eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f783bf2d2d11d22ce755d04781312307f27b7de2
worldmonitor/tests/summary-cache-key.test.mts
Elie Habib f783bf2d2d fix(intelligence): analytical frameworks follow-up — P1 security + P2 correctness fixes (#2386) 
* fix(intelligence): include framework/systemAppend hash in cache keys (todos 041, 045, 051)

* fix(intelligence): gate framework/systemAppend on server-side PRO check (todo 042)

* fix(skills): exact hostname allowlist + redirect:manual to prevent SSRF (todos 043, 054)

* fix(intelligence): sanitize systemAppend against prompt injection before LLM (todo 044)

* fix(intelligence): use framework field in DeductionPanel, fix InsightsPanel double increment (todos 046, 047)

* fix(intelligence): settings export, hot-path cache, country-brief debounce (todos 048, 049, 050)

* fix(intelligence): i18n, FrameworkSelector note, stripThinkingTags dedup, UUID IDs (todos 052, 055, 056, 057)

- i18n Analysis Frameworks settings section (en + fr locales, replace
  all hardcoded English strings with t() calls)
- FrameworkSelector: replace panelId==='insights' hardcode with note?
  option; both InsightsPanel and DailyMarketBriefPanel pass note
- stripThinkingTags: remove inline duplicate in summarize-article.ts,
  import from _shared/llm; add Strip unterminated comment so tests
  can locate the section
- Replace Date.now() IDs for imported frameworks with crypto.randomUUID()
- Drop 'not supported in phase 1' phrasing to 'not supported'
- test: fix summarize-reasoning Fix 2 suite to read from llm.ts
- test: add premium-check-stub and wire into redis-caching country intel
  brief importPatchedTsModule so test can resolve the new import

* fix(security): address P1 review findings from PR #2386

- premium-check: require `required: true` from validateApiKey so trusted
  browser origins (worldmonitor.app, Vercel previews, localhost) are not
  treated as PRO callers; fixes free-user bypass of framework/systemAppend gate
- llm: replace weak sanitizeSystemAppend with sanitizeForPrompt from
  llm-sanitize.js; all callLlm callers now get model-delimiter and
  control-char stripping, not just phrase blocklist
- get-country-intel-brief: apply sanitizeForPrompt to contextSnapshot
  before injecting into user prompt; fixes unsanitized query-param injection

Closes todos 060, 061, 062 (P1 — blocked merge of #2386).

* chore(todos): mark P1 todos 060-062 complete

* fix(agentskills): address Greptile P2 review comments

- hoist ALLOWED_AGENTSKILLS_HOSTS Set to module scope (was reallocated per-request)
- add res.type === 'opaqueredirect' check alongside the 3xx guard; Edge Runtime
  returns status=0 for opaque redirects so the status range check alone is dead code
2026-03-28 01:10:02 +04:00

43 lines
1.8 KiB
TypeScript
Raw Blame History

import { describe, it } from 'node:test';
import assert from 'node:assert/strict';
import { buildSummaryCacheKey } from '../src/utils/summary-cache-key.ts';
const HEADLINES = ['Inflation rises to 3.5%', 'Fed holds rates steady', 'Markets react'];
describe('buildSummaryCacheKey', () => {
it('produces consistent keys for same inputs', () => {
const a = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en');
const b = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en');
assert.equal(a, b);
});
it('includes systemAppend suffix when provided', () => {
const withoutSA = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en');
const withSA = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en', 'PMESII-PT analysis');
assert.notEqual(withoutSA, withSA);
});
it('different systemAppend values produce different keys', () => {
const keyA = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en', 'Framework A');
const keyB = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en', 'Framework B');
assert.notEqual(keyA, keyB);
});
it('empty systemAppend produces same key as omitting it', () => {
const withEmpty = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en', '');
const withUndefined = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en');
assert.equal(withEmpty, withUndefined);
});
it('systemAppend suffix does not break existing namespace', () => {
const base = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en');
assert.match(base, /^summary:v5:/);
assert.doesNotMatch(base, /:fw/);
});
it('systemAppend key contains :fw suffix', () => {
const key = buildSummaryCacheKey(HEADLINES, 'brief', 'US', 'full', 'en', 'some framework');
assert.match(key, /:fw[0-9a-z]+$/);
});
});
Reference in New Issue View Git Blame Copy Permalink