Files
2026-07-13 13:39:12 +08:00

127 lines
5.1 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { makeManagementSessionRequest } from "../helpers/managementSession.ts";
// #3496 — docs/reference/API_REFERENCE.md documented a `/api/guardrails*` and
// `/api/shadow*` surface that did not exist (doc-fiction, frozen in the
// check-docs-symbols allowlist). The guardrail pipeline itself is real
// (src/lib/guardrails), so the fix implements the two routes that map to real
// behavior — GET /api/guardrails (list) and POST /api/guardrails/test (dry-run
// the pre-call hooks) — removes the fictional enable/disable/logs + shadow rows
// from the docs, and drops them from KNOWN_STALE_DOC_REFS.
const TEST_DATA_DIR = fs.mkdtempSync(path.join(os.tmpdir(), "omniroute-guardrails-3496-"));
process.env.DATA_DIR = TEST_DATA_DIR;
if (!process.env.JWT_SECRET) process.env.JWT_SECRET = "test-guardrails-3496-jwt-secret";
if (!process.env.API_KEY_SECRET) process.env.API_KEY_SECRET = "test-guardrails-3496-apikey-secret";
const listRoute = await import("../../src/app/api/guardrails/route.ts");
const testRoute = await import("../../src/app/api/guardrails/test/route.ts");
const core = await import("../../src/lib/db/core.ts");
test.after(() => {
try {
core.getDbInstance().close();
} catch {
/* ignore */
}
try {
core.resetDbInstance();
} catch {
/* ignore */
}
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
});
test("#3496 GET /api/guardrails lists the registered guardrails with status", async () => {
const req = await makeManagementSessionRequest("http://localhost/api/guardrails");
const res = await listRoute.GET(req);
assert.equal(res.status, 200);
const body = await res.json();
assert.ok(Array.isArray(body.guardrails), "expected guardrails[] in the body");
const names = body.guardrails.map((g) => g.name);
for (const expected of ["vision-bridge", "pii-masker", "prompt-injection"]) {
assert.ok(names.includes(expected), `expected ${expected} in [${names.join(", ")}]`);
}
for (const g of body.guardrails) {
assert.equal(typeof g.name, "string");
assert.equal(typeof g.enabled, "boolean");
assert.equal(typeof g.priority, "number");
}
});
test("#3496 POST /api/guardrails/test runs the pre-call pipeline over a sample input", async () => {
const req = await makeManagementSessionRequest("http://localhost/api/guardrails/test", {
method: "POST",
body: { input: { messages: [{ role: "user", content: "hello world" }] } },
});
const res = await testRoute.POST(req);
assert.equal(res.status, 200);
const body = await res.json();
assert.equal(typeof body.blocked, "boolean");
assert.ok(Array.isArray(body.results), "expected a per-guardrail results[]");
const evaluated = body.results.map((r) => r.guardrail);
assert.ok(
evaluated.includes("pii-masker"),
`expected pii-masker to be evaluated, got [${evaluated.join(", ")}]`
);
});
test("#3496 POST /api/guardrails/test honors disabledGuardrails", async () => {
const req = await makeManagementSessionRequest("http://localhost/api/guardrails/test", {
method: "POST",
body: { input: "hello", disabledGuardrails: ["pii-masker"] },
});
const res = await testRoute.POST(req);
assert.equal(res.status, 200);
const body = await res.json();
const pii = body.results.find((r) => r.guardrail === "pii-masker");
assert.ok(pii, "pii-masker should still appear in results");
assert.equal(pii.skipped, true, "pii-masker should be skipped when disabled");
});
test("#3496 POST /api/guardrails/test rejects a body without input (400)", async () => {
const req = await makeManagementSessionRequest("http://localhost/api/guardrails/test", {
method: "POST",
body: {},
});
const res = await testRoute.POST(req);
assert.equal(res.status, 400);
});
// Regression guard for the quality gate: the docs no longer reference any
// non-existent guardrails/shadow route, and the allowlist no longer freezes them.
test("#3496 check-docs-symbols no longer freezes guardrails/shadow + API_REFERENCE is clean", async () => {
const { KNOWN_STALE_DOC_REFS, collectRouteFiles, extractDocApiPaths, findStaleDocApiRefs } =
await import("../../scripts/check/check-docs-symbols.mjs");
// (1) allowlist no longer freezes any guardrails/shadow path
for (const frozen of [...KNOWN_STALE_DOC_REFS]) {
assert.ok(
!frozen.startsWith("/api/guardrails") && !frozen.startsWith("/api/shadow"),
`allowlist should not still freeze ${frozen}`
);
}
// (2) API_REFERENCE.md no longer references a non-existent guardrails/shadow route
const routeFiles = collectRouteFiles();
const apiRefRel = "docs/reference/API_REFERENCE.md";
const src = fs.readFileSync(path.join(process.cwd(), apiRefRel), "utf8");
const docPathsByFile = [{ file: apiRefRel, paths: extractDocApiPaths(src) }];
const misses = findStaleDocApiRefs(docPathsByFile, routeFiles, KNOWN_STALE_DOC_REFS);
const ghosts = misses.filter(
(m) => m.includes("/api/guardrails") || m.includes("/api/shadow")
);
assert.deepEqual(ghosts, [], `stale guardrails/shadow refs remain: ${ghosts.join("; ")}`);
});