hub-metadata-facets-self-hosted-route.test.mjs
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠ breaking
2 days ago
| 1 | /** |
| 2 | * Self-hosted Hub MetadataFacets route contract tests. |
| 3 | * |
| 4 | * The local Hub route exposes bounded body-free MetadataFacets without adding |
| 5 | * search, persistence, provider, body, snippet, full frontmatter, resource URI, |
| 6 | * summary, sidecar, LLM, or write-back surfaces. |
| 7 | */ |
| 8 | import { describe, it } from 'node:test'; |
| 9 | import assert from 'node:assert/strict'; |
| 10 | import fs from 'fs'; |
| 11 | import path from 'path'; |
| 12 | import { fileURLToPath } from 'url'; |
| 13 | |
| 14 | const __dirname = path.dirname(fileURLToPath(import.meta.url)); |
| 15 | const repoRoot = path.dirname(__dirname); |
| 16 | |
| 17 | function readRepoFile(relativePath) { |
| 18 | return fs.readFileSync(path.join(repoRoot, relativePath), 'utf8'); |
| 19 | } |
| 20 | |
| 21 | function routeSource() { |
| 22 | const src = readRepoFile('hub/server.mjs'); |
| 23 | const start = src.indexOf("app.get('/api/v1/metadata-facets'"); |
| 24 | const end = src.indexOf("// GET /api/v1/section-source", start); |
| 25 | assert.notEqual(start, -1, 'self-hosted metadata-facets route must exist'); |
| 26 | assert.notEqual(end, -1, 'route must stay before section-source route'); |
| 27 | return src.slice(start, end); |
| 28 | } |
| 29 | |
| 30 | describe('self-hosted Hub MetadataFacets route', () => { |
| 31 | it('unit: registers the local Hub route behind auth, rate limit, and vault access', () => { |
| 32 | const src = readRepoFile('hub/server.mjs'); |
| 33 | |
| 34 | assert.match(src, /app\.use\('\/api\/v1\/metadata-facets', jwtAuth, apiLimiter, requireVaultAccess\)/); |
| 35 | assert.match(src, /normalizeMetadataFacets/); |
| 36 | assert.match(src, /app\.get\('\/api\/v1\/metadata-facets'/); |
| 37 | }); |
| 38 | |
| 39 | it('integration: reads one vault-relative path through readNote and normalizeMetadataFacets only', () => { |
| 40 | const route = routeSource(); |
| 41 | |
| 42 | assert.match(route, /const requestedPath = typeof req\.query\.path === 'string'/); |
| 43 | assert.match(route, /resolveVaultRelativePath\(req\.vaultPath, requestedPath\)/); |
| 44 | assert.match(route, /const note = readNote\(req\.vaultPath, requestedPath\)/); |
| 45 | assert.match(route, /normalizeMetadataFacets\(requestedPath, note\.frontmatter\)/); |
| 46 | assert.doesNotMatch(route, /runSearch|runKeywordSearch|embedWithUsage|completeChat/); |
| 47 | }); |
| 48 | |
| 49 | it('end-to-end: OpenAPI documents the same body-free endpoint', () => { |
| 50 | const api = readRepoFile('docs/openapi.yaml'); |
| 51 | |
| 52 | assert.match(api, /\/metadata-facets:/); |
| 53 | assert.match(api, /knowtation\.metadata_facets\/v0/); |
| 54 | assert.match(api, /#\/components\/schemas\/MetadataFacets/); |
| 55 | }); |
| 56 | |
| 57 | it('stress: route checks remain bounded to Hub server, normalizer, and OpenAPI sources', () => { |
| 58 | const started = Date.now(); |
| 59 | const sources = [ |
| 60 | readRepoFile('hub/server.mjs'), |
| 61 | readRepoFile('lib/vault.mjs'), |
| 62 | readRepoFile('docs/openapi.yaml'), |
| 63 | ]; |
| 64 | |
| 65 | assert.equal(sources.length, 3); |
| 66 | assert.ok(Date.now() - started < 300); |
| 67 | }); |
| 68 | |
| 69 | it('data-integrity: route does not write, persist, index, vectorize, cache, sidecar, or summarize MetadataFacets', () => { |
| 70 | const route = routeSource(); |
| 71 | |
| 72 | assert.doesNotMatch(route, /writeNote|deleteNote|localStorage|sessionStorage|index|vector|summary|memory|sidecar/i); |
| 73 | }); |
| 74 | |
| 75 | it('performance: route stays one-note and provider-free', () => { |
| 76 | const route = routeSource(); |
| 77 | |
| 78 | assert.match(route, /readNote\(req\.vaultPath, requestedPath\)/); |
| 79 | assert.doesNotMatch(route, /runListNotes|\/api\/v1\/notes\?|PageIndex|OCR|LLM|provider/i); |
| 80 | }); |
| 81 | |
| 82 | it('security: route sanitizes invalid, missing, forbidden, and upstream errors', () => { |
| 83 | const route = routeSource(); |
| 84 | |
| 85 | assert.match(route, /code: 'INVALID_PATH'/); |
| 86 | assert.match(route, /code: 'FORBIDDEN'/); |
| 87 | assert.match(route, /code: 'NOT_FOUND'/); |
| 88 | assert.match(route, /code: 'UPSTREAM_ERROR'/); |
| 89 | assert.match(route, /res\.json\(normalizeMetadataFacets\(requestedPath, note\.frontmatter\)\)/); |
| 90 | assert.doesNotMatch(route, /res\.json\(note|res\.json\(\{[\s\S]*(body|snippet|frontmatter|raw_canister_payload|provider_payload|mcp_resource_uri)/); |
| 91 | }); |
| 92 | }); |
File History
2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠
2 days ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6
docs: accept Calendar Events v0 spec with Phase 0 security …
Human
2 days ago