Files
diegosouzapw--omniroute/tests/unit/appearance-widget-settings-schema.test.ts
2026-07-13 13:39:12 +08:00

85 lines
3.2 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
import { updateSettingsSchema } from "../../src/shared/validation/settingsSchemas.ts";
test("appearance widget visibility settings are accepted by the settings PATCH schema", () => {
const validation = updateSettingsSchema.safeParse({
pinProviderQuotaToHome: true,
showQuickStartOnHome: false,
showProviderTopologyOnHome: true,
});
assert.equal(validation.success, true);
if (!validation.success) return;
assert.equal(validation.data.pinProviderQuotaToHome, true);
assert.equal(validation.data.showQuickStartOnHome, false);
assert.equal(validation.data.showProviderTopologyOnHome, true);
});
test("appearance widget visibility settings default to undefined when not provided", () => {
const validation = updateSettingsSchema.safeParse({});
assert.equal(validation.success, true);
if (!validation.success) return;
assert.equal(validation.data.pinProviderQuotaToHome, undefined);
assert.equal(validation.data.showQuickStartOnHome, undefined);
assert.equal(validation.data.showProviderTopologyOnHome, undefined);
});
test("appearance widget visibility settings reject non-boolean values", () => {
const validation = updateSettingsSchema.safeParse({
pinProviderQuotaToHome: "yes",
showQuickStartOnHome: "no",
});
assert.equal(validation.success, false);
});
test("localOnlyManageScopeBypass settings are accepted by the settings PATCH schema", () => {
// Only NON-spawn-capable prefixes are acceptable. This test previously asserted
// that "/api/cli-tools/runtime/" was accepted — it was written against the buggy
// schema (the BYPASS_PREFIX_NOT_ALLOWED layer-1 refine documented in routeGuard.ts
// was missing) and consecrated the bug. The real contract (Hard Rules #15/#17 +
// authz-bypass AC-8) is covered by the rejection test below.
const validation = updateSettingsSchema.safeParse({
localOnlyManageScopeBypassEnabled: true,
localOnlyManageScopeBypassPrefixes: ["/api/mcp/"],
});
assert.equal(validation.success, true);
if (!validation.success) return;
assert.equal(validation.data.localOnlyManageScopeBypassEnabled, true);
assert.deepEqual(validation.data.localOnlyManageScopeBypassPrefixes, ["/api/mcp/"]);
});
test("localOnlyManageScopeBypassPrefixes rejects spawn-capable prefixes (BYPASS_PREFIX_NOT_ALLOWED)", () => {
const validation = updateSettingsSchema.safeParse({
localOnlyManageScopeBypassEnabled: true,
localOnlyManageScopeBypassPrefixes: ["/api/mcp/", "/api/cli-tools/runtime/"],
});
assert.equal(validation.success, false);
if (validation.success) return;
assert.ok(
validation.error.issues.some((i) => i.message.includes("BYPASS_PREFIX_NOT_ALLOWED")),
"expected a BYPASS_PREFIX_NOT_ALLOWED issue for the spawn-capable prefix"
);
});
test("localOnlyManageScopeBypassEnabled rejects non-boolean values", () => {
const validation = updateSettingsSchema.safeParse({
localOnlyManageScopeBypassEnabled: "yes",
});
assert.equal(validation.success, false);
});
test("localOnlyManageScopeBypassPrefixes rejects non-array values", () => {
const validation = updateSettingsSchema.safeParse({
localOnlyManageScopeBypassPrefixes: "/api/mcp/",
});
assert.equal(validation.success, false);
});