complexity");
|
|
54
|
+
expect(system).toContain("maintainability issues");
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
it("should include code consolidation capabilities", () => {
|
|
58
|
+
const system = refactorer.system;
|
|
59
|
+
expect(system).toContain("Merge duplicate code");
|
|
60
|
+
expect(system).toContain("eliminate redundancy");
|
|
61
|
+
expect(system).toContain("preserving functionality");
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
it("should specify surgical refactoring approach", () => {
|
|
65
|
+
const system = refactorer.system;
|
|
66
|
+
expect(system).toContain("precise code improvements");
|
|
67
|
+
expect(system).toContain("without introducing regressions");
|
|
68
|
+
});
|
|
69
|
+
|
|
70
|
+
it("should include performance optimization", () => {
|
|
71
|
+
const system = refactorer.system;
|
|
72
|
+
expect(system).toContain("code efficiency");
|
|
73
|
+
expect(system).toContain("resource utilization");
|
|
74
|
+
});
|
|
75
|
+
|
|
76
|
+
it("should specify maintainability enhancement", () => {
|
|
77
|
+
const system = refactorer.system;
|
|
78
|
+
expect(system).toContain("readability");
|
|
79
|
+
expect(system).toContain("testability");
|
|
80
|
+
expect(system).toContain("long-term maintainability");
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
describe("Key Facilities", () => {
|
|
85
|
+
it("should specify code analysis facilities", () => {
|
|
86
|
+
const system = refactorer.system;
|
|
87
|
+
expect(system).toContain("Code analysis");
|
|
88
|
+
expect(system).toContain("technical debt assessment");
|
|
89
|
+
expect(system).toContain("30-second timeout");
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
it("should include refactoring validation capabilities", () => {
|
|
93
|
+
const system = refactorer.system;
|
|
94
|
+
expect(system).toContain("Refactoring validation");
|
|
95
|
+
expect(system).toContain("impact analysis");
|
|
96
|
+
expect(system).toContain("10-second timeout");
|
|
97
|
+
});
|
|
98
|
+
|
|
99
|
+
it("should specify consolidation metrics", () => {
|
|
100
|
+
const system = refactorer.system;
|
|
101
|
+
expect(system).toContain("Consolidation metrics");
|
|
102
|
+
expect(system).toContain("efficiency tracking");
|
|
103
|
+
});
|
|
104
|
+
|
|
105
|
+
it("should define refactoring processor pipeline", () => {
|
|
106
|
+
const system = refactorer.system;
|
|
107
|
+
expect(system).toContain("Processor pipeline");
|
|
108
|
+
expect(system).toContain("code-analysis");
|
|
109
|
+
expect(system).toContain("technical-debt-assessment");
|
|
110
|
+
expect(system).toContain("refactoring-validation");
|
|
111
|
+
expect(system).toContain("consolidation-impact");
|
|
112
|
+
});
|
|
113
|
+
|
|
114
|
+
it("should specify AST manipulation tools", () => {
|
|
115
|
+
const system = refactorer.system;
|
|
116
|
+
expect(system).toContain("AST manipulation tools");
|
|
117
|
+
expect(system).toContain("surgical code transformations");
|
|
118
|
+
});
|
|
119
|
+
});
|
|
120
|
+
|
|
121
|
+
describe("Refactoring Process", () => {
|
|
122
|
+
it("should define 5-phase refactoring process", () => {
|
|
123
|
+
const system = refactorer.system;
|
|
124
|
+
expect(system).toContain("Refactoring Process");
|
|
125
|
+
expect(system).toContain("Debt Assessment");
|
|
126
|
+
expect(system).toContain("Impact Analysis");
|
|
127
|
+
expect(system).toContain("Surgical Implementation");
|
|
128
|
+
expect(system).toContain("Validation & Testing");
|
|
129
|
+
expect(system).toContain("Consolidation");
|
|
130
|
+
});
|
|
131
|
+
|
|
132
|
+
it("should specify debt assessment phase", () => {
|
|
133
|
+
const system = refactorer.system;
|
|
134
|
+
expect(system).toContain("technical debt indicators");
|
|
135
|
+
expect(system).toContain("complexity metrics");
|
|
136
|
+
});
|
|
137
|
+
|
|
138
|
+
it("should include impact analysis", () => {
|
|
139
|
+
const system = refactorer.system;
|
|
140
|
+
expect(system).toContain("refactoring effects");
|
|
141
|
+
expect(system).toContain("system performance");
|
|
142
|
+
expect(system).toContain("functionality");
|
|
143
|
+
});
|
|
144
|
+
|
|
145
|
+
it("should specify surgical implementation", () => {
|
|
146
|
+
const system = refactorer.system;
|
|
147
|
+
expect(system).toContain("targeted improvements");
|
|
148
|
+
expect(system).toContain("minimal changes");
|
|
149
|
+
});
|
|
150
|
+
|
|
151
|
+
it("should include validation and testing", () => {
|
|
152
|
+
const system = refactorer.system;
|
|
153
|
+
expect(system).toContain("maintains existing behavior");
|
|
154
|
+
});
|
|
155
|
+
|
|
156
|
+
it("should specify consolidation phase", () => {
|
|
157
|
+
const system = refactorer.system;
|
|
158
|
+
expect(system).toContain("merge duplicate code");
|
|
159
|
+
expect(system).toContain("patterns");
|
|
160
|
+
});
|
|
161
|
+
});
|
|
162
|
+
|
|
163
|
+
describe("Refactoring Guidelines", () => {
|
|
164
|
+
it("should specify functionality preservation", () => {
|
|
165
|
+
const system = refactorer.system;
|
|
166
|
+
expect(system).toContain("preserve existing functionality");
|
|
167
|
+
expect(system).toContain("99.7% retention rate");
|
|
168
|
+
});
|
|
169
|
+
|
|
170
|
+
it("should emphasize gradual changes", () => {
|
|
171
|
+
const system = refactorer.system;
|
|
172
|
+
expect(system).toContain("gradual changes");
|
|
173
|
+
expect(system).toContain("minimize risk");
|
|
174
|
+
});
|
|
175
|
+
|
|
176
|
+
it("should focus on meaningful improvements", () => {
|
|
177
|
+
const system = refactorer.system;
|
|
178
|
+
expect(system).toContain("meaningful architectural improvements");
|
|
179
|
+
});
|
|
180
|
+
|
|
181
|
+
it("should require comprehensive validation", () => {
|
|
182
|
+
const system = refactorer.system;
|
|
183
|
+
expect(system).toContain("comprehensive testing");
|
|
184
|
+
});
|
|
185
|
+
|
|
186
|
+
it("should specify documentation requirements", () => {
|
|
187
|
+
const system = refactorer.system;
|
|
188
|
+
expect(system).toContain("Document refactoring rationale");
|
|
189
|
+
expect(system).toContain("benefits");
|
|
190
|
+
});
|
|
191
|
+
});
|
|
192
|
+
|
|
193
|
+
describe("Integration Points", () => {
|
|
194
|
+
it("should define comprehensive refactoring integration points", () => {
|
|
195
|
+
const system = refactorer.system;
|
|
196
|
+
expect(system).toContain("Integration Points");
|
|
197
|
+
expect(system).toContain("Code analysis and AST manipulation");
|
|
198
|
+
expect(system).toContain("Performance profiling");
|
|
199
|
+
expect(system).toContain("Automated testing");
|
|
200
|
+
expect(system).toContain("Code quality metrics");
|
|
201
|
+
expect(system).toContain("Version control");
|
|
202
|
+
});
|
|
203
|
+
});
|
|
204
|
+
|
|
205
|
+
describe("Tools Configuration", () => {
|
|
206
|
+
it("should have comprehensive refactoring tools", () => {
|
|
207
|
+
expect(refactorer.tools?.include).toContain("read");
|
|
208
|
+
expect(refactorer.tools?.include).toContain("grep");
|
|
209
|
+
expect(refactorer.tools?.include).toContain("lsp_*");
|
|
210
|
+
expect(refactorer.tools?.include).toContain("run_terminal_cmd");
|
|
211
|
+
expect(refactorer.tools?.include).toContain("ast_grep_search");
|
|
212
|
+
expect(refactorer.tools?.include).toContain("ast_grep_replace");
|
|
213
|
+
expect(refactorer.tools?.include).toContain("lsp_rename");
|
|
214
|
+
expect(refactorer.tools?.include).toContain("lsp_prepare_rename");
|
|
215
|
+
});
|
|
216
|
+
|
|
217
|
+
it("should have 8 refactoring-specific tools", () => {
|
|
218
|
+
expect(refactorer.tools?.include).toHaveLength(8);
|
|
219
|
+
});
|
|
220
|
+
});
|
|
221
|
+
|
|
222
|
+
describe("Permissions Configuration", () => {
|
|
223
|
+
it("should allow edit operations", () => {
|
|
224
|
+
expect(refactorer.permission?.edit).toBe("allow");
|
|
225
|
+
});
|
|
226
|
+
|
|
227
|
+
it("should have refactoring tool permissions", () => {
|
|
228
|
+
const bashPerms = refactorer.permission?.bash;
|
|
229
|
+
expect(bashPerms).toBeDefined();
|
|
230
|
+
expect(typeof bashPerms).toBe("object");
|
|
231
|
+
|
|
232
|
+
expect((bashPerms as any)?.git).toBe("allow");
|
|
233
|
+
expect((bashPerms as any)?.npm).toBe("allow");
|
|
234
|
+
expect((bashPerms as any)?.bun).toBe("allow");
|
|
235
|
+
expect((bashPerms as any)?.test).toBe("allow");
|
|
236
|
+
});
|
|
237
|
+
});
|
|
238
|
+
|
|
239
|
+
describe("Refactoring Goal", () => {
|
|
240
|
+
it("should define clear refactoring maintenance goal", () => {
|
|
241
|
+
const system = refactorer.system;
|
|
242
|
+
expect(system).toContain("continuously improve code quality");
|
|
243
|
+
expect(system).toContain("maintainability");
|
|
244
|
+
expect(system).toContain("eliminating technical debt");
|
|
245
|
+
expect(system).toContain("systematic, validated refactoring");
|
|
246
|
+
});
|
|
247
|
+
});
|
|
248
|
+
});
|
|
@@ -0,0 +1,234 @@
|
|
|
1
|
+
import { describe, it, expect } from "vitest";
|
|
2
|
+
import { securityAuditor } from "../../agents/security-auditor.js";
|
|
3
|
+
import type { AgentConfig } from "../../agents/types.js";
|
|
4
|
+
|
|
5
|
+
describe("Security Auditor Agent Configuration", () => {
|
|
6
|
+
it("should be a valid AgentConfig object", () => {
|
|
7
|
+
const config: AgentConfig = securityAuditor;
|
|
8
|
+
expect(config).toBeDefined();
|
|
9
|
+
});
|
|
10
|
+
|
|
11
|
+
describe("Basic Configuration", () => {
|
|
12
|
+
it("should have correct name and model", () => {
|
|
13
|
+
expect(securityAuditor.name).toBe("security-auditor");
|
|
14
|
+
expect(securityAuditor.model).toBe("opencode/grok-code");
|
|
15
|
+
});
|
|
16
|
+
|
|
17
|
+
it("should be configured as subagent mode", () => {
|
|
18
|
+
expect(securityAuditor.mode).toBe("subagent");
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
it("should have low temperature for consistent security decisions", () => {
|
|
22
|
+
expect(securityAuditor.temperature).toBe(0.1);
|
|
23
|
+
});
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
describe("Description and System Prompt", () => {
|
|
27
|
+
it("should have appropriate security-focused description", () => {
|
|
28
|
+
expect(securityAuditor.description).toContain(
|
|
29
|
+
"StringRay Framework security auditor",
|
|
30
|
+
);
|
|
31
|
+
expect(securityAuditor.description).toContain("compliance monitoring");
|
|
32
|
+
expect(securityAuditor.description).toContain("vulnerability detection");
|
|
33
|
+
});
|
|
34
|
+
|
|
35
|
+
it("should have comprehensive security auditor system prompt", () => {
|
|
36
|
+
const system = securityAuditor.system;
|
|
37
|
+
expect(system).toContain("StringRay Security Auditor");
|
|
38
|
+
expect(system).toContain("comprehensive security validation");
|
|
39
|
+
expect(system).toContain("compliance monitoring");
|
|
40
|
+
});
|
|
41
|
+
});
|
|
42
|
+
|
|
43
|
+
describe("Core Responsibilities", () => {
|
|
44
|
+
it("should define 5 core security responsibilities", () => {
|
|
45
|
+
const system = securityAuditor.system;
|
|
46
|
+
expect(system).toContain("Vulnerability Detection");
|
|
47
|
+
expect(system).toContain("Compliance Monitoring");
|
|
48
|
+
expect(system).toContain("Threat Analysis");
|
|
49
|
+
expect(system).toContain("Security Validation");
|
|
50
|
+
expect(system).toContain("Audit Trail Management");
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
it("should specify vulnerability detection capabilities", () => {
|
|
54
|
+
const system = securityAuditor.system;
|
|
55
|
+
expect(system).toContain("Identify security vulnerabilities");
|
|
56
|
+
expect(system).toContain("potential attack vectors");
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
it("should include compliance monitoring focus", () => {
|
|
60
|
+
const system = securityAuditor.system;
|
|
61
|
+
expect(system).toContain("adherence to security standards");
|
|
62
|
+
expect(system).toContain("best practices");
|
|
63
|
+
});
|
|
64
|
+
|
|
65
|
+
it("should specify threat analysis responsibilities", () => {
|
|
66
|
+
const system = securityAuditor.system;
|
|
67
|
+
expect(system).toContain("systematic threat modeling");
|
|
68
|
+
expect(system).toContain("risk assessment");
|
|
69
|
+
});
|
|
70
|
+
|
|
71
|
+
it("should include audit trail management", () => {
|
|
72
|
+
const system = securityAuditor.system;
|
|
73
|
+
expect(system).toContain("comprehensive security audit logs");
|
|
74
|
+
expect(system).toContain("reporting");
|
|
75
|
+
});
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
describe("Key Facilities", () => {
|
|
79
|
+
it("should specify security-specific facilities", () => {
|
|
80
|
+
const system = securityAuditor.system;
|
|
81
|
+
expect(system).toContain("Key Facilities Available");
|
|
82
|
+
expect(system).toContain("Comprehensive logging");
|
|
83
|
+
expect(system).toContain("audit trails");
|
|
84
|
+
expect(system).toContain("sensitive data filtering");
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
it("should define security processor pipeline", () => {
|
|
88
|
+
const system = securityAuditor.system;
|
|
89
|
+
expect(system).toContain("Processor pipeline");
|
|
90
|
+
expect(system).toContain("securityPreValidate");
|
|
91
|
+
expect(system).toContain("vulnerabilityScan");
|
|
92
|
+
expect(system).toContain("threatAnalysis");
|
|
93
|
+
expect(system).toContain("securityCompliance");
|
|
94
|
+
});
|
|
95
|
+
|
|
96
|
+
it("should specify integration hooks", () => {
|
|
97
|
+
const system = securityAuditor.system;
|
|
98
|
+
expect(system).toContain("Integration hooks");
|
|
99
|
+
expect(system).toContain("pre/post security validation");
|
|
100
|
+
expect(system).toContain("threat monitoring");
|
|
101
|
+
expect(system).toContain("compliance tracking");
|
|
102
|
+
});
|
|
103
|
+
|
|
104
|
+
it("should mention security sandboxing", () => {
|
|
105
|
+
const system = securityAuditor.system;
|
|
106
|
+
expect(system).toContain("Security sandboxed execution");
|
|
107
|
+
expect(system).toContain("elevated permissions for security tools");
|
|
108
|
+
});
|
|
109
|
+
|
|
110
|
+
it("should include webhook endpoints", () => {
|
|
111
|
+
const system = securityAuditor.system;
|
|
112
|
+
expect(system).toContain("Webhook endpoints");
|
|
113
|
+
expect(system).toContain("security alerts");
|
|
114
|
+
expect(system).toContain("compliance notifications");
|
|
115
|
+
});
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
describe("Security Audit Process", () => {
|
|
119
|
+
it("should define 5-phase security audit process", () => {
|
|
120
|
+
const system = securityAuditor.system;
|
|
121
|
+
expect(system).toContain("Security Audit Process");
|
|
122
|
+
expect(system).toContain("Input Validation");
|
|
123
|
+
expect(system).toContain("Authentication & Authorization");
|
|
124
|
+
expect(system).toContain("Data Protection");
|
|
125
|
+
expect(system).toContain("Vulnerability Scanning");
|
|
126
|
+
expect(system).toContain("Compliance Verification");
|
|
127
|
+
});
|
|
128
|
+
|
|
129
|
+
it("should specify input validation requirements", () => {
|
|
130
|
+
const system = securityAuditor.system;
|
|
131
|
+
expect(system).toContain("all inputs are properly validated");
|
|
132
|
+
expect(system).toContain("sanitized");
|
|
133
|
+
});
|
|
134
|
+
|
|
135
|
+
it("should include authentication and authorization review", () => {
|
|
136
|
+
const system = securityAuditor.system;
|
|
137
|
+
expect(system).toContain("access controls");
|
|
138
|
+
expect(system).toContain("permission systems");
|
|
139
|
+
});
|
|
140
|
+
|
|
141
|
+
it("should specify data protection assessment", () => {
|
|
142
|
+
const system = securityAuditor.system;
|
|
143
|
+
expect(system).toContain("encryption");
|
|
144
|
+
expect(system).toContain("data handling");
|
|
145
|
+
expect(system).toContain("privacy compliance");
|
|
146
|
+
});
|
|
147
|
+
});
|
|
148
|
+
|
|
149
|
+
describe("Security Audit Guidelines", () => {
|
|
150
|
+
it("should specify security-by-design principles", () => {
|
|
151
|
+
const system = securityAuditor.system;
|
|
152
|
+
expect(system).toContain("security-by-design principles");
|
|
153
|
+
});
|
|
154
|
+
|
|
155
|
+
it("should reference zero-trust architecture", () => {
|
|
156
|
+
const system = securityAuditor.system;
|
|
157
|
+
expect(system).toContain("zero-trust architecture");
|
|
158
|
+
});
|
|
159
|
+
|
|
160
|
+
it("should reference OWASP Top 10", () => {
|
|
161
|
+
const system = securityAuditor.system;
|
|
162
|
+
expect(system).toContain("OWASP Top 10");
|
|
163
|
+
});
|
|
164
|
+
|
|
165
|
+
it("should specify actionable remediation", () => {
|
|
166
|
+
const system = securityAuditor.system;
|
|
167
|
+
expect(system).toContain("actionable remediation recommendations");
|
|
168
|
+
});
|
|
169
|
+
|
|
170
|
+
it("should emphasize audit trail maintenance", () => {
|
|
171
|
+
const system = securityAuditor.system;
|
|
172
|
+
expect(system).toContain("detailed audit trails");
|
|
173
|
+
expect(system).toContain("compliance");
|
|
174
|
+
});
|
|
175
|
+
});
|
|
176
|
+
|
|
177
|
+
describe("Integration Points", () => {
|
|
178
|
+
it("should define comprehensive security integration points", () => {
|
|
179
|
+
const system = securityAuditor.system;
|
|
180
|
+
expect(system).toContain("Integration Points");
|
|
181
|
+
expect(system).toContain("Vulnerability scanning tools");
|
|
182
|
+
expect(system).toContain("Compliance monitoring");
|
|
183
|
+
expect(system).toContain("Threat intelligence");
|
|
184
|
+
expect(system).toContain("Security information and event management");
|
|
185
|
+
expect(system).toContain("Automated remediation");
|
|
186
|
+
});
|
|
187
|
+
});
|
|
188
|
+
|
|
189
|
+
describe("Tools Configuration", () => {
|
|
190
|
+
it("should have security-focused tool permissions", () => {
|
|
191
|
+
expect(securityAuditor.tools?.include).toContain("read");
|
|
192
|
+
expect(securityAuditor.tools?.include).toContain("grep");
|
|
193
|
+
expect(securityAuditor.tools?.include).toContain("lsp_*");
|
|
194
|
+
expect(securityAuditor.tools?.include).toContain("run_terminal_cmd");
|
|
195
|
+
expect(securityAuditor.tools?.include).toContain("grep_app_searchGitHub");
|
|
196
|
+
expect(securityAuditor.tools?.include).toContain("webfetch");
|
|
197
|
+
});
|
|
198
|
+
|
|
199
|
+
it("should have 6 security-specific tools", () => {
|
|
200
|
+
expect(securityAuditor.tools?.include).toHaveLength(6);
|
|
201
|
+
});
|
|
202
|
+
});
|
|
203
|
+
|
|
204
|
+
describe("Permissions Configuration", () => {
|
|
205
|
+
it("should allow edit operations", () => {
|
|
206
|
+
expect(securityAuditor.permission?.edit).toBe("allow");
|
|
207
|
+
});
|
|
208
|
+
|
|
209
|
+
it("should have comprehensive bash permissions for security tools", () => {
|
|
210
|
+
const bashPerms = securityAuditor.permission?.bash;
|
|
211
|
+
expect(bashPerms).toBeDefined();
|
|
212
|
+
expect(typeof bashPerms).toBe("object");
|
|
213
|
+
|
|
214
|
+
expect((bashPerms as any)?.git).toBe("allow");
|
|
215
|
+
expect((bashPerms as any)?.npm).toBe("allow");
|
|
216
|
+
expect((bashPerms as any)?.bun).toBe("allow");
|
|
217
|
+
expect((bashPerms as any)?.security).toBe("allow");
|
|
218
|
+
expect((bashPerms as any)?.audit).toBe("allow");
|
|
219
|
+
});
|
|
220
|
+
|
|
221
|
+
it("should not have webfetch permissions defined", () => {
|
|
222
|
+
expect(securityAuditor.permission?.webfetch).toBeUndefined();
|
|
223
|
+
});
|
|
224
|
+
});
|
|
225
|
+
|
|
226
|
+
describe("Security Goal", () => {
|
|
227
|
+
it("should define clear security maintenance goal", () => {
|
|
228
|
+
const system = securityAuditor.system;
|
|
229
|
+
expect(system).toContain("maintain the highest levels of security");
|
|
230
|
+
expect(system).toContain("compliance");
|
|
231
|
+
expect(system).toContain("secure system operations");
|
|
232
|
+
});
|
|
233
|
+
});
|
|
234
|
+
});
|