Files
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00

711 lines
26 KiB
TypeScript

/**
* Tests for Guidance Hook Integration Layer
*/
import { describe, it, expect, beforeEach, vi } from 'vitest';
import { GuidanceHookProvider, createGuidanceHooks, gateResultsToHookResult } from '../src/hooks.js';
import { EnforcementGates } from '../src/gates.js';
import { ShardRetriever, HashEmbeddingProvider } from '../src/retriever.js';
import { RunLedger } from '../src/ledger.js';
import { HookRegistry } from '@claude-flow/hooks';
import { HookEvent, HookPriority } from '@claude-flow/hooks';
import type { HookContext, HookResult } from '@claude-flow/hooks';
import type { GateResult, RunEvent, PolicyBundle } from '../src/types.js';
// ============================================================================
// Helpers
// ============================================================================
function makeHookContext(overrides: Partial<HookContext> = {}): HookContext {
return {
event: HookEvent.PreCommand,
timestamp: new Date(),
...overrides,
};
}
function makePolicyBundle(): PolicyBundle {
return {
constitution: {
rules: [
{
id: 'R001',
text: 'Never commit secrets',
riskClass: 'critical',
toolClasses: ['all'],
intents: ['security'],
repoScopes: ['**/*'],
domains: ['security'],
priority: 100,
source: 'root',
isConstitution: true,
createdAt: Date.now(),
updatedAt: Date.now(),
},
],
text: '# Constitution\n\n- Never commit secrets',
hash: 'test-hash-001',
},
shards: [
{
rule: {
id: 'R002',
text: 'Always run tests before committing',
riskClass: 'high',
toolClasses: ['bash'],
intents: ['testing', 'feature'],
repoScopes: ['**/*'],
domains: ['testing'],
priority: 80,
source: 'root',
isConstitution: false,
createdAt: Date.now(),
updatedAt: Date.now(),
},
compactText: 'Run tests before committing code changes.',
},
{
rule: {
id: 'R003',
text: 'Use staged commits for large changes',
riskClass: 'medium',
toolClasses: ['edit'],
intents: ['feature', 'refactor'],
repoScopes: ['**/*'],
domains: ['architecture'],
priority: 50,
source: 'root',
isConstitution: false,
createdAt: Date.now(),
updatedAt: Date.now(),
},
compactText: 'Break large changes into staged commits.',
},
],
manifest: {
rules: [],
compiledAt: Date.now(),
sourceHashes: {},
totalRules: 3,
constitutionRules: 1,
shardRules: 2,
},
};
}
// ============================================================================
// gateResultsToHookResult
// ============================================================================
describe('gateResultsToHookResult', () => {
it('should return success for empty gate results', () => {
const result = gateResultsToHookResult([]);
expect(result.success).toBe(true);
expect(result.abort).toBeUndefined();
});
it('should map block decision to abort', () => {
const gateResults: GateResult[] = [
{
decision: 'block',
gateName: 'secrets',
reason: 'Secret detected',
triggeredRules: ['R001'],
remediation: 'Remove the secret',
},
];
const result = gateResultsToHookResult(gateResults);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
expect(result.error).toContain('Secret detected');
});
it('should map require-confirmation to abort', () => {
const gateResults: GateResult[] = [
{
decision: 'require-confirmation',
gateName: 'destructive-ops',
reason: 'Destructive op detected',
triggeredRules: [],
remediation: 'Confirm the operation',
},
];
const result = gateResultsToHookResult(gateResults);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
expect(result.data).toBeDefined();
expect((result.data as Record<string, unknown>).gateDecision).toBe('require-confirmation');
});
it('should map warn to success with warnings', () => {
const gateResults: GateResult[] = [
{
decision: 'warn',
gateName: 'diff-size',
reason: 'Large diff detected',
triggeredRules: [],
remediation: 'Stage incrementally',
},
];
const result = gateResultsToHookResult(gateResults);
expect(result.success).toBe(true);
expect(result.abort).toBeUndefined();
expect(result.warnings).toBeDefined();
expect(result.warnings!.length).toBeGreaterThan(0);
});
it('should pick the most restrictive decision among mixed results', () => {
const gateResults: GateResult[] = [
{ decision: 'warn', gateName: 'diff-size', reason: 'Large', triggeredRules: [] },
{ decision: 'block', gateName: 'secrets', reason: 'Secret', triggeredRules: [] },
];
const result = gateResultsToHookResult(gateResults);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
expect((result.data as Record<string, unknown>).gateDecision).toBe('block');
});
});
// ============================================================================
// GuidanceHookProvider - Registration
// ============================================================================
describe('GuidanceHookProvider', () => {
let gates: EnforcementGates;
let retriever: ShardRetriever;
let ledger: RunLedger;
let registry: HookRegistry;
let provider: GuidanceHookProvider;
beforeEach(async () => {
gates = new EnforcementGates();
retriever = new ShardRetriever(new HashEmbeddingProvider());
ledger = new RunLedger();
registry = new HookRegistry();
provider = new GuidanceHookProvider(gates, retriever, ledger);
// Load a bundle so the retriever is functional
await retriever.loadBundle(makePolicyBundle());
});
describe('registerAll', () => {
it('should register 5 hooks on the registry', () => {
const ids = provider.registerAll(registry);
expect(ids).toHaveLength(5);
expect(registry.size).toBe(5);
});
it('should register a hook for PreCommand', () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreCommand);
expect(hooks.length).toBeGreaterThanOrEqual(1);
const guidanceHook = hooks.find(h => h.name === 'guidance-gate-pre-command');
expect(guidanceHook).toBeDefined();
expect(guidanceHook!.priority).toBe(HookPriority.Critical);
});
it('should register a hook for PreToolUse', () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreToolUse);
const guidanceHook = hooks.find(h => h.name === 'guidance-gate-pre-tool-use');
expect(guidanceHook).toBeDefined();
expect(guidanceHook!.priority).toBe(HookPriority.Critical);
});
it('should register a hook for PreEdit at High priority', () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreEdit);
const guidanceHook = hooks.find(h => h.name === 'guidance-gate-pre-edit');
expect(guidanceHook).toBeDefined();
expect(guidanceHook!.priority).toBe(HookPriority.High);
});
it('should register a hook for PreTask at Normal priority', () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreTask);
const guidanceHook = hooks.find(h => h.name === 'guidance-retriever-pre-task');
expect(guidanceHook).toBeDefined();
expect(guidanceHook!.priority).toBe(HookPriority.Normal);
});
it('should register a hook for PostTask at Normal priority', () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PostTask);
const guidanceHook = hooks.find(h => h.name === 'guidance-ledger-post-task');
expect(guidanceHook).toBeDefined();
expect(guidanceHook!.priority).toBe(HookPriority.Normal);
});
});
describe('unregisterAll', () => {
it('should remove all registered hooks from the registry', () => {
provider.registerAll(registry);
expect(registry.size).toBe(5);
provider.unregisterAll(registry);
expect(registry.size).toBe(0);
expect(provider.getHookIds()).toHaveLength(0);
});
});
// ==========================================================================
// PreCommand hook
// ==========================================================================
describe('PreCommand hook', () => {
it('should block destructive commands', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreCommand);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-command')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreCommand,
command: { raw: 'rm -rf /' },
});
const result = await handler(ctx);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
expect(result.message).toContain('Destructive operation');
});
it('should block git push --force', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreCommand);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-command')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreCommand,
command: { raw: 'git push origin main --force' },
});
const result = await handler(ctx);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
});
it('should detect secrets in commands', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreCommand);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-command')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreCommand,
command: { raw: 'export API_KEY="sk-abc123456789012345678901234567890"' },
});
const result = await handler(ctx);
// Secrets gate fires with 'block'
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
});
it('should allow safe commands', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreCommand);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-command')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreCommand,
command: { raw: 'git status' },
});
const result = await handler(ctx);
expect(result.success).toBe(true);
});
it('should succeed when no command is provided', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreCommand);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-command')!.handler;
const ctx = makeHookContext({ event: HookEvent.PreCommand });
const result = await handler(ctx);
expect(result.success).toBe(true);
});
});
// ==========================================================================
// PreToolUse hook
// ==========================================================================
describe('PreToolUse hook', () => {
it('should block non-allowlisted tools when allowlist is enabled', async () => {
const restrictedGates = new EnforcementGates({
toolAllowlist: true,
allowedTools: ['Read', 'Write'],
});
const restrictedProvider = new GuidanceHookProvider(restrictedGates, retriever, ledger);
restrictedProvider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreToolUse);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-tool-use')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreToolUse,
tool: { name: 'Bash', parameters: {} },
});
const result = await handler(ctx);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
});
it('should detect secrets in tool parameters', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreToolUse);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-tool-use')!.handler;
// Use an sk- prefixed key which is detected even through JSON.stringify
// (the password pattern requires surrounding quotes which get escaped by
// JSON.stringify in evaluateToolUse, so we use a pattern without quote delimiters)
const ctx = makeHookContext({
event: HookEvent.PreToolUse,
tool: {
name: 'Write',
parameters: {
content: 'const key = sk-abcdefghij0123456789abcdef',
},
},
});
const result = await handler(ctx);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
});
it('should allow safe tool use', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreToolUse);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-tool-use')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreToolUse,
tool: { name: 'Read', parameters: { path: '/src/main.ts' } },
});
const result = await handler(ctx);
expect(result.success).toBe(true);
});
it('should succeed when no tool info is provided', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreToolUse);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-tool-use')!.handler;
const ctx = makeHookContext({ event: HookEvent.PreToolUse });
const result = await handler(ctx);
expect(result.success).toBe(true);
});
});
// ==========================================================================
// PreEdit hook
// ==========================================================================
describe('PreEdit hook', () => {
it('should detect secrets in edit content', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreEdit);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-edit')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreEdit,
file: { path: '/src/config.ts', operation: 'modify' },
metadata: {
content: 'const token = "ghp_abcdefghijklmnopqrstuvwxyz1234567890"',
diffLines: 5,
},
});
const result = await handler(ctx);
expect(result.success).toBe(false);
expect(result.abort).toBe(true);
});
it('should warn on large diffs', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreEdit);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-edit')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreEdit,
file: { path: '/src/main.ts', operation: 'modify' },
metadata: {
content: 'const foo = "bar"',
diffLines: 500,
},
});
const result = await handler(ctx);
expect(result.success).toBe(true);
expect(result.warnings).toBeDefined();
expect(result.warnings!.length).toBeGreaterThan(0);
});
it('should allow clean small edits', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreEdit);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-edit')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreEdit,
file: { path: '/src/utils.ts', operation: 'modify' },
metadata: {
content: 'export const VERSION = "1.0.0"',
diffLines: 1,
},
});
const result = await handler(ctx);
expect(result.success).toBe(true);
});
it('should succeed when no file info is provided', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreEdit);
const handler = hooks.find(h => h.name === 'guidance-gate-pre-edit')!.handler;
const ctx = makeHookContext({ event: HookEvent.PreEdit });
const result = await handler(ctx);
expect(result.success).toBe(true);
});
});
// ==========================================================================
// PreTask hook
// ==========================================================================
describe('PreTask hook', () => {
it('should retrieve shards and classify intent', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreTask);
const handler = hooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-001', description: 'Fix the authentication bug in login flow' },
});
const result = await handler(ctx);
expect(result.success).toBe(true);
expect(result.data).toBeDefined();
expect((result.data as Record<string, unknown>).intent).toBeDefined();
expect((result.data as Record<string, unknown>).shardCount).toBeDefined();
});
it('should classify intent as bug-fix for bug descriptions', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreTask);
const handler = hooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-002', description: 'Fix broken error handling' },
});
const result = await handler(ctx);
expect(result.success).toBe(true);
expect((result.data as Record<string, unknown>).intent).toBe('bug-fix');
});
it('should classify intent as security for security descriptions', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreTask);
const handler = hooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-003', description: 'Fix XSS vulnerability in input sanitization' },
});
const result = await handler(ctx);
expect(result.success).toBe(true);
expect((result.data as Record<string, unknown>).intent).toBe('security');
});
it('should create an active run event for the task', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreTask);
const handler = hooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-004', description: 'Add new feature for user profiles' },
});
await handler(ctx);
const activeRun = provider.getActiveRun('task-004');
expect(activeRun).toBeDefined();
expect(activeRun!.taskId).toBe('task-004');
});
it('should succeed when task info is missing', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreTask);
const handler = hooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
const ctx = makeHookContext({ event: HookEvent.PreTask });
const result = await handler(ctx);
expect(result.success).toBe(true);
});
it('should gracefully handle retriever without a loaded bundle', async () => {
const emptyRetriever = new ShardRetriever(new HashEmbeddingProvider());
const emptyProvider = new GuidanceHookProvider(gates, emptyRetriever, ledger);
emptyProvider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PreTask);
// Get the one from emptyProvider (last registered for this event)
const handler = hooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
const ctx = makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-005', description: 'Implement caching layer' },
});
const result = await handler(ctx);
// Should succeed despite retriever not having a bundle
expect(result.success).toBe(true);
});
});
// ==========================================================================
// PostTask hook
// ==========================================================================
describe('PostTask hook', () => {
it('should finalize a previously created run event', async () => {
provider.registerAll(registry);
// First trigger PreTask to create the run event
const preTaskHooks = registry.getForEvent(HookEvent.PreTask);
const preTaskHandler = preTaskHooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
await preTaskHandler(makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-010', description: 'Add user dashboard feature' },
}));
// Confirm the run event exists
expect(provider.getActiveRun('task-010')).toBeDefined();
// Now trigger PostTask
const postTaskHooks = registry.getForEvent(HookEvent.PostTask);
const postTaskHandler = postTaskHooks.find(h => h.name === 'guidance-ledger-post-task')!.handler;
const result = await postTaskHandler(makeHookContext({
event: HookEvent.PostTask,
task: { id: 'task-010', description: 'Add user dashboard feature', status: 'completed' },
}));
expect(result.success).toBe(true);
expect(result.data).toBeDefined();
expect((result.data as Record<string, unknown>).taskId).toBe('task-010');
// Active run should be cleaned up
expect(provider.getActiveRun('task-010')).toBeUndefined();
});
it('should record the event in the ledger', async () => {
provider.registerAll(registry);
const initialCount = ledger.eventCount;
// Create run via PreTask
const preTaskHooks = registry.getForEvent(HookEvent.PreTask);
const preTaskHandler = preTaskHooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
await preTaskHandler(makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-011', description: 'Refactor database module' },
}));
// Finalize via PostTask
const postTaskHooks = registry.getForEvent(HookEvent.PostTask);
const postTaskHandler = postTaskHooks.find(h => h.name === 'guidance-ledger-post-task')!.handler;
await postTaskHandler(makeHookContext({
event: HookEvent.PostTask,
task: { id: 'task-011', description: 'Refactor database module', status: 'completed' },
}));
expect(ledger.eventCount).toBe(initialCount + 1);
});
it('should handle PostTask without a matching PreTask gracefully', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PostTask);
const handler = hooks.find(h => h.name === 'guidance-ledger-post-task')!.handler;
const ctx = makeHookContext({
event: HookEvent.PostTask,
task: { id: 'task-unknown', description: 'Unknown task' },
});
const result = await handler(ctx);
expect(result.success).toBe(true);
expect(result.message).toContain('No active run event');
});
it('should succeed when no task info is provided', async () => {
provider.registerAll(registry);
const hooks = registry.getForEvent(HookEvent.PostTask);
const handler = hooks.find(h => h.name === 'guidance-ledger-post-task')!.handler;
const ctx = makeHookContext({ event: HookEvent.PostTask });
const result = await handler(ctx);
expect(result.success).toBe(true);
});
it('should populate metadata from context', async () => {
provider.registerAll(registry);
// Create run via PreTask
const preTaskHooks = registry.getForEvent(HookEvent.PreTask);
const preTaskHandler = preTaskHooks.find(h => h.name === 'guidance-retriever-pre-task')!.handler;
await preTaskHandler(makeHookContext({
event: HookEvent.PreTask,
task: { id: 'task-012', description: 'Add feature with tools' },
}));
// Finalize via PostTask with metadata
const postTaskHooks = registry.getForEvent(HookEvent.PostTask);
const postTaskHandler = postTaskHooks.find(h => h.name === 'guidance-ledger-post-task')!.handler;
await postTaskHandler(makeHookContext({
event: HookEvent.PostTask,
task: { id: 'task-012', description: 'Add feature with tools', status: 'completed' },
metadata: {
toolsUsed: ['Edit', 'Bash'],
filesTouched: ['/src/main.ts', '/tests/main.test.ts'],
},
}));
// Verify the event was stored with the metadata
const events = ledger.getEventsByTask('task-012');
expect(events.length).toBe(1);
expect(events[0].toolsUsed).toEqual(['Edit', 'Bash']);
expect(events[0].filesTouched).toEqual(['/src/main.ts', '/tests/main.test.ts']);
expect(events[0].outcomeAccepted).toBe(true);
});
});
// ==========================================================================
// createGuidanceHooks factory
// ==========================================================================
describe('createGuidanceHooks', () => {
it('should create a provider without registering when no registry given', () => {
const result = createGuidanceHooks(gates, retriever, ledger);
expect(result.provider).toBeInstanceOf(GuidanceHookProvider);
expect(result.hookIds).toHaveLength(0);
});
it('should create and register when registry is given', () => {
const result = createGuidanceHooks(gates, retriever, ledger, registry);
expect(result.provider).toBeInstanceOf(GuidanceHookProvider);
expect(result.hookIds).toHaveLength(5);
expect(registry.size).toBe(5);
});
});
});