package secretstore import ( "errors" "path/filepath" "strings" "testing" "forge.lclr.dev/AI/mcp-framework/manifest" ) func TestDescribeRuntimeReturnsDeclaredAndEffectivePolicies(t *testing.T) { desc, err := DescribeRuntime(DescribeRuntimeOptions{ ServiceName: "graylog-mcp", LookupEnv: func(string) (string, bool) { return "", false }, ExecutableResolver: func() (string, error) { return filepath.Join(string(filepath.Separator), "opt", "graylog-mcp", "bin", "graylog-mcp"), nil }, ManifestLoader: func(startDir string) (manifest.File, string, error) { return manifest.File{ SecretStore: manifest.SecretStore{BackendPolicy: string(BackendEnvOnly)}, }, filepath.Join(startDir, manifest.DefaultFile), nil }, }) if err != nil { t.Fatalf("DescribeRuntime returned error: %v", err) } if desc.ManifestSource == "" { t.Fatal("ManifestSource should not be empty") } if desc.DeclaredPolicy != BackendEnvOnly { t.Fatalf("DeclaredPolicy = %q, want %q", desc.DeclaredPolicy, BackendEnvOnly) } if desc.EffectivePolicy != BackendEnvOnly { t.Fatalf("EffectivePolicy = %q, want %q", desc.EffectivePolicy, BackendEnvOnly) } if desc.DisplayName == "" { t.Fatal("DisplayName should not be empty") } if !desc.Ready { t.Fatalf("Ready = %v, want true", desc.Ready) } if desc.ReadyError != nil { t.Fatalf("ReadyError = %v, want nil", desc.ReadyError) } } func TestDescribeRuntimeDoesNotProbeBitwardenByDefault(t *testing.T) { withBitwardenRunner(t, func(command string, stdin []byte, args ...string) ([]byte, error) { return nil, errors.New("unexpected bitwarden invocation") }) desc, err := DescribeRuntime(DescribeRuntimeOptions{ ServiceName: "graylog-mcp", Shell: "fish", ExecutableResolver: func() (string, error) { return filepath.Join(string(filepath.Separator), "opt", "graylog-mcp", "bin", "graylog-mcp"), nil }, ManifestLoader: func(startDir string) (manifest.File, string, error) { return manifest.File{ SecretStore: manifest.SecretStore{BackendPolicy: string(BackendBitwardenCLI)}, }, filepath.Join(startDir, manifest.DefaultFile), nil }, }) if err != nil { t.Fatalf("DescribeRuntime returned error: %v", err) } if desc.DeclaredPolicy != BackendBitwardenCLI { t.Fatalf("DeclaredPolicy = %q, want %q", desc.DeclaredPolicy, BackendBitwardenCLI) } if desc.EffectivePolicy != BackendBitwardenCLI { t.Fatalf("EffectivePolicy = %q, want %q", desc.EffectivePolicy, BackendBitwardenCLI) } if !desc.Ready { t.Fatalf("Ready = %v, want true without readiness probe", desc.Ready) } if desc.ReadyError != nil { t.Fatalf("ReadyError = %v, want nil without readiness probe", desc.ReadyError) } } func TestPreflightFromManifestReturnsTypedStatusAndRemediation(t *testing.T) { withBitwardenRunner(t, func(command string, stdin []byte, args ...string) ([]byte, error) { switch { case len(args) == 1 && args[0] == "--version": return []byte("2026.1.0\n"), nil case len(args) == 1 && args[0] == "status": return []byte(`{"status":"locked"}`), nil default: return nil, errors.New("unexpected bitwarden invocation") } }) report, err := PreflightFromManifest(PreflightOptions{ ServiceName: "graylog-mcp", Shell: "fish", ExecutableResolver: func() (string, error) { return filepath.Join(string(filepath.Separator), "opt", "graylog-mcp", "bin", "graylog-mcp"), nil }, ManifestLoader: func(startDir string) (manifest.File, string, error) { return manifest.File{ SecretStore: manifest.SecretStore{BackendPolicy: string(BackendBitwardenCLI)}, }, filepath.Join(startDir, manifest.DefaultFile), nil }, }) if err != nil { t.Fatalf("PreflightFromManifest returned error: %v", err) } if report.Status != PreflightStatusFail { t.Fatalf("Status = %q, want %q", report.Status, PreflightStatusFail) } if !strings.Contains(strings.ToLower(report.Summary), "locked") { t.Fatalf("Summary = %q, want lock hint", report.Summary) } if !strings.Contains(report.Remediation, "set -x BW_SESSION (bw unlock --raw)") { t.Fatalf("Remediation = %q, want fish remediation", report.Remediation) } } func TestFormatBackendStatusIncludesDeclaredEffectiveAndReadiness(t *testing.T) { line := FormatBackendStatus(RuntimeDescription{ ManifestSource: "/opt/graylog-mcp/mcp.toml", DeclaredPolicy: BackendBitwardenCLI, EffectivePolicy: BackendBitwardenCLI, DisplayName: "Bitwarden CLI", Ready: false, ReadyError: ErrBWLocked, }) for _, needle := range []string{ "declared=bitwarden-cli", "effective=bitwarden-cli", "display=Bitwarden CLI", "ready=false", "source=/opt/graylog-mcp/mcp.toml", "error=", } { if !strings.Contains(line, needle) { t.Fatalf("line = %q, want substring %q", line, needle) } } }