te.js 2.1.6 → 2.2.1

package/server/errors/llm-cache.test.js

@@ -0,0 +1,160 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { LLMErrorCache, getCache } from './llm-cache.js';
+
+describe('LLMErrorCache', () => {
+  describe('constructor', () => {
+    it('uses provided ttl', () => {
+      const cache = new LLMErrorCache(5000);
+      expect(cache.ttl).toBe(5000);
+    });
+
+    it('defaults to 3600000 for invalid ttl', () => {
+      expect(new LLMErrorCache(0).ttl).toBe(3_600_000);
+      expect(new LLMErrorCache(-1).ttl).toBe(3_600_000);
+    });
+  });
+
+  describe('buildKey()', () => {
+    it('builds key from first snippet file, line, and error message', () => {
+      const cache = new LLMErrorCache(1000);
+      const codeContext = {
+        snippets: [{ file: '/app/routes/users.js', line: 42 }],
+      };
+      const error = new Error('User not found');
+      const key = cache.buildKey(codeContext, error);
+      expect(key).toBe('/app/routes/users.js:42:User not found');
+    });
+
+    it('handles string error', () => {
+      const cache = new LLMErrorCache(1000);
+      const codeContext = { snippets: [{ file: '/app/handler.js', line: 10 }] };
+      const key = cache.buildKey(codeContext, 'Validation failed');
+      expect(key).toBe('/app/handler.js:10:Validation failed');
+    });
+
+    it('handles no error (empty string suffix)', () => {
+      const cache = new LLMErrorCache(1000);
+      const codeContext = { snippets: [{ file: '/app/handler.js', line: 5 }] };
+      const key = cache.buildKey(codeContext, undefined);
+      expect(key).toBe('/app/handler.js:5:');
+    });
+
+    it('uses "unknown" when codeContext has no snippets', () => {
+      const cache = new LLMErrorCache(1000);
+      const key = cache.buildKey({ snippets: [] }, new Error('oops'));
+      expect(key).toBe('unknown:oops');
+    });
+
+    it('uses "unknown" when codeContext is missing', () => {
+      const cache = new LLMErrorCache(1000);
+      const key = cache.buildKey(null, new Error('oops'));
+      expect(key).toBe('unknown:oops');
+    });
+  });
+
+  describe('set() and get()', () => {
+    it('stores and retrieves a result', () => {
+      const cache = new LLMErrorCache(10_000);
+      cache.set('key1', { statusCode: 404, message: 'Not found' });
+      const result = cache.get('key1');
+      expect(result).toEqual({ statusCode: 404, message: 'Not found' });
+    });
+
+    it('returns null for missing keys', () => {
+      const cache = new LLMErrorCache(10_000);
+      expect(cache.get('nonexistent')).toBeNull();
+    });
+
+    it('does not return cachedAt in the result', () => {
+      const cache = new LLMErrorCache(10_000);
+      cache.set('key1', { statusCode: 500, message: 'Error' });
+      const result = cache.get('key1');
+      expect(result).not.toHaveProperty('cachedAt');
+    });
+
+    it('includes devInsight when stored', () => {
+      const cache = new LLMErrorCache(10_000);
+      cache.set('key1', {
+        statusCode: 404,
+        message: 'Not found',
+        devInsight: 'Check the ID param.',
+      });
+      const result = cache.get('key1');
+      expect(result.devInsight).toBe('Check the ID param.');
+    });
+  });
+
+  describe('TTL expiry', () => {
+    it('returns null for expired entries', () => {
+      vi.useFakeTimers();
+
+      const cache = new LLMErrorCache(1000);
+      cache.set('key1', { statusCode: 404, message: 'Not found' });
+      expect(cache.get('key1')).not.toBeNull();
+
+      vi.advanceTimersByTime(1001);
+
+      expect(cache.get('key1')).toBeNull();
+
+      vi.useRealTimers();
+    });
+
+    it('removes expired entry from the store on access', () => {
+      vi.useFakeTimers();
+
+      const cache = new LLMErrorCache(500);
+      cache.set('key1', { statusCode: 500, message: 'Error' });
+      expect(cache.size).toBe(1);
+
+      vi.advanceTimersByTime(600);
+      cache.get('key1');
+
+      expect(cache.size).toBe(0);
+
+      vi.useRealTimers();
+    });
+
+    it('non-expired entries remain accessible', () => {
+      vi.useFakeTimers();
+
+      const cache = new LLMErrorCache(5000);
+      cache.set('key1', { statusCode: 200, message: 'OK' });
+
+      vi.advanceTimersByTime(4999);
+
+      expect(cache.get('key1')).not.toBeNull();
+
+      vi.useRealTimers();
+    });
+  });
+
+  describe('size', () => {
+    it('tracks the number of entries', () => {
+      const cache = new LLMErrorCache(10_000);
+      expect(cache.size).toBe(0);
+      cache.set('a', { statusCode: 200, message: 'OK' });
+      cache.set('b', { statusCode: 404, message: 'Not found' });
+      expect(cache.size).toBe(2);
+    });
+  });
+});
+
+describe('getCache (singleton)', () => {
+  it('returns a LLMErrorCache instance', () => {
+    const cache = getCache(3600000);
+    expect(cache).toBeInstanceOf(LLMErrorCache);
+  });
+
+  it('returns same instance for same ttl', () => {
+    const a = getCache(3600000);
+    const b = getCache(3600000);
+    expect(a).toBe(b);
+  });
+
+  it('creates a new instance when ttl changes', () => {
+    const a = getCache(1000);
+    const b = getCache(2000);
+    expect(a).not.toBe(b);
+    expect(b.ttl).toBe(2000);
+  });
+});

package/server/errors/llm-error-service.js

@@ -51,7 +51,7 @@ function buildPrompt(context) {
 
   let errorPart = '';
   if (error !== undefined && error !== null) {
-    if (error instanceof Error) {
+    if (error != null && typeof error.message === 'string') {
       errorPart = `\nOptional error message (may be empty): ${error.message}`;
     } else {
       errorPart = `\nOptional error/message: ${String(error)}`;

package/server/errors/llm-rate-limiter.test.js

@@ -0,0 +1,105 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { LLMRateLimiter, getRateLimiter } from './llm-rate-limiter.js';
+
+describe('LLMRateLimiter', () => {
+  describe('constructor', () => {
+    it('uses provided maxPerMinute', () => {
+      const limiter = new LLMRateLimiter(5);
+      expect(limiter.maxPerMinute).toBe(5);
+    });
+
+    it('defaults to 10 when maxPerMinute is invalid', () => {
+      expect(new LLMRateLimiter(0).maxPerMinute).toBe(10);
+      expect(new LLMRateLimiter(-1).maxPerMinute).toBe(10);
+    });
+
+    it('floors non-integer values', () => {
+      expect(new LLMRateLimiter(4.9).maxPerMinute).toBe(4);
+    });
+  });
+
+  describe('canCall() and record()', () => {
+    it('allows calls when under the limit', () => {
+      const limiter = new LLMRateLimiter(3);
+      expect(limiter.canCall()).toBe(true);
+    });
+
+    it('blocks calls when at the limit', () => {
+      const limiter = new LLMRateLimiter(2);
+      limiter.record();
+      limiter.record();
+      expect(limiter.canCall()).toBe(false);
+    });
+
+    it('allows calls again after recording up to max', () => {
+      const limiter = new LLMRateLimiter(1);
+      expect(limiter.canCall()).toBe(true);
+      limiter.record();
+      expect(limiter.canCall()).toBe(false);
+    });
+
+    it('remaining() returns correct count', () => {
+      const limiter = new LLMRateLimiter(3);
+      expect(limiter.remaining()).toBe(3);
+      limiter.record();
+      expect(limiter.remaining()).toBe(2);
+      limiter.record();
+      expect(limiter.remaining()).toBe(1);
+      limiter.record();
+      expect(limiter.remaining()).toBe(0);
+    });
+  });
+
+  describe('sliding window pruning', () => {
+    it('expires old timestamps after 60 seconds', () => {
+      vi.useFakeTimers();
+
+      const limiter = new LLMRateLimiter(2);
+      limiter.record();
+      limiter.record();
+      expect(limiter.canCall()).toBe(false);
+
+      vi.advanceTimersByTime(61_000);
+
+      expect(limiter.canCall()).toBe(true);
+
+      vi.useRealTimers();
+    });
+
+    it('only expires timestamps older than 60 seconds', () => {
+      vi.useFakeTimers();
+
+      const limiter = new LLMRateLimiter(2);
+      limiter.record();
+
+      vi.advanceTimersByTime(50_000);
+      limiter.record();
+
+      vi.advanceTimersByTime(15_000);
+      expect(limiter.canCall()).toBe(true);
+      expect(limiter.remaining()).toBe(1);
+
+      vi.useRealTimers();
+    });
+  });
+});
+
+describe('getRateLimiter (singleton)', () => {
+  it('returns a LLMRateLimiter instance', () => {
+    const limiter = getRateLimiter(10);
+    expect(limiter).toBeInstanceOf(LLMRateLimiter);
+  });
+
+  it('returns same instance for same maxPerMinute', () => {
+    const a = getRateLimiter(10);
+    const b = getRateLimiter(10);
+    expect(a).toBe(b);
+  });
+
+  it('creates a new instance when maxPerMinute changes', () => {
+    const a = getRateLimiter(5);
+    const b = getRateLimiter(15);
+    expect(a).not.toBe(b);
+    expect(b.maxPerMinute).toBe(15);
+  });
+});

package/server/files/uploader.js

@@ -1,5 +1,5 @@
 import { filesize } from 'filesize';
-import fs from 'node:fs';
+import fsp from 'node:fs/promises';
 import TejError from './../error.js';
 import { extAndType, extract, paths } from './helper.js';
 
@@ -19,11 +19,11 @@ class TejFileUploader {
   file() {
     const keys = [...arguments];
     return async (ammo, next) => {
-      if (!ammo.headers['content-type'].startsWith('multipart/form-data'))
+      if (!ammo.headers['content-type']?.startsWith('multipart/form-data'))
         return next();
 
       const payload = ammo.payload;
-      const updatedPayload = {};
+      const updatedPayload = Object.create(null);
 
       for (const part in payload) {
         const obj = payload[part];
@@ -43,26 +43,32 @@ class TejFileUploader {
           if (!filename) continue;
 
           const { dir, absolute, relative } = paths(this.destination, filename);
-          const size = filesize(obj.value.length,
-            { output: 'object', round: 0 });
-          const maxSize = filesize(this.maxFileSize,
-            { output: 'object', round: 0 });
+          const size = filesize(obj.value.length, {
+            output: 'object',
+            round: 0,
+          });
+          const maxSize = filesize(this.maxFileSize, {
+            output: 'object',
+            round: 0,
+          });
           if (this.maxFileSize && obj.value.length > this.maxFileSize)
-            throw new TejError(413,
-              `File size exceeds ${maxSize.value} ${maxSize.symbol}`);
+            throw new TejError(
+              413,
+              `File size exceeds ${maxSize.value} ${maxSize.symbol}`,
+            );
 
-          if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-          fs.writeFileSync(absolute, obj.value, 'binary');
+          await fsp.mkdir(dir, { recursive: true });
+          await fsp.writeFile(absolute, obj.value, 'binary');
 
           updatedPayload[key] = {
             filename,
             extension: ext,
             path: {
               absolute: absolute,
-              relative: relative
+              relative: relative,
             },
             mimetype: type,
-            size
+            size,
           };
         }
       }
@@ -75,11 +81,11 @@ class TejFileUploader {
   files() {
     const keys = [...arguments];
     return async (ammo, next) => {
-      if (!ammo.headers['content-type'].startsWith('multipart/form-data'))
+      if (!ammo.headers['content-type']?.startsWith('multipart/form-data'))
         return next();
 
       const payload = ammo.payload;
-      const updatedPayload = {};
+      const updatedPayload = Object.create(null);
       const files = [];
 
       for (const part in payload) {
@@ -99,27 +105,33 @@ class TejFileUploader {
           if (!filename) continue;
 
           const { dir, absolute, relative } = paths(this.destination, filename);
-          const size = filesize(obj.value.length,
-            { output: 'object', round: 0 });
-          const maxSize = filesize(this.maxFileSize,
-            { output: 'object', round: 0 });
+          const size = filesize(obj.value.length, {
+            output: 'object',
+            round: 0,
+          });
+          const maxSize = filesize(this.maxFileSize, {
+            output: 'object',
+            round: 0,
+          });
           if (this.maxFileSize && obj.value.length > this.maxFileSize) {
-            throw new TejError(413,
-              `File size exceeds ${maxSize.value} ${maxSize.symbol}`);
+            throw new TejError(
+              413,
+              `File size exceeds ${maxSize.value} ${maxSize.symbol}`,
+            );
           }
 
-          if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-          fs.writeFileSync(absolute, obj.value, 'binary');
+          await fsp.mkdir(dir, { recursive: true });
+          await fsp.writeFile(absolute, obj.value, 'binary');
 
           files.push({
             key,
             filename,
             path: {
               absolute: absolute,
-              relative: relative
+              relative: relative,
             },
             mimetype: type,
-            size
+            size,
           });
         }
       }
@@ -128,7 +140,7 @@ class TejFileUploader {
         if (!acc[file.key]) acc[file.key] = [];
         acc[file.key].push(file);
         return acc;
-      }, {});
+      }, Object.create(null));
 
       for (const key in groupedFilesByKey) {
         updatedPayload[key] = groupedFilesByKey[key];

package/server/handler.js

@@ -140,7 +140,7 @@ const handler = async (req, res) => {
     return;
   }
 
-  const url = req.url.split('?')[0];
+  const url = (req.url ?? '/').split('?')[0] || '/';
   const match = targetRegistry.aim(url);
   const ammo = new Ammo(req, res);
 

package/server/targets/registry.js

@@ -58,7 +58,7 @@ class TargetRegistry {
     });
 
     if (exactMatch) {
-      return { target: exactMatch, params: {} };
+      return { target: exactMatch, params: Object.create(null) };
     }
 
     // Then, try parameterized route matching
@@ -104,7 +104,7 @@ class TargetRegistry {
       return null;
     }
 
-    const params = {};
+    const params = Object.create(null);
 
     // Match each segment
     for (let i = 0; i < patternSegments.length; i++) {
@@ -150,7 +150,7 @@ class TargetRegistry {
         if (!acc[group]) acc[group] = [];
         acc[group].push(target.getPath());
         return acc;
-      }, {});
+      }, Object.create(null));
     }
     return this.targets.map((target) => target.getPath());
   }

package/server/targets/registry.test.js

@@ -0,0 +1,108 @@
+/**
+ * @fileoverview Tests for TargetRegistry routing logic.
+ */
+import { describe, it, expect, beforeEach } from 'vitest';
+
+// Use a fresh instance per test by clearing the singleton
+let TargetRegistry;
+let registry;
+
+beforeEach(async () => {
+  // Reset module cache to get fresh singleton
+  TargetRegistry = (await import('./registry.js')).default.constructor;
+  // Re-import to use existing singleton, but clear its state
+  const mod = await import('./registry.js');
+  registry = mod.default;
+  registry.targets = [];
+  registry.globalMiddlewares = [];
+});
+
+describe('TargetRegistry.aim', () => {
+  it('should return null for unmatched routes', () => {
+    expect(registry.aim('/api/users')).toBeNull();
+  });
+
+  it('should match exact path', () => {
+    const mockTarget = {
+      getPath: () => '/api/users',
+      getMethods: () => null,
+    };
+    registry.targets.push(mockTarget);
+    const result = registry.aim('/api/users');
+    expect(result).not.toBeNull();
+    expect(result.target).toBe(mockTarget);
+    expect(result.params).toBeDefined();
+  });
+
+  it('should match parameterized route and extract params', () => {
+    const mockTarget = {
+      getPath: () => '/api/users/:id',
+      getMethods: () => null,
+    };
+    registry.targets.push(mockTarget);
+    const result = registry.aim('/api/users/42');
+    expect(result).not.toBeNull();
+    expect(result.params.id).toBe('42');
+  });
+
+  it('should use Object.create(null) for params (no prototype pollution)', () => {
+    const mockTarget = {
+      getPath: () => '/api/:resource',
+      getMethods: () => null,
+    };
+    registry.targets.push(mockTarget);
+    const result = registry.aim('/api/users');
+    // Param key is the route parameter name ('resource'), not the URL value
+    expect(result.params['resource']).toBe('users');
+    // The params object must use null prototype (safe from prototype pollution)
+    expect(Object.getPrototypeOf(result.params)).toBeNull();
+  });
+
+  it('should not match routes with different segment counts', () => {
+    const mockTarget = {
+      getPath: () => '/api/users/:id',
+      getMethods: () => null,
+    };
+    registry.targets.push(mockTarget);
+    expect(registry.aim('/api/users')).toBeNull();
+    expect(registry.aim('/api/users/42/profile')).toBeNull();
+  });
+});
+
+describe('TargetRegistry.getAllEndpoints', () => {
+  it('should return flat path list by default', () => {
+    registry.targets = [
+      {
+        getPath: () => '/api/users',
+        getMetadata: () => null,
+        getHandler: () => null,
+      },
+      {
+        getPath: () => '/api/posts',
+        getMetadata: () => null,
+        getHandler: () => null,
+      },
+    ];
+    expect(registry.getAllEndpoints()).toEqual(['/api/users', '/api/posts']);
+  });
+
+  it('should return grouped object when grouped=true', () => {
+    registry.targets = [
+      {
+        getPath: () => '/api/users',
+        getMetadata: () => null,
+        getHandler: () => null,
+      },
+      {
+        getPath: () => '/api/posts',
+        getMetadata: () => null,
+        getHandler: () => null,
+      },
+    ];
+    const grouped = registry.getAllEndpoints(true);
+    expect(grouped['api']).toContain('/api/users');
+    expect(grouped['api']).toContain('/api/posts');
+    // Result must be null-prototype dict
+    expect(Object.getPrototypeOf(grouped)).toBeNull();
+  });
+});