aaronrene / knowtation public
hub-document-tree-self-hosted-route.test.mjs
90 lines 3.6 KB
Raw
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor ⚠ breaking 1 day ago
1 /**
2 * Self-hosted Hub DocumentTree route contract tests.
3 *
4 * The local Hub route exposes nested heading-only DocumentTree metadata without
5 * adding search, persistence, provider, body, snippet, resource URI, summary,
6 * sidecar, LLM, or write-back surfaces.
7 */
8 import { describe, it } from 'node:test';
9 import assert from 'node:assert/strict';
10 import fs from 'fs';
11 import path from 'path';
12 import { fileURLToPath } from 'url';
13
14 const __dirname = path.dirname(fileURLToPath(import.meta.url));
15 const repoRoot = path.dirname(__dirname);
16
17 function readRepoFile(relativePath) {
18 return fs.readFileSync(path.join(repoRoot, relativePath), 'utf8');
19 }
20
21 function routeSource() {
22 const src = readRepoFile('hub/server.mjs');
23 const start = src.indexOf("app.get('/api/v1/document-tree'");
24 const end = src.indexOf("// GET /api/v1/metadata-facets", start);
25 assert.notEqual(start, -1, 'self-hosted document-tree route must exist');
26 assert.notEqual(end, -1, 'route must stay before metadata-facets route');
27 return src.slice(start, end);
28 }
29
30 describe('self-hosted Hub DocumentTree route', () => {
31 it('unit: registers the local Hub route behind auth, rate limit, and vault access', () => {
32 const src = readRepoFile('hub/server.mjs');
33
34 assert.match(src, /app\.use\('\/api\/v1\/document-tree', jwtAuth, apiLimiter, requireVaultAccess\)/);
35 assert.match(src, /import \{ buildDocumentTree \} from '\.\.\/lib\/document-tree\.mjs'/);
36 assert.match(src, /app\.get\('\/api\/v1\/document-tree'/);
37 });
38
39 it('integration: reads one vault-relative path through readNote and buildDocumentTree only', () => {
40 const route = routeSource();
41
42 assert.match(route, /const requestedPath = typeof req\.query\.path === 'string'/);
43 assert.match(route, /resolveVaultRelativePath\(req\.vaultPath, requestedPath\)/);
44 assert.match(route, /buildDocumentTree\(readNote\(req\.vaultPath, requestedPath\)\)/);
45 assert.doesNotMatch(route, /runSearch|runKeywordSearch|embedWithUsage|completeChat/);
46 });
47
48 it('end-to-end: OpenAPI documents the same body-free endpoint', () => {
49 const api = readRepoFile('docs/openapi.yaml');
50
51 assert.match(api, /\/document-tree:/);
52 assert.match(api, /knowtation\.document_tree\/v0/);
53 assert.match(api, /#\/components\/schemas\/DocumentTree/);
54 });
55
56 it('stress: route checks remain bounded to Hub server, parser, and OpenAPI sources', () => {
57 const started = Date.now();
58 const sources = [
59 readRepoFile('hub/server.mjs'),
60 readRepoFile('lib/document-tree.mjs'),
61 readRepoFile('docs/openapi.yaml'),
62 ];
63
64 assert.equal(sources.length, 3);
65 assert.ok(Date.now() - started < 300);
66 });
67
68 it('data-integrity: route does not write, persist, index, vectorize, cache, sidecar, or summarize DocumentTree', () => {
69 const route = routeSource();
70
71 assert.doesNotMatch(route, /writeNote|deleteNote|localStorage|sessionStorage|index|vector|summary|memory|sidecar/i);
72 });
73
74 it('performance: route stays one-note and provider-free', () => {
75 const route = routeSource();
76
77 assert.match(route, /buildDocumentTree\(readNote\(req\.vaultPath, requestedPath\)\)/);
78 assert.doesNotMatch(route, /runListNotes|\/api\/v1\/notes\?|PageIndex|OCR|LLM|provider/i);
79 });
80
81 it('security: route sanitizes invalid, missing, forbidden, and upstream errors', () => {
82 const route = routeSource();
83
84 assert.match(route, /code: 'INVALID_PATH'/);
85 assert.match(route, /code: 'FORBIDDEN'/);
86 assert.match(route, /code: 'NOT_FOUND'/);
87 assert.match(route, /code: 'UPSTREAM_ERROR'/);
88 assert.doesNotMatch(route, /res\.json\(\{[\s\S]*body|snippet|frontmatter|raw_canister_payload|provider_payload|mcp_resource_uri/);
89 });
90 });
File History 2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor 1 day ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6 docs: accept Calendar Events v0 spec with Phase 0 security … Human 1 day ago