85 lines
3.2 KiB
TypeScript
85 lines
3.2 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
|
|
import { updateSettingsSchema } from "../../src/shared/validation/settingsSchemas.ts";
|
|
|
|
test("appearance widget visibility settings are accepted by the settings PATCH schema", () => {
|
|
const validation = updateSettingsSchema.safeParse({
|
|
pinProviderQuotaToHome: true,
|
|
showQuickStartOnHome: false,
|
|
showProviderTopologyOnHome: true,
|
|
});
|
|
|
|
assert.equal(validation.success, true);
|
|
if (!validation.success) return;
|
|
assert.equal(validation.data.pinProviderQuotaToHome, true);
|
|
assert.equal(validation.data.showQuickStartOnHome, false);
|
|
assert.equal(validation.data.showProviderTopologyOnHome, true);
|
|
});
|
|
|
|
test("appearance widget visibility settings default to undefined when not provided", () => {
|
|
const validation = updateSettingsSchema.safeParse({});
|
|
|
|
assert.equal(validation.success, true);
|
|
if (!validation.success) return;
|
|
assert.equal(validation.data.pinProviderQuotaToHome, undefined);
|
|
assert.equal(validation.data.showQuickStartOnHome, undefined);
|
|
assert.equal(validation.data.showProviderTopologyOnHome, undefined);
|
|
});
|
|
|
|
test("appearance widget visibility settings reject non-boolean values", () => {
|
|
const validation = updateSettingsSchema.safeParse({
|
|
pinProviderQuotaToHome: "yes",
|
|
showQuickStartOnHome: "no",
|
|
});
|
|
|
|
assert.equal(validation.success, false);
|
|
});
|
|
|
|
test("localOnlyManageScopeBypass settings are accepted by the settings PATCH schema", () => {
|
|
// Only NON-spawn-capable prefixes are acceptable. This test previously asserted
|
|
// that "/api/cli-tools/runtime/" was accepted — it was written against the buggy
|
|
// schema (the BYPASS_PREFIX_NOT_ALLOWED layer-1 refine documented in routeGuard.ts
|
|
// was missing) and consecrated the bug. The real contract (Hard Rules #15/#17 +
|
|
// authz-bypass AC-8) is covered by the rejection test below.
|
|
const validation = updateSettingsSchema.safeParse({
|
|
localOnlyManageScopeBypassEnabled: true,
|
|
localOnlyManageScopeBypassPrefixes: ["/api/mcp/"],
|
|
});
|
|
|
|
assert.equal(validation.success, true);
|
|
if (!validation.success) return;
|
|
assert.equal(validation.data.localOnlyManageScopeBypassEnabled, true);
|
|
assert.deepEqual(validation.data.localOnlyManageScopeBypassPrefixes, ["/api/mcp/"]);
|
|
});
|
|
|
|
test("localOnlyManageScopeBypassPrefixes rejects spawn-capable prefixes (BYPASS_PREFIX_NOT_ALLOWED)", () => {
|
|
const validation = updateSettingsSchema.safeParse({
|
|
localOnlyManageScopeBypassEnabled: true,
|
|
localOnlyManageScopeBypassPrefixes: ["/api/mcp/", "/api/cli-tools/runtime/"],
|
|
});
|
|
|
|
assert.equal(validation.success, false);
|
|
if (validation.success) return;
|
|
assert.ok(
|
|
validation.error.issues.some((i) => i.message.includes("BYPASS_PREFIX_NOT_ALLOWED")),
|
|
"expected a BYPASS_PREFIX_NOT_ALLOWED issue for the spawn-capable prefix"
|
|
);
|
|
});
|
|
|
|
test("localOnlyManageScopeBypassEnabled rejects non-boolean values", () => {
|
|
const validation = updateSettingsSchema.safeParse({
|
|
localOnlyManageScopeBypassEnabled: "yes",
|
|
});
|
|
|
|
assert.equal(validation.success, false);
|
|
});
|
|
|
|
test("localOnlyManageScopeBypassPrefixes rejects non-array values", () => {
|
|
const validation = updateSettingsSchema.safeParse({
|
|
localOnlyManageScopeBypassPrefixes: "/api/mcp/",
|
|
});
|
|
|
|
assert.equal(validation.success, false);
|
|
});
|