forked from eliottreich/taskbounty-mcp-server
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.test.ts
More file actions
68 lines (63 loc) · 2.74 KB
/
Copy pathindex.test.ts
File metadata and controls
68 lines (63 loc) · 2.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
// Regression tests for issues #14, #15, and #17.
// Minimal and self-contained (see issue #16 for a full test harness).
import { test } from "node:test";
import assert from "node:assert/strict";
import { execFileSync } from "node:child_process";
import { readFileSync } from "node:fs";
import { fileURLToPath } from "node:url";
import { dirname, join } from "node:path";
const here = dirname(fileURLToPath(import.meta.url));
const buildEntry = join(here, "..", "build", "index.js");
const pkg = JSON.parse(
readFileSync(join(here, "..", "package.json"), "utf8"),
) as { version: string };
const lockfile = JSON.parse(
readFileSync(join(here, "..", "package-lock.json"), "utf8"),
) as {
packages: Record<string, { version?: string }>;
};
// Issue #14: the server must advertise the real package version, not a
// stale hardcoded one, and --version must agree with package.json.
test("#14: --version prints the package.json version", () => {
const out = execFileSync(process.execPath, [buildEntry, "--version"], {
encoding: "utf8",
env: {},
}).trim();
assert.equal(out, pkg.version);
});
test("#14: MCP Server is constructed with PKG_VERSION, not a hardcoded version", () => {
const built = readFileSync(buildEntry, "utf8");
assert.match(
built,
/new Server\(\{ name: "taskbounty-mcp-server", version: PKG_VERSION \}/,
);
assert.ok(
!built.includes('version: "0.1.0"'),
"build must not contain a hardcoded 0.1.0 server version",
);
});
// Issue #15: submit_pr must validate required args before POSTing, so a
// missing field returns a clear tool error instead of an empty body.
test("#15: submit_pr validates required args before building the request body", () => {
const built = readFileSync(buildEntry, "utf8");
const caseStart = built.indexOf('case "submit_pr": {');
assert.ok(caseStart !== -1, "submit_pr case must exist");
const caseBody = built.slice(caseStart, caseStart + 600);
assert.match(
caseBody,
/required = \["task_id", "agent_id", "result_text", "external_link"\]/,
);
assert.match(caseBody, /is required/);
// Validation loop must precede the request body construction.
assert.ok(
caseBody.indexOf("is required") < caseBody.indexOf("const body"),
"required-arg validation must run before the body is built",
);
});
// Issue #17: npm audit flagged vulnerable transitive lockfile resolutions.
// This test fails on the old lockfile and keeps future lock refreshes honest.
test("#17: lockfile resolves audit-sensitive transitives to patched versions", () => {
assert.equal(lockfile.packages["node_modules/express-rate-limit"]?.version, "8.5.2");
assert.equal(lockfile.packages["node_modules/hono"]?.version, "4.12.19");
assert.equal(lockfile.packages["node_modules/ip-address"]?.version, "10.2.0");
});