apunkt/ktx
1
0
Fork 0
mirror of https://github.com/Kaelio/ktx.git synced 2026-06-13 08:15:14 +02:00
Code Issues Projects Releases Packages Wiki Activity
ktx/packages/cli/test/context/sl/tools/sl-rollback.tool.test.ts
Andrey Avtomonov f3f893bf01
fix: read semantic sources safely (#284) 
* fix: read semantic sources safely

* test: retarget reindex per-scope error case to a broken manifest

Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.

* fix(sl): decouple semantic-layer file names from warehouse naming rules

The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.

- New `source-files.ts`: one total filename derivation (safe lowercase
  names verbatim; otherwise slug + sha256-hash suffix, immune to
  case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
  `assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
  name (human renames survive); new sources get a derived filename; a
  derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
  caller to launder IO errors; `deleteSource` distinguishes manifest-backed
  sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
  now a recommendation for new sources) and rejects sourceName/source.name
  mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
  derivation use resolved paths / in-file names instead of interpolating
  `<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
  helpers onto the shared module; dropped dead service methods.

* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator

- Key broken/renamed semantic-layer files by their recoverable in-file
  name (slSourceNameForFile) so mid-edit sources stay reachable under
  their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
  recover deleted files' declared names from the pre-change commit
  instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
  human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
  validateReadOnly in the connection's dialect, sharing one
  driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
  reject smuggled second statements, and strip trailing
  semicolons/comments before row-limit wrapping
2026-06-10 14:06:13 +02:00

104 lines
4.9 KiB
TypeScript
Raw Blame History

import { describe, expect, it, vi } from 'vitest';
import type { ToolSession } from '../../../../src/context/tools/tool-session.js';
import { createTouchedSlSources, hasTouchedSlSource } from '../../../../src/context/tools/touched-sl-sources.js';
import type { ToolContext } from '../../../../src/context/tools/base-tool.js';
import { SlRollbackTool } from '../../../../src/context/sl/tools/sl-rollback.tool.js';
function makeSession(overrides: Partial<ToolSession> = {}): ToolSession {
return {
connectionId: 'conn-1',
isWorktreeScoped: true,
preHead: 'base',
touchedSlSources: createTouchedSlSources([{ connectionId: 'conn-1', sourceName: 'orders' }]),
actions: [{ target: 'sl', type: 'updated', key: 'orders', detail: 'x' }],
semanticLayerService: {} as any,
wikiService: {} as any,
configService: {
writeFile: vi.fn().mockResolvedValue(undefined),
deleteFile: vi.fn().mockResolvedValue(undefined),
// No live file for `orders` — revert recovers the preHead path from history.
listFiles: vi.fn().mockResolvedValue({ files: [] }),
readFile: vi.fn().mockRejectedValue(new Error('ENOENT')),
} as any,
gitService: {
// The source lived at its derived filename at preHead.
listFilesAtCommit: vi.fn().mockResolvedValue(['semantic-layer/conn-1/orders.yaml']),
getFileAtCommit: vi.fn().mockResolvedValue('name: orders\nmeasures: []\n'),
} as any,
...overrides,
};
}
describe('SlRollbackTool', () => {
const connections = {
getConnectionById: vi.fn(),
listEnabledConnections: vi.fn(),
executeQuery: vi.fn(),
};
it('errors when context.session is absent', async () => {
const tool = new SlRollbackTool({} as never, connections as never, 1);
const context: ToolContext = { sourceId: 's', messageId: 'm', userId: 'u' };
const result = await tool.call({ sourceName: 'orders' } as any, context);
expect(result.structured.success).toBe(false);
expect(result.markdown).toMatch(/session/i);
});
it('errors when session has no connectionId (wiki-only turn)', async () => {
const tool = new SlRollbackTool({} as never, connections as never, 1);
const session = makeSession({ connectionId: null });
const context: ToolContext = { sourceId: 's', messageId: 'm', userId: 'u', session };
const result = await tool.call({ sourceName: 'orders' } as any, context);
expect(result.structured.success).toBe(false);
expect(result.markdown).toMatch(/connection-scoped session/i);
// Session state untouched
expect(hasTouchedSlSource(session.touchedSlSources, 'conn-1', 'orders')).toBe(true);
expect((session.gitService as any).getFileAtCommit).not.toHaveBeenCalled();
});
it('restores the source content from preHead, clears touched set, prunes actions', async () => {
const slSourcesRepository = { deleteByConnectionAndName: vi.fn().mockResolvedValue(undefined) };
const tool = new SlRollbackTool(slSourcesRepository as never, connections as never, 1);
const session = makeSession();
const context: ToolContext = { sourceId: 's', messageId: 'm', userId: 'u', session };
const result = await tool.call({ sourceName: 'orders' } as any, context);
expect(result.structured.success).toBe(true);
expect((session.gitService as any).getFileAtCommit).toHaveBeenCalledWith(
expect.stringContaining('orders.yaml'),
'base',
);
expect((session.configService as any).writeFile).toHaveBeenCalled();
expect(hasTouchedSlSource(session.touchedSlSources, 'conn-1', 'orders')).toBe(false);
expect(session.actions).toEqual([]);
});
it('restores a deleted human-renamed source at the path it occupied at preHead', async () => {
// The source lived at a custom filename (≠ the writer-derived `orders.yaml`)
// and the session deleted it. Revert must recover the custom path from the
// preHead commit and restore there, not write/no-op against the derived path.
const slSourcesRepository = { deleteByConnectionAndName: vi.fn().mockResolvedValue(undefined) };
const tool = new SlRollbackTool(slSourcesRepository as never, connections as never, 1);
const renamedContent = 'name: orders\ntable: public.orders\nmeasures: []\n';
const session = makeSession({
gitService: {
listFilesAtCommit: vi.fn().mockResolvedValue(['semantic-layer/conn-1/custom.yaml']),
getFileAtCommit: vi.fn().mockResolvedValue(renamedContent),
} as any,
});
const context: ToolContext = { sourceId: 's', messageId: 'm', userId: 'u', session };
const result = await tool.call({ sourceName: 'orders' } as any, context);
expect(result.structured.success).toBe(true);
expect((session.configService as any).writeFile).toHaveBeenCalledWith(
'semantic-layer/conn-1/custom.yaml',
renamedContent,
expect.anything(),
expect.anything(),
expect.anything(),
expect.anything(),
);
expect((session.configService as any).deleteFile).not.toHaveBeenCalled();
});
});
Reference in a new issue View git blame Copy permalink