unbound-cli 1.3.2 → 1.5.0

package/test/policy-ai-assist-mcp.test.js

@@ -0,0 +1,606 @@
+const { test, beforeEach, after } = require('node:test');
+const assert = require('node:assert/strict');
+const { Command } = require('commander');
+
+// Integration tests: invoke `unbound policy tool create-mcp --prompt ...`
+// against a fresh Command instance with src/api.js and src/config.js stubbed.
+// We never hit the network and never read/write user config.
+
+function loadFreshModules() {
+  for (const m of [
+    '../src/commands/policy',
+    '../src/lib/policy-ai-assist',
+    '../src/api',
+    '../src/config',
+    '../src/output',
+  ]) {
+    delete require.cache[require.resolve(m)];
+  }
+  const api = require('../src/api');
+  const config = require('../src/config');
+  const output = require('../src/output');
+  return { api, config, output };
+}
+
+class FakeApiError extends Error {
+  constructor(statusCode, body) {
+    super(body && body.error ? body.error : `HTTP ${statusCode}`);
+    this.name = 'ApiError';
+    this.statusCode = statusCode;
+    this.body = body;
+  }
+}
+
+function buildHarness({
+  privilegesResponse = { is_admin: true, is_manager: false, is_member: false },
+  privilegesError = null,
+  assistMcpResponse = null,
+  assistMcpError = null,
+  createResponse = { id: 1, name: 'ok' },
+  createError = null,
+} = {}) {
+  const { api, config, output } = loadFreshModules();
+
+  config.isLoggedIn = () => true;
+  config.getApiKey = () => 'fake-key';
+  config.getBaseUrl = () => 'https://b.acme';
+
+  const calls = { posts: [], gets: [] };
+  api.get = async (path, opts) => {
+    calls.gets.push({ path, opts });
+    if (path === '/api/v1/users/privileges/') {
+      if (privilegesError) throw privilegesError;
+      return privilegesResponse;
+    }
+    throw new Error(`unexpected GET ${path}`);
+  };
+  api.post = async (path, opts) => {
+    calls.posts.push({ path, body: opts && opts.body });
+    if (path === '/api/v1/command-policies/assist-mcp/') {
+      if (assistMcpError) throw assistMcpError;
+      return assistMcpResponse;
+    }
+    if (path === '/api/v1/command-policies/') {
+      if (createError) throw createError;
+      return createResponse;
+    }
+    throw new Error(`unexpected POST ${path}`);
+  };
+
+  const captured = { success: [], error: [], warn: [], info: [], stdout: [] };
+  output.success = (m) => captured.success.push(m);
+  output.error = (m) => captured.error.push(m);
+  output.warn = (m) => captured.warn.push(m);
+  output.info = (m) => captured.info.push(m);
+  const origLog = console.log;
+  console.log = (m) => captured.stdout.push(String(m || ''));
+  const restoreLog = () => { console.log = origLog; };
+
+  return { api, config, output, calls, captured, restoreLog };
+}
+
+async function runCreateMcp(argv) {
+  const { register } = require('../src/commands/policy');
+  const program = new Command();
+  program.exitOverride();
+  register(program);
+  const full = ['node', 'unbound', 'policy', 'tool', 'create-mcp', ...argv];
+  await program.parseAsync(full);
+}
+
+function successAssistResponse(overrides = {}) {
+  return {
+    success: true,
+    canonical_group_id: 12,
+    mcp_tools: ['create_issue', 'update_issue'],
+    name: 'Audit Linear writes',
+    description: 'Audit write operations on Linear.',
+    action: 'AUDIT',
+    ...overrides,
+  };
+}
+
+beforeEach(() => {
+  process.exitCode = 0;
+});
+
+after(() => {
+  process.exitCode = 0;
+});
+
+// --- (a) Mutex cases: --prompt + each conflicting flag -----------------------
+
+const MUTEX_FLAGS = [
+  ['--mcp-server', 'linear'],
+  ['--mcp-tool', 'create_issue'],
+  ['--mcp-action-type', 'write'],
+  ['--config', '{"foo":"bar"}'],
+];
+
+for (const [flag, value] of MUTEX_FLAGS) {
+  test(`mutex: --prompt + ${flag} exits 1 with verbatim wording`, async () => {
+    const h = buildHarness();
+    try {
+      await runCreateMcp(['--prompt', 'audit linear writes', flag, value]);
+      assert.equal(process.exitCode, 1);
+      assert.ok(
+        h.captured.error.some((m) => m === 'Pass --prompt for AI-assist or the field flags for explicit creation, not both.'),
+        `expected mutex error, got: ${JSON.stringify(h.captured.error)}`
+      );
+      assert.equal(h.calls.posts.length, 0, 'no network call should have fired');
+    } finally {
+      h.restoreLog();
+    }
+  });
+}
+
+test('empty --prompt: exits 2, never reaches network', async () => {
+  const h = buildHarness();
+  try {
+    await runCreateMcp(['--prompt', '']);
+    assert.equal(process.exitCode, 2);
+    assert.ok(
+      h.captured.error.some((m) => m.includes('--prompt cannot be empty.')),
+      `expected empty-prompt error, got: ${JSON.stringify(h.captured.error)}`
+    );
+    assert.equal(h.calls.posts.length, 0, 'no network call should have fired');
+    assert.equal(h.calls.gets.length, 0, 'no privileges probe should have fired');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (b) Happy path -----------------------------------------------------------
+
+test('happy path: builds MCP policy body and POSTs to /command-policies/', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit all linear writes', '--yes']);
+    const createCall = h.calls.posts.find((c) => c.path === '/api/v1/command-policies/');
+    assert.ok(createCall, 'create POST should have fired');
+    assert.equal(createCall.body.policy_type, 'MCP_TOOL');
+    assert.equal(createCall.body.mcp_canonical_group_id, 12);
+    assert.deepEqual(createCall.body.mcp_tools, ['create_issue', 'update_issue']);
+    assert.equal(createCall.body.name, 'Audit Linear writes');
+    assert.equal(createCall.body.description, 'Audit write operations on Linear.');
+    assert.equal(createCall.body.action, 'AUDIT');
+    assert.equal(createCall.body.enabled, true);
+    assert.equal(createCall.body.custom_message, undefined);
+    assert.equal(createCall.body.scope_user_group_ids, undefined);
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('happy path: create body includes config:{} so backend MCP_TOOL serializer never 422s', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit all linear writes', '--yes']);
+    const createCall = h.calls.posts.find((c) => c.path === '/api/v1/command-policies/');
+    assert.ok(createCall, 'create POST should have fired');
+    assert.deepEqual(createCall.body.config, {}, 'MCP_TOOL body must carry config:{} (matches flag-path behavior)');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (c) Merge precedence -----------------------------------------------------
+
+test('merge: flag wins over AI value; AI fills the rest', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse({
+      mcp_tools: ['t1'],
+      name: 'AI Name',
+      description: 'AI desc',
+      action: 'BLOCK',
+      custom_message: 'AI msg',
+    }),
+    createResponse: { id: 42, name: 'Custom' },
+  });
+  h.api.get = async (path) => {
+    if (path === '/api/v1/users/privileges/') return { is_admin: true };
+    if (path === '/api/v1/policies/form_data/') {
+      return { data: { user_groups: [{ id: 7, name: 'GroupX' }] } };
+    }
+    throw new Error(`unexpected GET ${path}`);
+  };
+  try {
+    await runCreateMcp([
+      '--prompt', 'audit linear writes',
+      '--name', 'Custom',
+      '--custom-message', 'Override',
+      '--action', 'AUDIT',
+      '--group', 'GroupX',
+      '--disabled',
+      '--yes',
+    ]);
+    const createCall = h.calls.posts.find((c) => c.path === '/api/v1/command-policies/');
+    assert.ok(createCall, 'create POST should have fired');
+    const body = createCall.body;
+    assert.equal(body.name, 'Custom', '--name flag wins');
+    assert.equal(body.action, 'AUDIT', '--action flag wins');
+    assert.equal(body.custom_message, 'Override', '--custom-message flag wins');
+    assert.equal(body.enabled, false, '--disabled wins');
+    assert.deepEqual(body.scope_user_group_ids, [7], 'GroupX resolved to id 7');
+    assert.equal(body.mcp_canonical_group_id, 12, 'AI canonical_group_id preserved');
+    assert.deepEqual(body.mcp_tools, ['t1'], 'AI mcp_tools preserved');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('override: whitespace-only --name falls back to AI name silently', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse({ name: 'AI Name' }),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--name', '   ', '--yes']);
+    const createCall = h.calls.posts.find((c) => c.path === '/api/v1/command-policies/');
+    assert.ok(createCall, 'create POST should have fired');
+    assert.equal(createCall.body.name, 'AI Name', 'whitespace-only --name must be ignored, AI value preserved');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (d) Soft-fail: empty mcp_tools or missing canonical_group_id -----------
+
+test('soft fail: mcp_tools:[] → exit 2 with helpful message; no create POST', async () => {
+  const h = buildHarness({
+    assistMcpResponse: {
+      success: true,
+      canonical_group_id: 12,
+      mcp_tools: [],
+      name: 'X',
+      action: 'AUDIT',
+    },
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 2);
+    const msg = h.captured.error.join('\n');
+    assert.ok(msg.includes('could not match any tools'), `expected soft-fail message, got: ${msg}`);
+    assert.ok(msg.includes('unbound policy tool create-mcp --name'), `expected manual escape hatch hint, got: ${msg}`);
+    assert.equal(
+      h.calls.posts.filter((c) => c.path === '/api/v1/command-policies/').length,
+      0,
+      'no create POST when soft-fail fires',
+    );
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('soft fail: AI returns mcp_tools: null → exit 2 with helpful fallback message', async () => {
+  const h = buildHarness({
+    assistMcpResponse: {
+      success: true,
+      canonical_group_id: 1,
+      mcp_tools: null,
+      name: 'X',
+      action: 'AUDIT',
+      custom_message: '',
+    },
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit Linear', '--yes']);
+    assert.equal(process.exitCode, 2);
+    const errs = h.captured.error.join(' ');
+    assert.ok(errs.includes('could not match any tools'));
+    assert.ok(!h.calls.posts.some((c) => c.path === '/api/v1/command-policies/'), 'no create POST when soft-fail fires');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('soft fail: missing canonical_group_id → exit 2 with helpful message; no create POST', async () => {
+  const h = buildHarness({
+    assistMcpResponse: {
+      success: true,
+      mcp_tools: ['create_issue'],
+      name: 'X',
+      action: 'AUDIT',
+    },
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 2);
+    const msg = h.captured.error.join('\n');
+    assert.ok(msg.includes('could not match any tools'), `expected soft-fail message, got: ${msg}`);
+    assert.equal(
+      h.calls.posts.filter((c) => c.path === '/api/v1/command-policies/').length,
+      0,
+      'no create POST when soft-fail fires',
+    );
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (e) BLOCK/WARN guard ----------------------------------------------------
+
+test('AI returns BLOCK without --custom-message → exit 2 with AI-attributed guard message', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse({ action: 'BLOCK' }),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'block linear writes', '--yes']);
+    assert.equal(process.exitCode, 2);
+    const errs = h.captured.error.join(' ');
+    assert.ok(errs.includes('AI assist set --action'), `expected AI-attribution wording, got: ${errs}`);
+    assert.ok(errs.includes('BLOCK'), 'message should name the action');
+    assert.ok(errs.includes('--custom-message'), 'message should name the missing flag');
+    assert.ok(!h.calls.posts.some((c) => c.path === '/api/v1/command-policies/'), 'no create POST when guard fires');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('user-set --action BLOCK without --custom-message → exit 2 with user-attributed guard message', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse({ action: 'AUDIT' }),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--action', 'BLOCK', '--yes']);
+    assert.equal(process.exitCode, 2);
+    const errs = h.captured.error.join(' ');
+    assert.ok(errs.includes('--action BLOCK requires --custom-message'), `expected user-attribution wording, got: ${errs}`);
+    assert.ok(!errs.includes('AI assist set --action'), `should not blame AI: ${errs}`);
+    assert.ok(!h.calls.posts.some((c) => c.path === '/api/v1/command-policies/'), 'no create POST when guard fires');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (f) HTTP routing matrix -------------------------------------------------
+
+test('routing: 200 + success:false length → exit 2 + suggestion', async () => {
+  const h = buildHarness({
+    assistMcpResponse: { success: false, error: 'Input is too long (max 2000 characters).' },
+  });
+  try {
+    await runCreateMcp(['--prompt', 'x', '--yes']);
+    assert.equal(process.exitCode, 2);
+    const msg = h.captured.error.join('\n');
+    assert.ok(msg.includes('Input is too long (max 2000 characters).'), `got: ${msg}`);
+    assert.ok(msg.includes('Try shortening to under 1800 characters.'), `got: ${msg}`);
+    assert.equal(h.calls.posts.filter((c) => c.path === '/api/v1/command-policies/').length, 0);
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('routing: 200 + success:false generic → exit 2, verbatim error', async () => {
+  const h = buildHarness({
+    assistMcpResponse: { success: false, error: 'Some other backend error.' },
+  });
+  try {
+    await runCreateMcp(['--prompt', 'x', '--yes']);
+    assert.equal(process.exitCode, 2);
+    assert.ok(h.captured.error.some((m) => m.includes('Some other backend error.')));
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('routing: 401 → exit 3 + admin-required wording', async () => {
+  const h = buildHarness({
+    assistMcpError: new FakeApiError(401, { error: 'unauthenticated' }),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 3);
+    assert.ok(
+      h.captured.error.some((m) => m === 'Authentication failed / not authorized. Tool policies require admin. Run `unbound whoami` to check role.'),
+      `got: ${JSON.stringify(h.captured.error)}`
+    );
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('routing: 422 → exit 2 + validation-failed wording', async () => {
+  const h = buildHarness({
+    assistMcpError: new FakeApiError(422, { field: 'bad' }),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 2);
+    assert.ok(
+      h.captured.error.some((m) => m.startsWith('Request validation failed:')),
+      `got: ${JSON.stringify(h.captured.error)}`
+    );
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('routing: 5xx → exit 4 + fall-back-to-flags suggestion', async () => {
+  const h = buildHarness({
+    assistMcpError: new FakeApiError(503, { error: 'unavailable' }),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 4);
+    const msg = h.captured.error.join('\n');
+    assert.ok(msg.includes('Server error.'), msg);
+    assert.ok(msg.includes('fall back to flag-based creation'), msg);
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('routing: network/timeout error → exit 4 + network wording', async () => {
+  const h = buildHarness({
+    assistMcpError: new Error('connect ECONNREFUSED b.acme'),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 4);
+    const msg = h.captured.error.join('\n');
+    assert.ok(msg.startsWith('Network error reaching'), msg);
+    assert.ok(msg.includes('Falling back to flag-based creation is not blocked.'), msg);
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// Fix 1: create POST failures must route through routeBackendError (admin/role wording, correct exit code)
+test('routing: assist succeeds but create POST 401 → exit 3 + admin-required wording', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+    createError: new FakeApiError(401, { error: 'unauthenticated' }),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 3);
+    assert.ok(
+      h.captured.error.some((m) => m.includes('Authentication failed')),
+      `expected admin-required wording from create POST 401, got: ${JSON.stringify(h.captured.error)}`
+    );
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (g) Preview rendering ---------------------------------------------------
+
+test('--yes prints MCP preview AND skips confirmation AND issues create POST', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit all linear writes', '--yes']);
+    const out = h.captured.stdout.join('\n');
+    assert.ok(/Resolved MCP policy/i.test(out), `preview header not printed to stdout: ${out}`);
+    assert.ok(out.includes('Audit Linear writes'), `name row missing: ${out}`);
+    assert.ok(out.includes('MCP_TOOL'), `type row missing: ${out}`);
+    assert.ok(out.includes('canonical_group_id: 12'), `service row missing: ${out}`);
+    assert.ok(out.includes('create_issue, update_issue'), `tools row missing: ${out}`);
+    assert.ok(out.includes('AUDIT'), `action row missing: ${out}`);
+    assert.ok(
+      h.calls.posts.some((c) => c.path === '/api/v1/command-policies/'),
+      'create POST should fire under --yes'
+    );
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('--json suppresses preview but still POSTs create', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--json']);
+    const combined = h.captured.stdout.join('\n');
+    const infos = h.captured.info.join('\n');
+    assert.ok(!combined.includes('Resolved MCP policy'), 'preview must be suppressed under --json (stdout)');
+    assert.ok(!/resolved mcp policy/i.test(infos), 'preview header must be suppressed under --json (info)');
+    assert.ok(h.calls.posts.some((c) => c.path === '/api/v1/command-policies/'), 'create POST should still fire');
+  } finally {
+    h.restoreLog();
+  }
+});
+
+test('without --yes: preview prints; "n" declines; no create POST fires', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+  });
+  const readline = require('readline');
+  const origCreate = readline.createInterface;
+  readline.createInterface = () => ({
+    question(_q, cb) { cb('n'); },
+    close() {},
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes']);
+    const out = h.captured.stdout.join('\n');
+    assert.ok(/Resolved MCP policy/i.test(out), `preview header missing on stdout: ${out}`);
+    assert.equal(
+      h.calls.posts.filter((c) => c.path === '/api/v1/command-policies/').length,
+      0,
+      'no create POST should fire when user declines'
+    );
+  } finally {
+    readline.createInterface = origCreate;
+    h.restoreLog();
+  }
+});
+
+// --- (h) Out-of-scope keyword warning ----------------------------------------
+
+test('out-of-scope: --yes + "staging" warns but still calls the assist endpoint', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit staging linear writes', '--yes']);
+    assert.ok(
+      h.captured.warn.some((m) => m.includes('`staging`')),
+      `expected staging warning, got: ${JSON.stringify(h.captured.warn)}`
+    );
+    assert.ok(
+      h.calls.posts.some((c) => c.path === '/api/v1/command-policies/assist-mcp/'),
+      'assist-mcp endpoint should still be called'
+    );
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (i) --group resolved BEFORE assist call ---------------------------------
+
+test('--prompt + --group resolves user-group BEFORE the assist call', async () => {
+  const h = buildHarness({
+    assistMcpResponse: successAssistResponse(),
+  });
+  h.api.get = async (path, opts) => {
+    h.calls.gets.push({ path, opts });
+    if (path === '/api/v1/users/privileges/') return { is_admin: true };
+    if (path === '/api/v1/policies/form_data/') {
+      return { data: { user_groups: [{ id: 7, name: 'GroupX' }] } };
+    }
+    throw new Error(`unexpected GET ${path}`);
+  };
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--group', 'GroupX', '--yes']);
+    const assistIdx = h.calls.posts.findIndex((c) => c.path === '/api/v1/command-policies/assist-mcp/');
+    const formDataIdx = h.calls.gets.findIndex((c) => c.path === '/api/v1/policies/form_data/');
+    assert.notEqual(formDataIdx, -1, 'form_data should be fetched');
+    assert.notEqual(assistIdx, -1, 'assist-mcp endpoint should be called');
+    // The gets array (form_data) is populated before the posts array (assist-mcp)
+    // because the handler awaits loadFormData() before calling runMcpPromptCreate.
+    const createCall = h.calls.posts.find((c) => c.path === '/api/v1/command-policies/');
+    assert.deepEqual(createCall.body.scope_user_group_ids, [7]);
+  } finally {
+    h.restoreLog();
+  }
+});
+
+// --- (j) Admin probe ---------------------------------------------------------
+
+test('admin probe: non-admin → exits 3 before assist-mcp call', async () => {
+  const h = buildHarness({
+    privilegesResponse: { is_admin: false, is_manager: true, is_member: false },
+  });
+  try {
+    await runCreateMcp(['--prompt', 'audit linear writes', '--yes']);
+    assert.equal(process.exitCode, 3);
+    assert.ok(
+      h.captured.error.some((m) => m.includes('admin role')),
+      `got: ${JSON.stringify(h.captured.error)}`
+    );
+    assert.equal(
+      h.calls.posts.filter((c) => c.path === '/api/v1/command-policies/assist-mcp/').length,
+      0,
+      'assist-mcp must not be called for non-admins'
+    );
+  } finally {
+    h.restoreLog();
+  }
+});

package/test/policy-ai-assist-preflight.test.js

@@ -0,0 +1,66 @@
+const { test } = require('node:test');
+const assert = require('node:assert/strict');
+
+const {
+  validatePromptPreflight,
+  OUT_OF_SCOPE_KEYWORDS,
+  MAX_PROMPT_LEN,
+} = require('../src/lib/policy-ai-assist');
+
+// Spec §6.2 step 3 / §6.9: trim then check length; 1800 chars passes, 1801 rejects
+// with backend-equivalent wording.
+
+test('preflight: prompt of 1799 chars passes', () => {
+  const r = validatePromptPreflight({ prompt: 'a'.repeat(1799) });
+  assert.equal(r.warnings.length, 0);
+});
+
+test('preflight: prompt of 1800 chars passes (boundary)', () => {
+  const r = validatePromptPreflight({ prompt: 'a'.repeat(MAX_PROMPT_LEN) });
+  assert.equal(r.warnings.length, 0);
+});
+
+test('preflight: prompt of 1801 chars rejects with verbatim wording', () => {
+  assert.throws(
+    () => validatePromptPreflight({ prompt: 'a'.repeat(1801) }),
+    new RegExp(`^Error: Input is too long \\(max ${MAX_PROMPT_LEN} characters\\)\\.$`)
+  );
+});
+
+// §6.2 step 4: parametrized over the keyword list — every token surfaces a warning.
+for (const token of OUT_OF_SCOPE_KEYWORDS) {
+  test(`preflight: out-of-scope keyword "${token}" produces a warning`, () => {
+    const r = validatePromptPreflight({ prompt: `block X in ${token} mode` });
+    assert.ok(r.warnings.includes(token), `expected warning for ${token}, got ${JSON.stringify(r.warnings)}`);
+  });
+}
+
+// §6.2 step 5: collapse runs of >=2 newlines to a single newline.
+test('preflight: collapses three consecutive newlines to one', () => {
+  const r = validatePromptPreflight({ prompt: 'line1\n\n\nline2' });
+  assert.equal(r.sanitizedPrompt, 'line1\nline2');
+});
+
+test('preflight: collapses two consecutive newlines to one', () => {
+  const r = validatePromptPreflight({ prompt: 'a\n\nb' });
+  assert.equal(r.sanitizedPrompt, 'a\nb');
+});
+
+test('preflight: a single newline is left alone', () => {
+  const r = validatePromptPreflight({ prompt: 'a\nb' });
+  assert.equal(r.sanitizedPrompt, 'a\nb');
+});
+
+// §6.2: warning is informational only; under --yes the caller logs it and
+// continues. The helper itself never throws for warnings — it just reports.
+test('preflight: warnings do not throw', () => {
+  // Use a keyword that is NOT a substring of "production" (the keyword set
+  // contains "prod" which would also match): pick a non-overlapping one.
+  const r = validatePromptPreflight({ prompt: 'block weekend pushes' });
+  assert.ok(r.warnings.includes('weekend'));
+  // No throw — the function returned and we got here.
+});
+
+test('preflight: missing prompt throws', () => {
+  assert.throws(() => validatePromptPreflight({}), /--prompt is required/);
+});