2026-05-15 02:35:09 +02:00
|
|
|
import { request } from 'node:http';
|
|
|
|
|
import type { AddressInfo } from 'node:net';
|
|
|
|
|
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
|
|
|
import { describe, expect, it } from 'vitest';
|
|
|
|
|
import {
|
|
|
|
|
buildMcpSecurityConfig,
|
|
|
|
|
isMcpRequestAuthorized,
|
|
|
|
|
normalizeHostHeader,
|
|
|
|
|
runKtxMcpHttpServer,
|
test: split cli tests from source tree (#216)
* feat(cli): define full warehouse dialect contract
* test(cli): keep dialect edge tests focused
* fix(cli): stabilize dialect contract foundation
* refactor(connectors): own read-only query preparation
* refactor(connectors): resolve dialects through registry
* refactor(connectors): keep concrete dialect classes internal
* chore(workspace): enforce dialect import boundary
* refactor(cli): resolve relationship dialect at scan boundary
* refactor(cli): use dialect display parsing for entity details
* refactor(cli): use dialect display parsing for warehouse catalog
* refactor(cli): use dialect SQL in relationship workflows
* test(cli): verify solid dialect scan workflow closure
* test: split cli tests from source tree
* refactor(cli): standardize BigQuery scope listing
* feat(sqlite): implement connector scope listing
* test(connectors): cover required table listing
* feat(cli): add warehouse driver registry
* refactor(setup): route scope discovery through driver registry
* refactor(cli): route local query execution through driver registry
* refactor(historic-sql): route dialect support through driver registry
* refactor(cli): test warehouse connections through driver registry
* fix(cli): close driver registry type export gaps
* Improve setup daemon diagnostics
* refactor(setup): centralize rail-prefixed diagnostics + query-history fallback
Extract errorMessage, writePrefixedLines, and flushPrefixedBufferedCommandOutput
into clack.ts so the setup wizard, managed daemons, and embedding/agent steps
share one rail-formatted writer. setup-databases.ts also adds a
"disable query history and retry" option when the schema-context build fails
and query history is the likely culprit, surfaced via a new
failed-query-history-unavailable status.
* fix(cli): carry catalog through the picker so BigQuery/Snowflake/SQL Server scope filters match
The setup picker's KtxTableListEntry was a 2-level { schema, name }, so
qualifiedTableId always wrote db.name into enabled_tables. When BigQuery,
Snowflake, or SQL Server later ran fast ingest, their introspect step filtered
the scope set with scopedTableNames(scope, { catalog: projectId|database, db })
— catalog was non-null on the introspect side but null in the scope refs, so
every entry was rejected, the live-database adapter staged zero table files,
and detect() failed with 'Adapter "live-database" did not recognize fetched
source output'.
Align the picker boundary with the canonical 3-level KtxTableRef:
- Add catalog: string | null to KtxTableListEntry.
- BigQuery/Snowflake/SQL Server listTables populate catalog from the
resolved projectId / database; Postgres/MySQL/ClickHouse/SQLite set null.
- qualifiedTableId emits catalog.schema.name when catalog is non-null
(resolveEnabledTables already accepts the 3-part shape) and
schemasFromEnabledTables now goes through parseDottedTableEntry so it
recovers the schema correctly from both 2-part and 3-part entries.
- Export parseDottedTableEntry from enabled-tables.ts (@internal) for picker
reuse.
Update listTables expectations in all seven connector tests and the setup /
picker test fixtures. Add a picker regression test that covers the
catalog-bearing round-trip (save + refine).
* fix(cli): allow debug telemetry under opt-out env
2026-05-26 08:49:05 +02:00
|
|
|
} from '../src/mcp-http-server.js';
|
2026-05-15 02:35:09 +02:00
|
|
|
|
|
|
|
|
describe('normalizeHostHeader', () => {
|
|
|
|
|
it('normalizes host headers before allow-list comparison', () => {
|
|
|
|
|
expect(normalizeHostHeader('LOCALHOST:7878')).toBe('localhost');
|
|
|
|
|
expect(normalizeHostHeader('127.0.0.1:7878')).toBe('127.0.0.1');
|
|
|
|
|
expect(normalizeHostHeader('[::1]:7878')).toBe('::1');
|
|
|
|
|
expect(normalizeHostHeader(' Example.COM ')).toBe('example.com');
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('buildMcpSecurityConfig', () => {
|
|
|
|
|
it('allows loopback hosts without a token', () => {
|
|
|
|
|
const config = buildMcpSecurityConfig({
|
|
|
|
|
host: '127.0.0.1',
|
|
|
|
|
port: 7878,
|
|
|
|
|
token: undefined,
|
|
|
|
|
allowedHosts: [],
|
|
|
|
|
allowedOrigins: [],
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(config.token).toBeUndefined();
|
|
|
|
|
expect(config.allowedHosts).toEqual(['localhost', '127.0.0.1', '::1']);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('requires a token for non-loopback binding', () => {
|
|
|
|
|
expect(() =>
|
|
|
|
|
buildMcpSecurityConfig({
|
|
|
|
|
host: '0.0.0.0',
|
|
|
|
|
port: 7878,
|
|
|
|
|
token: undefined,
|
|
|
|
|
allowedHosts: [],
|
|
|
|
|
allowedOrigins: [],
|
|
|
|
|
}),
|
|
|
|
|
).toThrow('Binding KTX MCP to 0.0.0.0 requires --token or KTX_MCP_TOKEN');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('validates allowed origins as full origins', () => {
|
|
|
|
|
expect(() =>
|
|
|
|
|
buildMcpSecurityConfig({
|
|
|
|
|
host: '127.0.0.1',
|
|
|
|
|
port: 7878,
|
|
|
|
|
token: undefined,
|
|
|
|
|
allowedHosts: [],
|
|
|
|
|
allowedOrigins: ['localhost:7878'],
|
|
|
|
|
}),
|
|
|
|
|
).toThrow('Allowed origin must be a full origin URL');
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('isMcpRequestAuthorized', () => {
|
|
|
|
|
const config = buildMcpSecurityConfig({
|
|
|
|
|
host: '0.0.0.0',
|
|
|
|
|
port: 7878,
|
|
|
|
|
token: 'secret-token',
|
|
|
|
|
allowedHosts: ['mcp.example.test'],
|
|
|
|
|
allowedOrigins: ['https://mcp.example.test'],
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('accepts a valid host, origin, and bearer token', () => {
|
|
|
|
|
expect(
|
|
|
|
|
isMcpRequestAuthorized(
|
|
|
|
|
{
|
|
|
|
|
path: '/mcp',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'mcp.example.test:7878',
|
|
|
|
|
origin: 'https://mcp.example.test',
|
|
|
|
|
authorization: 'Bearer secret-token',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
config,
|
|
|
|
|
),
|
|
|
|
|
).toEqual({ ok: true });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('rejects bad host headers before MCP handling', () => {
|
|
|
|
|
expect(
|
|
|
|
|
isMcpRequestAuthorized(
|
|
|
|
|
{ path: '/health', headers: { host: 'evil.example.test' } },
|
|
|
|
|
config,
|
|
|
|
|
),
|
|
|
|
|
).toEqual({ ok: false, status: 403, message: 'Host header is not allowed for KTX MCP.' });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('rejects browser origins unless explicitly allowed', () => {
|
|
|
|
|
expect(
|
|
|
|
|
isMcpRequestAuthorized(
|
|
|
|
|
{
|
|
|
|
|
path: '/health',
|
|
|
|
|
headers: { host: 'mcp.example.test', origin: 'https://evil.example.test' },
|
|
|
|
|
},
|
|
|
|
|
config,
|
|
|
|
|
),
|
|
|
|
|
).toEqual({ ok: false, status: 403, message: 'Origin header is not allowed for KTX MCP.' });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('requires bearer auth on /mcp when token auth is enabled', () => {
|
|
|
|
|
expect(
|
|
|
|
|
isMcpRequestAuthorized(
|
|
|
|
|
{ path: '/mcp', headers: { host: 'mcp.example.test', authorization: 'Bearer wrong' } },
|
|
|
|
|
config,
|
|
|
|
|
),
|
|
|
|
|
).toEqual({ ok: false, status: 401, message: 'Missing or invalid KTX MCP bearer token.' });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('does not require bearer auth on /health', () => {
|
|
|
|
|
expect(isMcpRequestAuthorized({ path: '/health', headers: { host: 'mcp.example.test' } }, config)).toEqual({
|
|
|
|
|
ok: true,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
function postJson(port: number, path: string, body: unknown, headers: Record<string, string> = {}) {
|
|
|
|
|
return new Promise<{ status: number; headers: Record<string, string | string[] | undefined>; body: string }>(
|
|
|
|
|
(resolve, reject) => {
|
|
|
|
|
const payload = JSON.stringify(body);
|
|
|
|
|
const req = request(
|
|
|
|
|
{
|
|
|
|
|
host: '127.0.0.1',
|
|
|
|
|
port,
|
|
|
|
|
path,
|
|
|
|
|
method: 'POST',
|
|
|
|
|
headers: {
|
|
|
|
|
host: `127.0.0.1:${port}`,
|
|
|
|
|
accept: 'application/json, text/event-stream',
|
|
|
|
|
'content-type': 'application/json',
|
|
|
|
|
'content-length': Buffer.byteLength(payload),
|
|
|
|
|
...headers,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
(res) => {
|
|
|
|
|
const chunks: Buffer[] = [];
|
|
|
|
|
res.on('data', (chunk: Buffer) => chunks.push(chunk));
|
|
|
|
|
res.on('end', () =>
|
|
|
|
|
resolve({
|
|
|
|
|
status: res.statusCode ?? 0,
|
|
|
|
|
headers: res.headers,
|
|
|
|
|
body: Buffer.concat(chunks).toString('utf8'),
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
req.on('error', reject);
|
|
|
|
|
req.end(payload);
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function get(port: number, path: string, headers: Record<string, string> = {}) {
|
|
|
|
|
return new Promise<{ status: number; headers: Record<string, string | string[] | undefined>; body: string }>(
|
|
|
|
|
(resolve, reject) => {
|
|
|
|
|
const req = request(
|
|
|
|
|
{
|
|
|
|
|
host: '127.0.0.1',
|
|
|
|
|
port,
|
|
|
|
|
path,
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: { host: `127.0.0.1:${port}`, ...headers },
|
|
|
|
|
},
|
|
|
|
|
(res) => {
|
|
|
|
|
const chunks: Buffer[] = [];
|
|
|
|
|
res.on('data', (chunk: Buffer) => chunks.push(chunk));
|
|
|
|
|
res.on('end', () =>
|
|
|
|
|
resolve({
|
|
|
|
|
status: res.statusCode ?? 0,
|
|
|
|
|
headers: res.headers,
|
|
|
|
|
body: Buffer.concat(chunks).toString('utf8'),
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
req.on('error', reject);
|
|
|
|
|
req.end();
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function createTestMcpServer() {
|
|
|
|
|
return () => {
|
|
|
|
|
const server = new McpServer({ name: 'ktx-test', version: '0.0.0-test' });
|
|
|
|
|
server.registerTool('ping', { inputSchema: {} }, async () => ({
|
|
|
|
|
content: [{ type: 'text', text: 'pong' }],
|
|
|
|
|
}));
|
|
|
|
|
return server;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
describe('runKtxMcpHttpServer', () => {
|
|
|
|
|
it('serves /health with project metadata', async () => {
|
|
|
|
|
const handle = await runKtxMcpHttpServer({
|
|
|
|
|
projectDir: '/tmp/ktx-project',
|
|
|
|
|
host: '127.0.0.1',
|
|
|
|
|
port: 0,
|
|
|
|
|
allowedHosts: [],
|
|
|
|
|
allowedOrigins: [],
|
|
|
|
|
createMcpServer: createTestMcpServer(),
|
|
|
|
|
});
|
|
|
|
|
try {
|
|
|
|
|
const port = (handle.server.address() as AddressInfo).port;
|
|
|
|
|
const response = await get(port, '/health');
|
|
|
|
|
expect(response.status).toBe(200);
|
|
|
|
|
expect(JSON.parse(response.body)).toEqual({
|
|
|
|
|
status: 'ok',
|
|
|
|
|
projectDir: '/tmp/ktx-project',
|
|
|
|
|
port,
|
|
|
|
|
});
|
|
|
|
|
} finally {
|
|
|
|
|
await handle.close();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('allocates a stateful MCP session on initialize', async () => {
|
|
|
|
|
const handle = await runKtxMcpHttpServer({
|
|
|
|
|
projectDir: '/tmp/ktx-project',
|
|
|
|
|
host: '127.0.0.1',
|
|
|
|
|
port: 0,
|
|
|
|
|
allowedHosts: [],
|
|
|
|
|
allowedOrigins: [],
|
|
|
|
|
createMcpServer: createTestMcpServer(),
|
|
|
|
|
});
|
|
|
|
|
try {
|
|
|
|
|
const port = (handle.server.address() as AddressInfo).port;
|
|
|
|
|
const response = await postJson(port, '/mcp', {
|
|
|
|
|
jsonrpc: '2.0',
|
|
|
|
|
id: 1,
|
|
|
|
|
method: 'initialize',
|
|
|
|
|
params: {
|
|
|
|
|
protocolVersion: '2025-06-18',
|
|
|
|
|
capabilities: {},
|
|
|
|
|
clientInfo: { name: 'vitest', version: '0.0.0' },
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(response.status).toBe(200);
|
|
|
|
|
expect(response.headers['mcp-session-id']).toBeTruthy();
|
|
|
|
|
} finally {
|
|
|
|
|
await handle.close();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('rejects unknown session ids with 404', async () => {
|
|
|
|
|
const handle = await runKtxMcpHttpServer({
|
|
|
|
|
projectDir: '/tmp/ktx-project',
|
|
|
|
|
host: '127.0.0.1',
|
|
|
|
|
port: 0,
|
|
|
|
|
allowedHosts: [],
|
|
|
|
|
allowedOrigins: [],
|
|
|
|
|
createMcpServer: createTestMcpServer(),
|
|
|
|
|
});
|
|
|
|
|
try {
|
|
|
|
|
const port = (handle.server.address() as AddressInfo).port;
|
|
|
|
|
const response = await postJson(
|
|
|
|
|
port,
|
|
|
|
|
'/mcp',
|
|
|
|
|
{ jsonrpc: '2.0', id: 2, method: 'tools/list', params: {} },
|
|
|
|
|
{ 'mcp-session-id': 'missing-session' },
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
expect(response.status).toBe(404);
|
|
|
|
|
expect(response.body).toContain('Unknown MCP session');
|
|
|
|
|
} finally {
|
|
|
|
|
await handle.close();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|