Files
diegosouzapw--omniroute/tests/unit/agent-bridge-cert-route-validation.test.ts
2026-07-13 13:39:12 +08:00

38 lines
1.6 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
// POST /api/tools/agent-bridge/cert previously read request.json() and accessed
// raw.sudoPassword without any schema validation (failing the t06 route
// validation gate). It now validates the body with CertTrustBodySchema via
// safeParse. These tests pin that schema's contract so the route keeps both its
// validation gate compliance and its lenient fallback behavior.
const { CertTrustBodySchema } = await import(
"../../src/app/api/tools/agent-bridge/cert/route.ts"
);
test("accepts a body with a string sudoPassword", () => {
const parsed = CertTrustBodySchema.safeParse({ sudoPassword: "hunter2" });
assert.equal(parsed.success, true);
assert.equal(parsed.success && parsed.data.sudoPassword, "hunter2");
});
test("accepts an empty body (sudoPassword is optional, falls back to cached)", () => {
const parsed = CertTrustBodySchema.safeParse({});
assert.equal(parsed.success, true);
assert.equal(parsed.success && parsed.data.sudoPassword, undefined);
});
test("rejects a non-string sudoPassword instead of trusting raw input", () => {
const parsed = CertTrustBodySchema.safeParse({ sudoPassword: 12345 });
assert.equal(parsed.success, false);
});
test("ignores unrelated extra keys without throwing", () => {
const parsed = CertTrustBodySchema.safeParse({ sudoPassword: "x", extra: true });
assert.equal(parsed.success, true);
assert.equal(parsed.success && parsed.data.sudoPassword, "x");
// Zod strips unknown keys by default
assert.equal(parsed.success && "extra" in parsed.data, false);
});