test: cover features since 053a9c0d + repair test tooling

Add ~330 tests across server (Jest), client (Vitest), editor-ext (Vitest)
and packages/mcp (node:test) for the gitmost features added since
053a9c0d: AI chat, AI agent roles, public-share assistant, MCP per-user
auth, HTML embed, page templates/embed, realtime tree, tree
expand/collapse, and the AI-settings UI.

Test-tooling fixes (prerequisite, were silently hiding coverage):
- Repair 3 page-template specs broken by the 11-arg TransclusionService
  constructor; they never compiled, so template access-control / content
  -leak / unsync-strip coverage was fictitious.
- Build @docmost/editor-ext before server tests via a `pretest` hook;
  the stale dist omitted the new HtmlEmbed/PageEmbed exports (TS2305).
- Let jest resolve the .tsx email templates: add `tsx` to
  moduleFileExtensions and widen the ts-jest transform to (t|j)sx?.

Behaviour-preserving "extract pure core" refactors that the tests drive:
- server: resolveShareAssistantRequest + uiMessageTextLength
  (public-share controller), decideBasicGate + mapAuthResultToResponse
  (mcp), buildErrorAssistantRecord (ai-chat), jsonbObject export (roles).
- client: render-raw-html + shouldExecute/canEdit, decide-embed-state,
  page-embed picker utils, tree-socket reducers, open/close branch maps,
  isEndpointConfigured/resolveKeyField; buildTreeWithChildren now treats
  a permission-trimmed orphan as a root instead of crashing.

Deferred (need a test DB or HTTP harness, documented in the specs):
repo-level Postgres integration tests and the public-share XFF E2E.
Pre-existing DI/lib0-ESM suite failures are untouched and out of scope.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
claude_code
2026-06-20 23:40:40 +03:00
parent 692c0abe13
commit 90d3fab483
56 changed files with 5668 additions and 447 deletions
@@ -0,0 +1,116 @@
import { afterEach, describe, expect, it } from "vitest";
import {
encodeHtmlEmbedSource,
decodeHtmlEmbedSource,
} from "./html-embed";
// Unit coverage for the base64 codec used by the htmlEmbed node's
// data-source attribute (html-embed.ts). The codec has two branches:
// - the BROWSER branch: btoa(encodeURIComponent(s)) / decodeURIComponent(atob(s));
// - the NODE fallback: Buffer.from(..).toString("base64") / Buffer.from(s,"base64").
// Server-side schema parsing (htmlToJson with no global btoa/atob) hits the
// fallback, so both branches must round-trip identically; otherwise an embed
// encoded in the browser would decode wrong on the server (or vice versa).
//
// We force the fallback by temporarily DELETING globalThis.btoa/atob (jsdom
// provides them in this env), restoring them after each test so the suite stays
// hermetic.
const realBtoa = globalThis.btoa;
const realAtob = globalThis.atob;
function deleteBase64Globals(): void {
// @ts-expect-error — intentionally removing the globals to exercise the
// `typeof btoa !== "function"` Node fallback branch in the codec.
delete globalThis.btoa;
// @ts-expect-error — see above.
delete globalThis.atob;
}
afterEach(() => {
// Always restore so one test's stubbing never leaks into another.
globalThis.btoa = realBtoa;
globalThis.atob = realAtob;
});
describe("html-embed codec — browser btoa/atob branch", () => {
it("round-trips ASCII source", () => {
const src = "<script>alert(1)</script>";
const enc = encodeHtmlEmbedSource(src);
expect(enc).not.toBe("");
// base64 of the encodeURIComponent form never contains a raw '<'.
expect(enc).not.toContain("<");
expect(decodeHtmlEmbedSource(enc)).toBe(src);
});
it("round-trips UTF-8 / non-Latin1 source (the reason for encodeURIComponent)", () => {
const src = '<p>héllo → 世界 𝕏</p>';
const enc = encodeHtmlEmbedSource(src);
expect(decodeHtmlEmbedSource(enc)).toBe(src);
});
});
describe("html-embed codec — Node Buffer fallback branch", () => {
it("encode uses the Buffer fallback when btoa is unavailable and still round-trips (UTF-8)", () => {
const src = '<div>héllo → 世界 𝕏</div>';
deleteBase64Globals();
// With the globals gone, encode must take the Buffer path...
const encFallback = encodeHtmlEmbedSource(src);
expect(encFallback).not.toBe("");
// ...and decode (also via Buffer) must recover the exact source.
expect(decodeHtmlEmbedSource(encFallback)).toBe(src);
});
it("the Buffer fallback produces the SAME bytes the browser branch does (cross-env parity)", () => {
const src = '<span>café — 日本語</span>';
// Browser branch (globals intact).
const encBrowser = encodeHtmlEmbedSource(src);
// Fallback branch.
deleteBase64Globals();
const encFallback = encodeHtmlEmbedSource(src);
// Identical base64 => an embed encoded in either environment decodes
// identically in the other (server <-> client losslessness).
expect(encFallback).toBe(encBrowser);
// And the fallback can decode what the browser produced.
expect(decodeHtmlEmbedSource(encBrowser)).toBe(src);
});
it("empty string -> '' on both encode and decode in the fallback (early return, branch never reached)", () => {
deleteBase64Globals();
expect(encodeHtmlEmbedSource("")).toBe("");
expect(decodeHtmlEmbedSource("")).toBe("");
});
it("decode of malformed base64 -> '' via the catch branch (fallback)", () => {
// In the Buffer fallback, Buffer.from(..,'base64') is lenient and never
// throws, so to hit the catch we need a payload whose DECODED bytes are an
// invalid percent-escape, which makes decodeURIComponent throw. base64 of a
// lone '%' decodes back to '%', and decodeURIComponent('%') is a URIError.
const badBase64 = Buffer.from("%", "utf-8").toString("base64"); // "JQ=="
deleteBase64Globals();
// Sanity: the raw decode really does throw, so we're exercising the catch.
expect(() =>
decodeURIComponent(Buffer.from(badBase64, "base64").toString("utf-8")),
).toThrow();
// The codec swallows it and returns "" rather than propagating.
expect(decodeHtmlEmbedSource(badBase64)).toBe("");
});
});
describe("html-embed codec — decode of malformed input (browser branch)", () => {
it("returns '' for input atob rejects (catch branch)", () => {
// atob throws on characters outside the base64 alphabet; the codec catches
// it and returns "" instead of throwing.
expect(decodeHtmlEmbedSource("@@not-base64@@")).toBe("");
});
it("empty string short-circuits to '' (never calls atob)", () => {
expect(decodeHtmlEmbedSource("")).toBe("");
});
});