Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
haiany
/
codegraph
-ын хуулбар https://github.com/colbymchenry/codegraph.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Салаа: docs/release-flow-clarification
Салаанууд Тагууд
codegraph
/
__tests__
/
mcp-tool-allowlist.test.ts

mcp-tool-allowlist.test.ts 2.3 KB
Байнгын холболт Түүх Анхны өгөгдөл

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. /**
    2. 

  2.  * CODEGRAPH_MCP_TOOLS allowlist — lets an operator (or an A/B harness) trim the
    3. 

  3.  * exposed MCP tool surface without touching the client config. Inert when unset.
    4. 

  4.  * Filtering happens in ListTools (getTools) and is enforced again on execute().
    5. 

  5.  */
    6. 

  6. import { describe, it, expect, afterEach } from 'vitest';
    7. 

  7. import { ToolHandler } from '../src/mcp/tools';
    8. 

  8. 

  9. const ENV = 'CODEGRAPH_MCP_TOOLS';
    10. 

  10. 

  11. describe('CODEGRAPH_MCP_TOOLS allowlist', () => {
    12. 

  12.   const original = process.env[ENV];
    13. 

  13.   afterEach(() => {
    14. 

  14.     if (original === undefined) delete process.env[ENV];
    15. 

  15.     else process.env[ENV] = original;
    16. 

  16.   });
    17. 

  17. 

  18.   const listed = () => new ToolHandler(null).getTools().map(t => t.name).sort();
    19. 

  19. 

  20.   it('exposes the full tool surface when unset', () => {
    21. 

  21.     delete process.env[ENV];
    22. 

  22.     const all = listed();
    23. 

  23.     expect(all).toContain('codegraph_explore');
    24. 

  24.     expect(all).toContain('codegraph_context');
    25. 

  25.     expect(all).toContain('codegraph_trace');
    26. 

  26.     expect(all.length).toBeGreaterThanOrEqual(10);
    27. 

  27.   });
    28. 

  28. 

  29.   it('filters ListTools to the allowlisted short names', () => {
    30. 

  30.     process.env[ENV] = 'trace,search,node';
    31. 

  31.     expect(listed()).toEqual(['codegraph_node', 'codegraph_search', 'codegraph_trace']);
    32. 

  32.   });
    33. 

  33. 

  34.   it('accepts fully-qualified codegraph_ names and ignores whitespace', () => {
    35. 

  35.     process.env[ENV] = ' codegraph_trace , search ';
    36. 

  36.     expect(listed()).toEqual(['codegraph_search', 'codegraph_trace']);
    37. 

  37.   });
    38. 

  38. 

  39.   it('treats an empty/whitespace value as unset (full surface)', () => {
    40. 

  40.     process.env[ENV] = '   ';
    41. 

  41.     expect(listed().length).toBeGreaterThanOrEqual(10);
    42. 

  42.   });
    43. 

  43. 

  44.   it('rejects a disabled tool on execute (defense in depth)', async () => {
    45. 

  45.     process.env[ENV] = 'trace';
    46. 

  46.     const res = await new ToolHandler(null).execute('codegraph_explore', {});
    47. 

  47.     expect(res.isError).toBe(true);
    48. 

  48.     expect(res.content[0].text).toMatch(/disabled via CODEGRAPH_MCP_TOOLS/);
    49. 

  49.   });
    50. 

  50. 

  51.   it('lets an allowlisted tool past the guard', async () => {
    52. 

  52.     process.env[ENV] = 'search';
    53. 

  53.     // No CodeGraph attached, so it fails *after* the allowlist guard — the
    54. 

  54.     // "disabled" message must NOT appear, proving the guard passed it through.
    55. 

  55.     const res = await new ToolHandler(null).execute('codegraph_search', { query: 'x' });
    56. 

  56.     expect(res.content[0].text).not.toMatch(/disabled via CODEGRAPH_MCP_TOOLS/);
    57. 

  57.   });
    58. 

  58. });
    59.