mirror of
https://github.com/simstudioai/sim.git
synced 2026-02-19 02:34:37 -05:00
* feat(audit-log): add persistent audit log system with comprehensive route instrumentation
* fix(audit-log): address PR review — nullable workspaceId, enum usage, remove redundant queries
- Make audit_log.workspace_id nullable with ON DELETE SET NULL (logs survive workspace/user deletion)
- Make audit_log.actor_id nullable with ON DELETE SET NULL
- Replace all 53 routes' string literal action/resourceType with AuditAction.X and AuditResourceType.X enums
- Fix empty workspaceId ('') → null for OAuth, form, and org routes to avoid FK violations
- Remove redundant DB queries in chat manage route (use checkChatAccess return data)
- Fix organization routes to pass workspaceId: null instead of organizationId
* fix(audit-log): replace remaining workspaceId '' fallbacks with null
* fix(audit-log): credential-set org IDs, workspace deletion FK, actorId fallback, string literal action
* reran migrations
* fix(mcp,audit): tighten env var domain bypass, add post-resolution check, form workspaceId
- Only bypass MCP domain check when env var is in hostname/authority, not path/query
- Add post-resolution validateMcpDomain call in test-connection endpoint
- Match client-side isDomainAllowed to same hostname-only bypass logic
- Return workspaceId from checkFormAccess, use in form audit logs
- Add 49 comprehensive domain-check tests covering all edge cases
* fix(mcp): stateful regex lastIndex bug, RFC 3986 authority parsing
- Remove /g flag from module-level ENV_VAR_PATTERN to avoid lastIndex state
- Create fresh regex instances per call in server-side hasEnvVarInHostname
- Fix authority extraction to terminate at /, ?, or # per RFC 3986
- Prevents bypass via https://evil.com?token={{SECRET}} (no path)
- Add test cases for query-only and fragment-only env var URLs (53 total)
* fix(audit-log): try/catch for never-throw contract, accept null actorName/Email, fix misleading action
- Wrap recordAudit body in try/catch so nanoid() or header extraction can't throw
- Accept string | null for actorName and actorEmail (session.user.name can be null)
- Normalize null -> undefined before insert to match DB column types
- Fix org members route: ORG_MEMBER_ADDED -> ORG_INVITATION_CREATED (sends invite, not adds member)
* improvement(audit-log): add resource names and specific invitation actions
* fix(audit-log): use validated chat record, add mock sync tests
83 lines
1.9 KiB
TypeScript
83 lines
1.9 KiB
TypeScript
/**
|
|
* @sim/testing - Shared testing utilities for Sim
|
|
*
|
|
* This package provides a comprehensive set of tools for writing tests:
|
|
* - Factories: Create mock data with sensible defaults
|
|
* - Builders: Fluent APIs for complex test scenarios
|
|
* - Mocks: Reusable mock implementations
|
|
* - Assertions: Semantic test assertions
|
|
*
|
|
* @example
|
|
* ```ts
|
|
* import {
|
|
* // Factories
|
|
* createBlock,
|
|
* createStarterBlock,
|
|
* createLinearWorkflow,
|
|
* createExecutionContext,
|
|
*
|
|
* // Builders
|
|
* WorkflowBuilder,
|
|
* ExecutionContextBuilder,
|
|
*
|
|
* // Assertions
|
|
* expectBlockExists,
|
|
* expectEdgeConnects,
|
|
* expectBlockExecuted,
|
|
* } from '@sim/testing'
|
|
*
|
|
* describe('MyFeature', () => {
|
|
* it('should work with a linear workflow', () => {
|
|
* const workflow = createLinearWorkflow(3)
|
|
* expectBlockExists(workflow.blocks, 'block-0', 'starter')
|
|
* expectEdgeConnects(workflow.edges, 'block-0', 'block-1')
|
|
* })
|
|
*
|
|
* it('should work with a complex workflow', () => {
|
|
* const workflow = WorkflowBuilder.branching().build()
|
|
* expectBlockCount(workflow, 5)
|
|
* })
|
|
* })
|
|
* ```
|
|
*/
|
|
|
|
export * from './assertions'
|
|
export * from './builders'
|
|
export * from './factories'
|
|
export {
|
|
auditMock,
|
|
clearRedisMocks,
|
|
createEnvMock,
|
|
createMockDb,
|
|
createMockFetch,
|
|
createMockFormDataRequest,
|
|
createMockGetEnv,
|
|
createMockLogger,
|
|
createMockRedis,
|
|
createMockRequest,
|
|
createMockResponse,
|
|
createMockSocket,
|
|
createMockStorage,
|
|
databaseMock,
|
|
defaultMockEnv,
|
|
defaultMockUser,
|
|
drizzleOrmMock,
|
|
envMock,
|
|
loggerMock,
|
|
type MockAuthResult,
|
|
type MockFetchResponse,
|
|
type MockRedis,
|
|
type MockUser,
|
|
mockAuth,
|
|
mockCommonSchemas,
|
|
mockConsoleLogger,
|
|
mockCryptoUuid,
|
|
mockDrizzleOrm,
|
|
mockKnowledgeSchemas,
|
|
mockUuid,
|
|
setupCommonApiMocks,
|
|
setupGlobalFetchMock,
|
|
setupGlobalStorageMocks,
|
|
} from './mocks'
|
|
export * from './types'
|