test/mcp-hosted-metadata-facets.test.mjs · aaronrene/knowtation — MuseHub

aaronrene / knowtation public

mcp-hosted-metadata-facets.test.mjs

261 lines 8.5 KB

Raw

sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor ⚠ breaking 1 day ago

1	/**
2	* Hosted MCP get_metadata_facets tests.
3	*
4	* Phase 1D mirrors hosted get_note access: same canister read path, same auth
5	* headers, viewer-level ACL, and a body-free MetadataFacets v0 response.
6	*/
7	import { describe, it, afterEach } from 'node:test';
8	import assert from 'node:assert/strict';
9	import { Client } from '@modelcontextprotocol/sdk/client/index.js';
10	import { InMemoryTransport } from '@modelcontextprotocol/sdk/inMemory.js';
11	import { createHostedMcpServer } from '../hub/gateway/mcp-hosted-server.mjs';
12
13	const CANISTER_URL = 'http://canister.test:4322';
14	const BRIDGE_URL = 'http://bridge.test:4321';
15
16	function makeCtx(overrides = {}) {
17	return {
18	userId: 'google:actor',
19	canisterUserId: 'google:owner',
20	vaultId: 'vault-facets',
21	role: 'viewer',
22	token: 'tok-facets',
23	canisterUrl: CANISTER_URL,
24	bridgeUrl: BRIDGE_URL,
25	canisterAuthSecret: 'gw-secret-facets',
26	...overrides,
27	};
28	}
29
30	function headerGet(headers, name) {
31	if (!headers) return undefined;
32	if (typeof headers.get === 'function') return headers.get(name);
33	return headers[name] ?? headers[name.toLowerCase()];
34	}
35
36	function installFetchMock(handler) {
37	const calls = [];
38	const origFetch = globalThis.fetch;
39	globalThis.fetch = async (url, init) => {
40	calls.push({ url: String(url), init });
41	return handler(String(url), init, calls);
42	};
43	return {
44	calls,
45	restore() {
46	globalThis.fetch = origFetch;
47	},
48	};
49	}
50
51	async function connectPair(ctx = makeCtx()) {
52	const mcpServer = createHostedMcpServer(ctx);
53	const client = new Client({ name: 'hosted-metadata-facets', version: '0.0.1' });
54	const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();
55	await mcpServer.connect(serverTransport);
56	await client.connect(clientTransport);
57	return { client };
58	}
59
60	function parseToolResult(result) {
61	const text = result.content?.[0]?.text;
62	assert.equal(typeof text, 'string');
63	return JSON.parse(text);
64	}
65
66	describe('hosted MCP get_metadata_facets', () => {
67	let mock;
68	let client;
69
70	afterEach(async () => {
71	try {
72	await client?.close();
73	} catch (_) {}
74	mock?.restore?.();
75	});
76
77	it('lists get_metadata_facets as a read tool for every hosted role', async () => {
78	mock = installFetchMock(() => ({
79	ok: true,
80	status: 200,
81	json: async () => ({}),
82	text: async () => '{}',
83	}));
84
85	for (const role of ['viewer', 'editor', 'evaluator', 'admin']) {
86	({ client } = await connectPair(makeCtx({ role })));
87	const { tools } = await client.listTools();
88	assert.ok(tools.some((tool) => tool.name === 'get_metadata_facets'), `${role} can list get_metadata_facets`);
89	await client.close();
90	client = undefined;
91	}
92	});
93
94	it('uses the same canister GET path and auth headers as get_note', async () => {
95	mock = installFetchMock(() => ({
96	ok: true,
97	status: 200,
98	json: async () => ({
99	path: 'inbox/hello world.md',
100	frontmatter: '{"project":"Hosted Project","tags":["Alpha","Beta"],"api_key":"must-not-leak"}',
101	body: 'Body must not leak.',
102	}),
103	text: async () => '{}',
104	}));
105	({ client } = await connectPair());
106
107	await client.callTool({
108	name: 'get_metadata_facets',
109	arguments: { path: 'inbox/hello world.md' },
110	});
111
112	assert.equal(mock.calls.length, 1);
113	assert.equal(mock.calls[0].url, `${CANISTER_URL}/api/v1/notes/${encodeURIComponent('inbox/hello world.md')}`);
114	assert.equal(mock.calls[0].init.method, 'GET');
115	const headers = mock.calls[0].init.headers;
116	assert.equal(headerGet(headers, 'Authorization'), 'Bearer tok-facets');
117	assert.equal(headerGet(headers, 'X-Vault-Id'), 'vault-facets');
118	assert.equal(headerGet(headers, 'X-User-Id'), 'google:owner');
119	assert.equal(headerGet(headers, 'X-Gateway-Auth'), 'gw-secret-facets');
120	});
121
122	it('rejects unsafe requested paths before upstream fetch', async () => {
123	mock = installFetchMock(() => {
124	throw new Error('upstream fetch must not run for unsafe requested paths');
125	});
126	({ client } = await connectPair());
127
128	for (const unsafePath of ['../secret.md', '\\Users\\owner\\secret.md']) {
129	const result = await client.callTool({
130	name: 'get_metadata_facets',
131	arguments: { path: unsafePath },
132	});
133	const data = parseToolResult(result);
134
135	assert.equal(result.isError, true);
136	assert.equal(data.code, 'UPSTREAM_ERROR');
137	assert.match(data.error, /Invalid path/);
138	}
139	assert.equal(mock.calls.length, 0);
140	});
141
142	it('returns MetadataFacets JSON without body, snippets, full frontmatter, or absolute paths', async () => {
143	mock = installFetchMock(() => ({
144	ok: true,
145	status: 200,
146	json: async () => ({
147	path: 'inbox/hello.md',
148	frontmatter:
149	'{"project":"Hosted Project","tags":["Alpha","Beta"],"date":"2026-05-24","updated":"2026-05-25","causal_chain_id":"Launch Rollout","entity":["Alice B"],"episode_id":"Episode 1","api_key":"must-not-leak","label":"do not include"}',
150	body: 'Body must not leak.',
151	}),
152	text: async () => '{}',
153	}));
154	({ client } = await connectPair());
155
156	const result = await client.callTool({
157	name: 'get_metadata_facets',
158	arguments: { path: 'inbox/hello.md' },
159	});
160	const data = parseToolResult(result);
161	const serialized = JSON.stringify(data);
162
163	assert.equal(result.isError, undefined);
164	assert.deepEqual(data, {
165	schema: 'knowtation.metadata_facets/v0',
166	path: 'inbox/hello.md',
167	facets: {
168	project: 'hosted-project',
169	tags: ['alpha', 'beta'],
170	date: '2026-05-24',
171	updated: '2026-05-25',
172	causal_chain_id: 'launch-rollout',
173	entity: ['alice-b'],
174	episode_id: 'episode-1',
175	},
176	inferred: {
177	folder: 'inbox',
178	source_type: null,
179	},
180	truncated: false,
181	});
182	assert.equal(Object.hasOwn(data, 'body'), false);
183	assert.equal(Object.hasOwn(data, 'frontmatter'), false);
184	assert.equal(Object.hasOwn(data, 'snippet'), false);
185	assert.equal(Object.hasOwn(data, 'summary'), false);
186	assert.equal(Object.hasOwn(data, 'labels'), false);
187	assert.equal(Object.hasOwn(data, 'metadata_facets'), false);
188	assert.equal(serialized.includes('Body must not leak'), false);
189	assert.equal(serialized.includes('must-not-leak'), false);
190	assert.equal(serialized.includes('do not include'), false);
191	assert.equal(serialized.includes('/Users/'), false);
192	});
193
194	it('uses requested safe path instead of unsafe upstream path in output', async () => {
195	mock = installFetchMock(() => ({
196	ok: true,
197	status: 200,
198	json: async () => ({
199	path: '/Users/owner/private/secret.md',
200	frontmatter: '{"tags":["Safe"]}',
201	body: 'private note body must not leak',
202	}),
203	text: async () => '{}',
204	}));
205	({ client } = await connectPair());
206
207	const result = await client.callTool({
208	name: 'get_metadata_facets',
209	arguments: { path: 'safe.md' },
210	});
211	const data = parseToolResult(result);
212	const serialized = JSON.stringify(data);
213
214	assert.equal(result.isError, undefined);
215	assert.equal(data.path, 'safe.md');
216	assert.deepEqual(data.facets.tags, ['safe']);
217	assert.equal(serialized.includes('/Users/owner'), false);
218	assert.equal(serialized.includes('private note body'), false);
219	});
220
221	it('returns UPSTREAM_ERROR without changing missing-note behavior', async () => {
222	mock = installFetchMock(() => ({
223	ok: false,
224	status: 404,
225	json: async () => ({ error: 'not found' }),
226	text: async () => '{"error":"not found"}',
227	}));
228	({ client } = await connectPair());
229
230	const result = await client.callTool({
231	name: 'get_metadata_facets',
232	arguments: { path: 'missing.md' },
233	});
234	const data = parseToolResult(result);
235
236	assert.equal(result.isError, true);
237	assert.equal(data.code, 'UPSTREAM_ERROR');
238	assert.match(data.error, /Upstream 404/);
239	});
240
241	it('returns UPSTREAM_ERROR without changing forbidden-note behavior', async () => {
242	mock = installFetchMock(() => ({
243	ok: false,
244	status: 403,
245	json: async () => ({ error: 'forbidden' }),
246	text: async () => '{"error":"forbidden"}',
247	}));
248	({ client } = await connectPair());
249
250	const result = await client.callTool({
251	name: 'get_metadata_facets',
252	arguments: { path: 'private.md' },
253	});
254	const data = parseToolResult(result);
255
256	assert.equal(result.isError, true);
257	assert.equal(data.code, 'UPSTREAM_ERROR');
258	assert.match(data.error, /Upstream 403/);
259	assert.equal(JSON.stringify(data).includes('private note body'), false);
260	});
261	});

File History 2 commits

sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor ⚠ 1 day ago

sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6 docs: accept Calendar Events v0 spec with Phase 0 security … Human 1 day ago