diff --git a/tests/fixtures/edge-cases.jsonl b/tests/fixtures/edge-cases.jsonl new file mode 100644 index 0000000..9e7e095 --- /dev/null +++ b/tests/fixtures/edge-cases.jsonl @@ -0,0 +1,4 @@ +this is not valid json +{"type":"user","message":{"role":"user","content":"Valid message after corrupt line"},"uuid":"edge-1","timestamp":"2025-10-15T10:00:00Z"} +{broken json too +{"type":"assistant","message":{"role":"assistant","content":[{"type":"text","text":"Response to valid message"}]},"uuid":"edge-2","timestamp":"2025-10-15T10:00:01Z"} diff --git a/tests/fixtures/sample-session.jsonl b/tests/fixtures/sample-session.jsonl new file mode 100644 index 0000000..f683819 --- /dev/null +++ b/tests/fixtures/sample-session.jsonl @@ -0,0 +1,15 @@ +{"type":"file-history-snapshot","messageId":"snap-1","snapshot":{"messageId":"snap-1","trackedFileBackups":[],"timestamp":"2025-10-15T10:30:00Z"},"isSnapshotUpdate":false} +{"type":"progress","data":{"type":"hook","hookEvent":"PreToolUse","hookName":"security_check","command":"check"},"uuid":"prog-1","timestamp":"2025-10-15T10:30:01Z"} +{"type":"user","message":{"role":"user","content":"Can you help me fix the login bug? Users are getting a 401 error."},"uuid":"msg-1","timestamp":"2025-10-15T10:30:05Z"} +{"type":"assistant","message":{"role":"assistant","content":[{"type":"thinking","thinking":"The user is reporting a 401 error on login. I should look at the authentication middleware and the login endpoint to understand what's happening."},{"type":"text","text":"I'll investigate the login bug. Let me start by looking at the authentication code."}]},"uuid":"msg-2","timestamp":"2025-10-15T10:30:10Z"} +{"type":"assistant","message":{"role":"assistant","content":[{"type":"tool_use","name":"Read","input":{"file_path":"/src/auth/login.ts"}}]},"uuid":"msg-3","timestamp":"2025-10-15T10:30:15Z"} +{"type":"user","message":{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_01","content":"export async function login(email: string, password: string) {\n const user = await db.users.findByEmail(email);\n if (!user) throw new UnauthorizedError();\n const valid = await bcrypt.compare(password, user.passwordHash);\n if (!valid) throw new UnauthorizedError();\n return generateToken(user);\n}"}]},"uuid":"msg-4","timestamp":"2025-10-15T10:30:16Z"} +{"type":"assistant","message":{"role":"assistant","content":[{"type":"text","text":"I found the issue. The `login` function looks correct, but let me check the middleware that validates tokens.\n\n```typescript\n// The fix is to update the token validation\nexport function validateToken(token: string) {\n return jwt.verify(token, process.env.JWT_SECRET!);\n}\n```\n\nThe problem was that the JWT_SECRET environment variable wasn't being loaded properly."}]},"uuid":"msg-5","timestamp":"2025-10-15T10:30:20Z"} +{"type":"user","message":{"role":"user","content":"Remember to check environment variables"},"uuid":"msg-6","timestamp":"2025-10-15T10:30:21Z"} +{"type":"user","message":{"role":"user","content":"That makes sense! Can you fix it?"},"uuid":"msg-7","timestamp":"2025-10-15T10:31:00Z"} +{"type":"assistant","message":{"role":"assistant","content":[{"type":"tool_use","name":"Edit","input":{"file_path":"/src/auth/middleware.ts","old_string":"jwt.verify(token, process.env.JWT_SECRET!)","new_string":"jwt.verify(token, getJwtSecret())"}}]},"uuid":"msg-8","timestamp":"2025-10-15T10:31:05Z"} +{"type":"user","message":{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_02","content":"File edited successfully."}]},"uuid":"msg-9","timestamp":"2025-10-15T10:31:06Z"} +{"type":"assistant","message":{"role":"assistant","content":[{"type":"text","text":"I've fixed the issue by using a `getJwtSecret()` helper that properly loads and caches the secret. The login should work now."}]},"uuid":"msg-10","timestamp":"2025-10-15T10:31:10Z"} +{"type":"progress","data":{"type":"tool","status":"running","toolName":"Bash","serverName":"local"},"uuid":"prog-2","timestamp":"2025-10-15T10:31:15Z"} +{"type":"summary","summary":"Fixed authentication bug by updating JWT secret loading in middleware.","leafUuid":"msg-10"} +{"type":"system","subtype":"turn_duration","slug":"test-session","durationMs":65000,"uuid":"sys-1","timestamp":"2025-10-15T10:31:20Z"} diff --git a/tests/fixtures/sessions-index.json b/tests/fixtures/sessions-index.json new file mode 100644 index 0000000..2053592 --- /dev/null +++ b/tests/fixtures/sessions-index.json @@ -0,0 +1,23 @@ +{ + "version": 1, + "entries": [ + { + "sessionId": "test-session-001", + "fullPath": "/tmp/test-session-001.jsonl", + "summary": "Fix authentication bug in login flow", + "firstPrompt": "Can you help me fix the login bug?", + "created": "2025-10-15T10:30:00Z", + "modified": "2025-10-15T11:45:00Z", + "messageCount": 12 + }, + { + "sessionId": "test-session-002", + "fullPath": "/tmp/test-session-002.jsonl", + "summary": "Add dark mode support", + "firstPrompt": "I want to add dark mode to the app", + "created": "2025-10-16T14:00:00Z", + "modified": "2025-10-16T15:30:00Z", + "messageCount": 8 + } + ] +} diff --git a/tests/unit/filters.test.ts b/tests/unit/filters.test.ts new file mode 100644 index 0000000..24c17ac --- /dev/null +++ b/tests/unit/filters.test.ts @@ -0,0 +1,142 @@ +import { describe, it, expect } from "vitest"; +import type { ParsedMessage, MessageCategory } from "../../src/shared/types.js"; +import { ALL_CATEGORIES, DEFAULT_HIDDEN_CATEGORIES } from "../../src/shared/types.js"; + +// Replicate the filter logic to test it in isolation +function filterMessages( + messages: ParsedMessage[], + enabledCategories: Set, + redactedUuids: Set = new Set() +): ParsedMessage[] { + return messages.filter( + (m) => enabledCategories.has(m.category) && !redactedUuids.has(m.uuid) + ); +} + +function makeMsg(uuid: string, category: MessageCategory): ParsedMessage { + return { uuid, category, content: `Content for ${uuid}`, rawIndex: 0 }; +} + +describe("filters", () => { + const messages: ParsedMessage[] = [ + makeMsg("1", "user_message"), + makeMsg("2", "assistant_text"), + makeMsg("3", "thinking"), + makeMsg("4", "tool_call"), + makeMsg("5", "tool_result"), + makeMsg("6", "system_message"), + makeMsg("7", "hook_progress"), + makeMsg("8", "file_snapshot"), + makeMsg("9", "summary"), + ]; + + it("correctly includes messages by enabled category", () => { + const enabled = new Set(["user_message", "assistant_text"]); + const filtered = filterMessages(messages, enabled); + expect(filtered).toHaveLength(2); + expect(filtered.map((m) => m.category)).toEqual([ + "user_message", + "assistant_text", + ]); + }); + + it("correctly excludes messages by disabled category", () => { + const enabled = new Set(ALL_CATEGORIES); + enabled.delete("thinking"); + const filtered = filterMessages(messages, enabled); + expect(filtered).toHaveLength(8); + expect(filtered.find((m) => m.category === "thinking")).toBeUndefined(); + }); + + it("default filter state has thinking and hooks disabled", () => { + const defaultEnabled = new Set(ALL_CATEGORIES); + for (const cat of DEFAULT_HIDDEN_CATEGORIES) { + defaultEnabled.delete(cat); + } + const filtered = filterMessages(messages, defaultEnabled); + expect(filtered.find((m) => m.category === "thinking")).toBeUndefined(); + expect(filtered.find((m) => m.category === "hook_progress")).toBeUndefined(); + expect(filtered).toHaveLength(7); + }); + + it("all-off filter returns empty array", () => { + const filtered = filterMessages(messages, new Set()); + expect(filtered).toEqual([]); + }); + + it("all-on filter returns all messages", () => { + const filtered = filterMessages(messages, new Set(ALL_CATEGORIES)); + expect(filtered).toHaveLength(9); + }); + + it("excludes redacted messages", () => { + const enabled = new Set(ALL_CATEGORIES); + const redacted = new Set(["1", "3"]); + const filtered = filterMessages(messages, enabled, redacted); + expect(filtered).toHaveLength(7); + expect(filtered.find((m) => m.uuid === "1")).toBeUndefined(); + expect(filtered.find((m) => m.uuid === "3")).toBeUndefined(); + }); + + it("getMatchCount returns count of messages matching search query", () => { + const lowerQuery = "content for 1"; + const count = messages.filter((m) => + m.content.toLowerCase().includes(lowerQuery) + ).length; + expect(count).toBe(1); + }); + + it("getMatchCount returns 0 for empty query", () => { + const lowerQuery = ""; + const count = lowerQuery + ? messages.filter((m) => m.content.toLowerCase().includes(lowerQuery)).length + : 0; + expect(count).toBe(0); + }); + + it("conversation preset includes only user and assistant messages", () => { + const preset: MessageCategory[] = ["user_message", "assistant_text"]; + const enabled = new Set(preset); + const filtered = filterMessages(messages, enabled); + expect(filtered).toHaveLength(2); + expect(filtered.every((m) => m.category === "user_message" || m.category === "assistant_text")).toBe(true); + }); + + it("debug preset includes only tool calls and results", () => { + const preset: MessageCategory[] = ["tool_call", "tool_result"]; + const enabled = new Set(preset); + const filtered = filterMessages(messages, enabled); + expect(filtered).toHaveLength(2); + expect(filtered.every((m) => m.category === "tool_call" || m.category === "tool_result")).toBe(true); + }); + + it("category counts are computed correctly", () => { + const counts: Record = {}; + for (const cat of ALL_CATEGORIES) { + counts[cat] = 0; + } + for (const msg of messages) { + counts[msg.category]++; + } + expect(counts["user_message"]).toBe(1); + expect(counts["assistant_text"]).toBe(1); + expect(counts["thinking"]).toBe(1); + expect(Object.values(counts).reduce((a, b) => a + b, 0)).toBe(9); + }); + + it("category counts exclude redacted messages", () => { + const redacted = new Set(["1", "2"]); + const counts: Record = {}; + for (const cat of ALL_CATEGORIES) { + counts[cat] = 0; + } + for (const msg of messages) { + if (!redacted.has(msg.uuid)) { + counts[msg.category]++; + } + } + expect(counts["user_message"]).toBe(0); + expect(counts["assistant_text"]).toBe(0); + expect(Object.values(counts).reduce((a, b) => a + b, 0)).toBe(7); + }); +}); diff --git a/tests/unit/html-exporter.test.ts b/tests/unit/html-exporter.test.ts new file mode 100644 index 0000000..d374be2 --- /dev/null +++ b/tests/unit/html-exporter.test.ts @@ -0,0 +1,119 @@ +import { describe, it, expect } from "vitest"; +import { generateExportHtml } from "../../src/server/services/html-exporter.js"; +import type { ExportRequest, ParsedMessage } from "../../src/shared/types.js"; + +function makeMessage( + overrides: Partial & { uuid: string } +): ParsedMessage { + return { + category: "assistant_text", + content: "Test content", + rawIndex: 0, + ...overrides, + }; +} + +function makeExportRequest( + messages: ParsedMessage[], + visible?: string[], + redacted?: string[] +): ExportRequest { + return { + session: { + id: "test-session", + project: "test-project", + messages, + }, + visibleMessageUuids: visible || messages.map((m) => m.uuid), + redactedMessageUuids: redacted || [], + }; +} + +describe("html-exporter", () => { + it("generates valid HTML with DOCTYPE", async () => { + const msg = makeMessage({ uuid: "msg-1", content: "Hello" }); + const html = await generateExportHtml(makeExportRequest([msg])); + expect(html).toMatch(/^/); + expect(html).toContain(""); + }); + + it("contains no external URL references", async () => { + const msg = makeMessage({ uuid: "msg-1", content: "Hello" }); + const html = await generateExportHtml(makeExportRequest([msg])); + // No script src or link href pointing to external URLs + expect(html).not.toMatch(/ { + const msg = makeMessage({ + uuid: "msg-1", + content: "Hello **world**", + category: "assistant_text", + }); + const html = await generateExportHtml(makeExportRequest([msg])); + expect(html).toContain("world"); + }); + + it("excludes filtered messages", async () => { + const msg1 = makeMessage({ uuid: "msg-1", content: "Visible" }); + const msg2 = makeMessage({ uuid: "msg-2", content: "Invisible" }); + const html = await generateExportHtml( + makeExportRequest([msg1, msg2], ["msg-1"], []) + ); + expect(html).toContain("Visible"); + expect(html).not.toContain("Invisible"); + }); + + it("excludes redacted messages", async () => { + const msg1 = makeMessage({ uuid: "msg-1", content: "Kept" }); + const msg2 = makeMessage({ uuid: "msg-2", content: "Redacted" }); + const html = await generateExportHtml( + makeExportRequest([msg1, msg2], ["msg-1", "msg-2"], ["msg-2"]) + ); + expect(html).toContain("Kept"); + expect(html).not.toContain("Redacted"); + }); + + it("includes redacted divider between non-redacted messages where redaction occurred", async () => { + const msg1 = makeMessage({ uuid: "msg-1", content: "Before" }); + const msg2 = makeMessage({ uuid: "msg-2", content: "Middle removed" }); + const msg3 = makeMessage({ uuid: "msg-3", content: "After" }); + const html = await generateExportHtml( + makeExportRequest( + [msg1, msg2, msg3], + ["msg-1", "msg-2", "msg-3"], + ["msg-2"] + ) + ); + expect(html).toContain("content redacted"); + expect(html).toContain("Before"); + expect(html).toContain("After"); + expect(html).not.toContain("Middle removed"); + }); + + it("renders markdown to HTML", async () => { + const msg = makeMessage({ + uuid: "msg-1", + content: "# Heading\n\n- item 1\n- item 2\n\n```js\nconst x = 1;\n```", + }); + const html = await generateExportHtml(makeExportRequest([msg])); + expect(html).toContain(""); + expect(html).toContain(" { + const msg = makeMessage({ uuid: "msg-1", content: "```js\nconst x = 1;\n```" }); + const html = await generateExportHtml(makeExportRequest([msg])); + expect(html).toContain(".hljs"); + }); + + it("includes session metadata header", async () => { + const msg = makeMessage({ uuid: "msg-1", content: "Hello" }); + const html = await generateExportHtml(makeExportRequest([msg])); + expect(html).toContain("test-project"); + expect(html).toContain("Session Export"); + expect(html).toContain("1 messages"); + }); +}); diff --git a/tests/unit/sensitive-redactor.test.ts b/tests/unit/sensitive-redactor.test.ts new file mode 100644 index 0000000..801b2bd --- /dev/null +++ b/tests/unit/sensitive-redactor.test.ts @@ -0,0 +1,552 @@ +import { describe, it, expect } from "vitest"; +import { + redactSensitiveContent, + redactMessage, + redactString, +} from "../../src/shared/sensitive-redactor.js"; +import type { ParsedMessage } from "../../src/shared/types.js"; + +describe("sensitive-redactor", () => { + describe("redactSensitiveContent", () => { + // --- Tier 1: Known Secret Formats --- + + describe("AWS credentials", () => { + it("redacts AWS access key IDs", () => { + const input = "Use key AKIAIOSFODNN7EXAMPLE to authenticate"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[AWS_KEY]"); + expect(result.sanitized).not.toContain("AKIAIOSFODNN7EXAMPLE"); + expect(result.redactionCount).toBeGreaterThan(0); + }); + + it("redacts ASIA temporary credentials", () => { + const input = "Temporary creds: ASIA2EXAMPLEXEG4567Q"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[AWS_KEY]"); + }); + + it("redacts AWS Bedrock API keys", () => { + const key = "ABSK" + "A".repeat(110); + const input = "key: " + key; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[AWS_BEDROCK_KEY]"); + }); + }); + + describe("GitHub tokens", () => { + it("redacts GitHub PATs", () => { + const token = "ghp_" + "a".repeat(36); + const input = "token: " + token; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[GITHUB_TOKEN]"); + expect(result.sanitized).not.toContain("ghp_"); + }); + + it("redacts GitHub fine-grained PATs", () => { + const token = "github_pat_" + "a".repeat(82); + const result = redactSensitiveContent(token); + expect(result.sanitized).toContain("[GITHUB_TOKEN]"); + }); + + it("redacts GitHub app tokens (ghu_ and ghs_)", () => { + const input = "ghu_" + "a".repeat(36) + " and ghs_" + "b".repeat(36); + const result = redactSensitiveContent(input); + expect(result.sanitized).not.toContain("ghu_"); + expect(result.sanitized).not.toContain("ghs_"); + expect(result.redactionCount).toBe(2); + }); + }); + + describe("GitLab tokens", () => { + it("redacts GitLab PATs", () => { + const input = "glpat-a1b2c3d4e5f6g7h8i9j0"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[GITLAB_TOKEN]"); + }); + + it("redacts GitLab runner tokens", () => { + const input = "glrt-a1b2c3d4e5f6g7h8i9j0"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[GITLAB_TOKEN]"); + }); + }); + + describe("OpenAI keys", () => { + it("redacts OpenAI project keys", () => { + const input = + "sk-proj-" + "a".repeat(58) + "T3BlbkFJ" + "b".repeat(58); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[OPENAI_KEY]"); + expect(result.sanitized).not.toContain("sk-proj-"); + }); + + it("redacts legacy OpenAI keys", () => { + const input = "sk-" + "a".repeat(20) + "T3BlbkFJ" + "b".repeat(20); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[OPENAI_KEY]"); + }); + }); + + describe("Anthropic keys", () => { + it("redacts Anthropic API keys", () => { + const input = "sk-ant-api03-" + "a".repeat(93) + "AA"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[ANTHROPIC_KEY]"); + }); + + it("redacts Anthropic admin keys", () => { + const input = "sk-ant-admin01-" + "a".repeat(93) + "AA"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[ANTHROPIC_KEY]"); + }); + }); + + describe("AI service tokens", () => { + it("redacts HuggingFace tokens", () => { + const input = "hf_" + "a".repeat(34); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[HF_TOKEN]"); + }); + + it("redacts Perplexity keys", () => { + const input = "pplx-" + "a".repeat(48); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[PERPLEXITY_KEY]"); + }); + }); + + describe("Stripe keys", () => { + it("redacts live Stripe secret keys", () => { + const input = "sk_live_abcdefghijklmnopqrstuvwxyz1234"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[STRIPE_KEY]"); + expect(result.sanitized).not.toContain("sk_live_"); + }); + + it("redacts test Stripe keys", () => { + const input = "sk_test_abcdefghijklmnop"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[STRIPE_KEY]"); + }); + + it("redacts restricted Stripe keys", () => { + const input = "rk_live_abcdefghijklmnop"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[STRIPE_KEY]"); + }); + }); + + describe("Slack tokens", () => { + it("redacts Slack bot tokens", () => { + const input = "xoxb-1234567890123-1234567890123-abcdefghij"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[SLACK_TOKEN]"); + }); + + it("redacts Slack webhook URLs", () => { + const input = + "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[SLACK_WEBHOOK]"); + }); + }); + + describe("SendGrid tokens", () => { + it("redacts SendGrid API tokens", () => { + const sgKey = "SG." + "a".repeat(22) + "." + "b".repeat(43); + const result = redactSensitiveContent(sgKey); + expect(result.sanitized).toContain("[SENDGRID_TOKEN]"); + }); + }); + + describe("GCP API keys", () => { + it("redacts GCP API keys", () => { + const input = "AIza" + "a".repeat(35); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[GCP_KEY]"); + }); + }); + + describe("Heroku keys", () => { + it("redacts Heroku API keys", () => { + const input = "HRKU-AA" + "a".repeat(58); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[HEROKU_KEY]"); + }); + }); + + describe("npm tokens", () => { + it("redacts npm access tokens", () => { + const input = "npm_" + "a".repeat(36); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[NPM_TOKEN]"); + }); + }); + + describe("PyPI tokens", () => { + it("redacts PyPI upload tokens", () => { + const input = "pypi-AgEIcHlwaS5vcmc" + "a".repeat(50); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[PYPI_TOKEN]"); + }); + }); + + describe("Sentry tokens", () => { + it("redacts Sentry user tokens", () => { + const input = "sntryu_" + "a".repeat(64); + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[SENTRY_TOKEN]"); + }); + }); + + describe("JWT tokens", () => { + it("redacts JWT tokens", () => { + const header = Buffer.from('{"alg":"HS256"}').toString("base64url"); + const payload = Buffer.from('{"sub":"1234567890"}').toString( + "base64url" + ); + const sig = "abcdefghij"; + const jwt = header + "." + payload + "." + sig; + const result = redactSensitiveContent("Bearer " + jwt); + expect(result.sanitized).toContain("[JWT]"); + }); + }); + + describe("Private keys (PEM)", () => { + it("redacts RSA private keys", () => { + const input = + "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA0Z3VS5JJcds3xfn" + + "a".repeat(100) + + "\n-----END RSA PRIVATE KEY-----"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[PRIVATE_KEY]"); + expect(result.sanitized).not.toContain("MIIEpAIBAAKCAQEA"); + }); + + it("redacts generic private keys", () => { + const input = + "-----BEGIN PRIVATE KEY-----\n" + + "a".repeat(100) + + "\n-----END PRIVATE KEY-----"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[PRIVATE_KEY]"); + }); + }); + + describe("Generic API key pattern", () => { + it("redacts KEY=value assignments with secret-like variable names", () => { + const input = 'SECRET_KEY="verySecretValue1234567"'; + const result = redactSensitiveContent(input); + expect(result.redactionCount).toBeGreaterThan(0); + }); + + it("redacts api_key assignments", () => { + const input = "api_key: abcdefghijklmnopqrst"; + const result = redactSensitiveContent(input); + expect(result.redactionCount).toBeGreaterThan(0); + }); + + it("redacts password assignments", () => { + const input = 'password = "mySuperSecretPassword123"'; + const result = redactSensitiveContent(input); + expect(result.redactionCount).toBeGreaterThan(0); + }); + }); + + // --- Tier 2: PII/System Info --- + + describe("Home directory paths", () => { + it("redacts /home/username paths", () => { + const input = "Reading file /home/taylor/.ssh/id_rsa"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[HOME_PATH]"); + expect(result.sanitized).not.toContain("/home/taylor"); + }); + + it("redacts /Users/username paths (macOS)", () => { + const input = "Found at /Users/taylor/projects/app/src/index.ts"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[HOME_PATH]"); + expect(result.sanitized).not.toContain("/Users/taylor"); + }); + + it("redacts C:\\Users\\username paths (Windows)", () => { + const input = "Path: C:\\Users\\Taylor\\Documents\\project"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[HOME_PATH]"); + }); + }); + + describe("Connection strings", () => { + it("redacts PostgreSQL connection strings", () => { + const input = + "DATABASE_URL=postgresql://admin:secret@db.example.com:5432/mydb"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[CONNECTION_STRING]"); + expect(result.sanitized).not.toContain("admin:secret"); + }); + + it("redacts MongoDB connection strings", () => { + const input = "mongodb+srv://user:pass@cluster.mongodb.net/db"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[CONNECTION_STRING]"); + }); + + it("redacts Redis connection strings", () => { + const input = "redis://default:password@redis.example.com:6379"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[CONNECTION_STRING]"); + }); + }); + + describe("URLs with credentials", () => { + it("redacts URLs with user:pass embedded", () => { + const input = "https://admin:s3cret@api.example.com/v1/data"; + const result = redactSensitiveContent(input); + // Could match URL_WITH_CREDS or CONNECTION_STRING + expect(result.redactionCount).toBeGreaterThan(0); + expect(result.sanitized).not.toContain("admin:s3cret"); + }); + + it("does NOT redact normal URLs without credentials", () => { + const input = "https://api.example.com/v1/data"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + }); + + describe("Email addresses", () => { + it("redacts email addresses", () => { + const input = "Contact taylor@company.com for support"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[EMAIL]"); + expect(result.sanitized).not.toContain("taylor@company.com"); + }); + + it("does NOT redact example.com emails", () => { + const input = "user@example.com is a placeholder"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + + it("does NOT redact test.com emails", () => { + const input = "test@test.com for testing"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + + it("does NOT redact noreply@anthropic.com", () => { + const input = "Co-Authored-By: Claude "; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + }); + + describe("IPv4 addresses", () => { + it("redacts non-localhost IPv4 addresses", () => { + const input = "Server running at 10.0.1.55:8080"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[IP_ADDR]"); + expect(result.sanitized).not.toContain("10.0.1.55"); + }); + + it("does NOT redact 127.0.0.1", () => { + const input = "Listening on 127.0.0.1:3000"; + const result = redactSensitiveContent(input); + expect(result.sanitized).not.toContain("[IP_ADDR]"); + expect(result.sanitized).toContain("127.0.0.1"); + }); + + it("does NOT redact 0.0.0.0", () => { + const input = "Bind to 0.0.0.0:8080"; + const result = redactSensitiveContent(input); + expect(result.sanitized).not.toContain("[IP_ADDR]"); + }); + + it("does NOT redact RFC 5737 documentation IPs", () => { + const input = + "Example: 192.0.2.1 and 198.51.100.5 and 203.0.113.10"; + const result = redactSensitiveContent(input); + expect(result.sanitized).not.toContain("[IP_ADDR]"); + }); + }); + + describe("Bearer tokens", () => { + it("redacts Bearer tokens in auth headers", () => { + const input = + "Authorization: Bearer some_long_token_value_here.with.parts"; + const result = redactSensitiveContent(input); + expect( + result.sanitized.includes("[BEARER_TOKEN]") || + result.sanitized.includes("[JWT]") + ).toBe(true); + }); + }); + + describe("Environment variable secrets", () => { + it("redacts SECRET_KEY assignments", () => { + const input = "SECRET_KEY=abcdefghij1234567890"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[ENV_SECRET]"); + }); + + it("redacts DATABASE_PASSWORD assignments", () => { + const input = 'DATABASE_PASSWORD="myDbPassw0rd"'; + const result = redactSensitiveContent(input); + expect(result.redactionCount).toBeGreaterThan(0); + }); + }); + + // --- False Positive Resistance --- + + describe("false positive resistance", () => { + it("does NOT redact normal code content", () => { + const input = + "function add(a: number, b: number): number { return a + b; }"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + expect(result.redactionCount).toBe(0); + }); + + it("does NOT redact normal markdown text", () => { + const input = + "# Getting Started\n\nTo install, run `npm install express`.\n\n## Features\n- Fast routing"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + + it("does NOT redact short strings that could look like keys", () => { + const input = "The sk value is 42"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + + it("does NOT redact normal file paths outside home dirs", () => { + const input = "Edit /etc/nginx/nginx.conf or /var/log/syslog"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + + it("does NOT redact version numbers that look like IPs", () => { + const input = "Using version 1.2.3 of the library"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + }); + + it("preserves surrounding text when redacting", () => { + const token = "ghp_" + "a".repeat(36); + const input = "Before " + token + " after"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toMatch( + /^Before \[GITHUB_TOKEN\] after$/ + ); + }); + }); + + // --- Edge Cases --- + + describe("edge cases", () => { + it("handles empty string", () => { + const result = redactSensitiveContent(""); + expect(result.sanitized).toBe(""); + expect(result.redactionCount).toBe(0); + expect(result.categories).toHaveLength(0); + }); + + it("handles string with no sensitive content", () => { + const input = + "This is a perfectly normal message with no secrets."; + const result = redactSensitiveContent(input); + expect(result.sanitized).toBe(input); + expect(result.redactionCount).toBe(0); + }); + + it("handles multiple different secrets in one string", () => { + const ghToken = "ghp_" + "a".repeat(36); + const input = "Key: " + ghToken + " and also AKIAIOSFODNN7EXAMPLE"; + const result = redactSensitiveContent(input); + expect(result.sanitized).toContain("[GITHUB_TOKEN]"); + expect(result.sanitized).toContain("[AWS_KEY]"); + expect(result.redactionCount).toBe(2); + }); + + it("tracks matched categories", () => { + const input = "ghp_" + "a".repeat(36); + const result = redactSensitiveContent(input); + expect(result.categories.length).toBeGreaterThan(0); + }); + }); + }); + + describe("redactString", () => { + it("returns just the sanitized string", () => { + const input = "ghp_" + "a".repeat(36); + const result = redactString(input); + expect(result).toContain("[GITHUB_TOKEN]"); + expect(typeof result).toBe("string"); + }); + }); + + describe("redactMessage", () => { + const baseMessage: ParsedMessage = { + uuid: "msg-1", + category: "assistant_text", + content: "Check ghp_" + "a".repeat(36) + " for access", + toolName: undefined, + toolInput: undefined, + timestamp: "2025-10-15T10:00:00Z", + rawIndex: 0, + }; + + it("redacts the content field", () => { + const redacted = redactMessage(baseMessage); + expect(redacted.content).toContain("[GITHUB_TOKEN]"); + expect(redacted.content).not.toContain("ghp_"); + }); + + it("returns a new object without mutating the original", () => { + const originalContent = baseMessage.content; + const redacted = redactMessage(baseMessage); + expect(redacted).not.toBe(baseMessage); + expect(baseMessage.content).toBe(originalContent); + }); + + it("preserves uuid, category, timestamp, rawIndex", () => { + const redacted = redactMessage(baseMessage); + expect(redacted.uuid).toBe(baseMessage.uuid); + expect(redacted.category).toBe(baseMessage.category); + expect(redacted.timestamp).toBe(baseMessage.timestamp); + expect(redacted.rawIndex).toBe(baseMessage.rawIndex); + }); + + it("redacts toolInput field", () => { + const msg: ParsedMessage = { + ...baseMessage, + category: "tool_call", + toolName: "Bash", + toolInput: JSON.stringify({ + command: "export SECRET_KEY=abcdefghijklmnopqrstuvwxyz", + }), + }; + const redacted = redactMessage(msg); + expect(redacted.toolInput).not.toBe(msg.toolInput); + }); + + it("leaves toolName unchanged for standard tool names", () => { + const msg: ParsedMessage = { + ...baseMessage, + category: "tool_call", + toolName: "Read", + toolInput: '{"file_path": "/etc/config"}', + }; + const redacted = redactMessage(msg); + expect(redacted.toolName).toBe("Read"); + }); + + it("handles undefined toolInput and toolName", () => { + const redacted = redactMessage(baseMessage); + expect(redacted.toolInput).toBeUndefined(); + expect(redacted.toolName).toBeUndefined(); + }); + }); +}); diff --git a/tests/unit/session-discovery.test.ts b/tests/unit/session-discovery.test.ts new file mode 100644 index 0000000..9ca4674 --- /dev/null +++ b/tests/unit/session-discovery.test.ts @@ -0,0 +1,138 @@ +import { describe, it, expect } from "vitest"; +import { discoverSessions } from "../../src/server/services/session-discovery.js"; +import path from "path"; +import fs from "fs/promises"; +import os from "os"; + +/** Helper to write a sessions-index.json in the real { version, entries } format */ +function makeIndex(entries: Record[]) { + return JSON.stringify({ version: 1, entries }); +} + +describe("session-discovery", () => { + it("discovers sessions from { version, entries } format", async () => { + const tmpDir = path.join(os.tmpdir(), `sv-test-${Date.now()}`); + const projectDir = path.join(tmpDir, "test-project"); + await fs.mkdir(projectDir, { recursive: true }); + + await fs.writeFile( + path.join(projectDir, "sessions-index.json"), + makeIndex([ + { + sessionId: "sess-001", + fullPath: "/tmp/sess-001.jsonl", + summary: "Test session", + firstPrompt: "Hello", + created: "2025-10-15T10:00:00Z", + modified: "2025-10-15T11:00:00Z", + messageCount: 5, + }, + ]) + ); + + const sessions = await discoverSessions(tmpDir); + expect(sessions).toHaveLength(1); + expect(sessions[0].id).toBe("sess-001"); + expect(sessions[0].summary).toBe("Test session"); + expect(sessions[0].project).toBe("test-project"); + expect(sessions[0].messageCount).toBe(5); + expect(sessions[0].path).toBe("/tmp/sess-001.jsonl"); + + await fs.rm(tmpDir, { recursive: true }); + }); + + it("also handles legacy raw array format", async () => { + const tmpDir = path.join(os.tmpdir(), `sv-test-legacy-${Date.now()}`); + const projectDir = path.join(tmpDir, "legacy-project"); + await fs.mkdir(projectDir, { recursive: true }); + + // Raw array (not wrapped in { version, entries }) + await fs.writeFile( + path.join(projectDir, "sessions-index.json"), + JSON.stringify([ + { + sessionId: "legacy-001", + summary: "Legacy format", + created: "2025-10-15T10:00:00Z", + modified: "2025-10-15T11:00:00Z", + }, + ]) + ); + + const sessions = await discoverSessions(tmpDir); + expect(sessions).toHaveLength(1); + expect(sessions[0].id).toBe("legacy-001"); + + await fs.rm(tmpDir, { recursive: true }); + }); + + it("handles missing projects directory gracefully", async () => { + const sessions = await discoverSessions("/nonexistent/path"); + expect(sessions).toEqual([]); + }); + + it("handles corrupt index files gracefully", async () => { + const tmpDir = path.join(os.tmpdir(), `sv-test-corrupt-${Date.now()}`); + const projectDir = path.join(tmpDir, "corrupt-project"); + await fs.mkdir(projectDir, { recursive: true }); + await fs.writeFile( + path.join(projectDir, "sessions-index.json"), + "not valid json {" + ); + + const sessions = await discoverSessions(tmpDir); + expect(sessions).toEqual([]); + + await fs.rm(tmpDir, { recursive: true }); + }); + + it("aggregates across multiple project directories", async () => { + const tmpDir = path.join(os.tmpdir(), `sv-test-multi-${Date.now()}`); + const proj1 = path.join(tmpDir, "project-a"); + const proj2 = path.join(tmpDir, "project-b"); + await fs.mkdir(proj1, { recursive: true }); + await fs.mkdir(proj2, { recursive: true }); + + await fs.writeFile( + path.join(proj1, "sessions-index.json"), + makeIndex([{ sessionId: "a-001", created: "2025-01-01T00:00:00Z", modified: "2025-01-01T00:00:00Z" }]) + ); + await fs.writeFile( + path.join(proj2, "sessions-index.json"), + makeIndex([{ sessionId: "b-001", created: "2025-01-02T00:00:00Z", modified: "2025-01-02T00:00:00Z" }]) + ); + + const sessions = await discoverSessions(tmpDir); + expect(sessions).toHaveLength(2); + const ids = sessions.map((s) => s.id); + expect(ids).toContain("a-001"); + expect(ids).toContain("b-001"); + + await fs.rm(tmpDir, { recursive: true }); + }); + + it("uses fullPath from index entry", async () => { + const tmpDir = path.join(os.tmpdir(), `sv-test-fp-${Date.now()}`); + const projectDir = path.join(tmpDir, "fp-project"); + await fs.mkdir(projectDir, { recursive: true }); + + await fs.writeFile( + path.join(projectDir, "sessions-index.json"), + makeIndex([ + { + sessionId: "fp-001", + fullPath: "/home/ubuntu/.claude/projects/xyz/fp-001.jsonl", + created: "2025-10-15T10:00:00Z", + modified: "2025-10-15T11:00:00Z", + }, + ]) + ); + + const sessions = await discoverSessions(tmpDir); + expect(sessions[0].path).toBe( + "/home/ubuntu/.claude/projects/xyz/fp-001.jsonl" + ); + + await fs.rm(tmpDir, { recursive: true }); + }); +}); diff --git a/tests/unit/session-parser.test.ts b/tests/unit/session-parser.test.ts new file mode 100644 index 0000000..2876f00 --- /dev/null +++ b/tests/unit/session-parser.test.ts @@ -0,0 +1,219 @@ +import { describe, it, expect } from "vitest"; +import { parseSessionContent } from "../../src/server/services/session-parser.js"; +import fs from "fs/promises"; +import path from "path"; + +describe("session-parser", () => { + it("parses user messages with string content", () => { + const line = JSON.stringify({ + type: "user", + message: { role: "user", content: "Hello world" }, + uuid: "u-1", + timestamp: "2025-10-15T10:00:00Z", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("user_message"); + expect(msgs[0].content).toBe("Hello world"); + expect(msgs[0].uuid).toBe("u-1"); + expect(msgs[0].timestamp).toBe("2025-10-15T10:00:00Z"); + }); + + it("parses user messages with tool_result array content", () => { + const line = JSON.stringify({ + type: "user", + message: { + role: "user", + content: [ + { type: "tool_result", tool_use_id: "toolu_01", content: "File contents here" }, + ], + }, + uuid: "u-2", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("tool_result"); + expect(msgs[0].content).toBe("File contents here"); + }); + + it("parses assistant text blocks", () => { + const line = JSON.stringify({ + type: "assistant", + message: { + role: "assistant", + content: [{ type: "text", text: "Here is my response" }], + }, + uuid: "a-1", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("assistant_text"); + expect(msgs[0].content).toBe("Here is my response"); + }); + + it("parses thinking blocks", () => { + const line = JSON.stringify({ + type: "assistant", + message: { + role: "assistant", + content: [{ type: "thinking", thinking: "Let me think about this..." }], + }, + uuid: "a-2", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("thinking"); + expect(msgs[0].content).toBe("Let me think about this..."); + }); + + it("parses tool_use blocks", () => { + const line = JSON.stringify({ + type: "assistant", + message: { + role: "assistant", + content: [ + { type: "tool_use", name: "Read", input: { file_path: "/src/index.ts" } }, + ], + }, + uuid: "a-3", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("tool_call"); + expect(msgs[0].toolName).toBe("Read"); + expect(msgs[0].toolInput).toContain("/src/index.ts"); + }); + + it("parses progress messages from data field", () => { + const line = JSON.stringify({ + type: "progress", + data: { type: "hook", hookEvent: "PreToolUse", hookName: "security_check" }, + uuid: "p-1", + timestamp: "2025-10-15T10:00:00Z", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("hook_progress"); + expect(msgs[0].content).toContain("PreToolUse"); + expect(msgs[0].content).toContain("security_check"); + }); + + it("parses file-history-snapshot messages", () => { + const line = JSON.stringify({ + type: "file-history-snapshot", + messageId: "snap-1", + snapshot: { messageId: "snap-1", trackedFileBackups: [], timestamp: "2025-10-15T10:00:00Z" }, + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("file_snapshot"); + }); + + it("parses summary messages from summary field", () => { + const line = JSON.stringify({ + type: "summary", + summary: "Session summary here", + leafUuid: "msg-10", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("summary"); + expect(msgs[0].content).toBe("Session summary here"); + }); + + it("skips system metadata lines (turn_duration)", () => { + const line = JSON.stringify({ + type: "system", + subtype: "turn_duration", + durationMs: 50000, + uuid: "sys-1", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(0); + }); + + it("skips queue-operation lines", () => { + const line = JSON.stringify({ + type: "queue-operation", + uuid: "qo-1", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(0); + }); + + it("detects system-reminder content in user messages", () => { + const line = JSON.stringify({ + type: "user", + message: { + role: "user", + content: "Some reminder", + }, + uuid: "u-sr", + }); + const msgs = parseSessionContent(line); + expect(msgs).toHaveLength(1); + expect(msgs[0].category).toBe("system_message"); + }); + + it("skips malformed JSONL lines without crashing", () => { + const content = [ + "not valid json", + JSON.stringify({ + type: "user", + message: { role: "user", content: "Valid message" }, + uuid: "u-valid", + }), + "{broken}", + ].join("\n"); + const msgs = parseSessionContent(content); + expect(msgs).toHaveLength(1); + expect(msgs[0].content).toBe("Valid message"); + }); + + it("returns empty array for empty files", () => { + const msgs = parseSessionContent(""); + expect(msgs).toEqual([]); + }); + + it("uses uuid from the JSONL line, not random", () => { + const line = JSON.stringify({ + type: "user", + message: { role: "user", content: "Test" }, + uuid: "my-specific-uuid-123", + }); + const msgs = parseSessionContent(line); + expect(msgs[0].uuid).toBe("my-specific-uuid-123"); + }); + + it("parses the full sample session fixture", async () => { + const fixturePath = path.join( + __dirname, + "../fixtures/sample-session.jsonl" + ); + const content = await fs.readFile(fixturePath, "utf-8"); + const msgs = parseSessionContent(content); + + const categories = new Set(msgs.map((m) => m.category)); + expect(categories.has("user_message")).toBe(true); + expect(categories.has("assistant_text")).toBe(true); + expect(categories.has("thinking")).toBe(true); + expect(categories.has("tool_call")).toBe(true); + expect(categories.has("tool_result")).toBe(true); + expect(categories.has("system_message")).toBe(true); + expect(categories.has("hook_progress")).toBe(true); + expect(categories.has("summary")).toBe(true); + expect(categories.has("file_snapshot")).toBe(true); + }); + + it("handles edge-cases fixture (corrupt lines)", async () => { + const fixturePath = path.join( + __dirname, + "../fixtures/edge-cases.jsonl" + ); + const content = await fs.readFile(fixturePath, "utf-8"); + const msgs = parseSessionContent(content); + expect(msgs).toHaveLength(2); + expect(msgs[0].category).toBe("user_message"); + expect(msgs[1].category).toBe("assistant_text"); + }); +});