ktg-plugin-marketplace/plugins/config-audit/tests/scanners/cache-prefix.test.mjs

import { describe, it } from 'node:test';
import assert from 'node:assert/strict';
import { resolve } from 'node:path';
import { fileURLToPath } from 'node:url';
import { resetCounter } from '../../scanners/lib/output.mjs';
import { scan } from '../../scanners/cache-prefix-scanner.mjs';
import { discoverConfigFiles } from '../../scanners/lib/file-discovery.mjs';

const __dirname = fileURLToPath(new URL('.', import.meta.url));
const FIXTURES = resolve(__dirname, '../fixtures');

async function runScanner(fixtureName) {
  resetCounter();
  const path = resolve(FIXTURES, fixtureName);
  const discovery = await discoverConfigFiles(path);
  return scan(path, discovery);
}

describe('CPS scanner — basic structure', () => {
  it('reports scanner prefix CPS', async () => {
    const result = await runScanner('volatile-mid-section/volatile-line-60');
    assert.equal(result.scanner, 'CPS');
  });

  it('finding IDs match CA-CPS-NNN pattern', async () => {
    const result = await runScanner('volatile-mid-section/volatile-line-60');
    for (const f of result.findings) {
      assert.match(f.id, /^CA-CPS-\d{3}$/);
    }
  });
});

describe('CPS scanner — volatile content within cached prefix', () => {
  it('flags !git log at line 60 (medium severity)', async () => {
    const result = await runScanner('volatile-mid-section/volatile-line-60');
    const f = result.findings.find(x => /volatile content inside cached prefix/i.test(x.title || ''));
    assert.ok(f, `expected volatile-prefix finding; got: ${result.findings.map(x => x.title).join(' | ')}`);
    assert.equal(f.severity, 'medium', `expected medium, got ${f.severity}`);
    assert.match(String(f.evidence || ''), /line 60/);
    assert.match(String(f.evidence || ''), /shell-exec/i);
  });
});

describe('CPS scanner — volatile content beyond cache window', () => {
  it('does NOT flag volatility at line 200+ (outside 150-line window)', async () => {
    const result = await runScanner('volatile-mid-section/volatile-line-200');
    const f = result.findings.find(x => /volatile content inside cached prefix/i.test(x.title || ''));
    assert.equal(f, undefined,
      `expected no finding for line-200 fixture; got: ${f?.title}`);
  });
});

describe('CPS scanner — does not duplicate TOK Pattern A territory', () => {
  it('volatility at lines 1–30 is left for TOK Pattern A (no CPS finding)', async () => {
    // The opus-47/cache-breaking fixture has volatile content at the very top.
    // CPS skips lines 1–30 to avoid duplicating Pattern A's territory.
    const result = await runScanner('opus-47/cache-breaking');
    const f = result.findings.find(x => /volatile content inside cached prefix/i.test(x.title || ''));
    assert.equal(f, undefined,
      `expected no CPS finding when volatility is only in lines 1–30 (Pattern A's range)`);
  });
});

describe('CPS scanner — orchestrator wiring', () => {
  it('CPS appears in scan-orchestrator scanner list', async () => {
    const orch = await import('../../scanners/scan-orchestrator.mjs');
    const path = resolve(FIXTURES, 'volatile-mid-section/volatile-line-60');
    const env = await orch.runAllScanners(path, { filterFixtures: false });
    const cps = env.scanners.find(r => r.scanner === 'CPS');
    assert.ok(cps, `expected CPS in orchestrator results; got: ${env.scanners.map(r => r.scanner).join(', ')}`);
  });

  it('CPS findings carry the token-efficiency category', async () => {
    const result = await runScanner('volatile-mid-section/volatile-line-60');
    const f = result.findings.find(x => /volatile content inside cached prefix/i.test(x.title || ''));
    assert.ok(f);
    assert.equal(f.category, 'token-efficiency');
  });
});