test(handlers/mcp): harden RecallMemory_GlobalScope test — assert OFFSEC-001 scrub contract (mc#681)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 24s
CI / Detect changes (pull_request) Successful in 43s
E2E API Smoke Test / detect-changes (pull_request) Successful in 45s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 48s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 50s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 33s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 21s
qa-review / approved (pull_request) Failing after 20s
gate-check-v3 / gate-check (pull_request) Failing after 24s
security-review / approved (pull_request) Failing after 17s
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m43s
sop-checklist-gate / gate (pull_request) Successful in 22s
sop-tier-check / tier-check (pull_request) Successful in 22s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 8s
CI / Canvas (Next.js) (pull_request) Successful in 12s
CI / Python Lint & Test (pull_request) Successful in 9s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 9s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 11s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Failing after 6m38s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 8m2s
CI / Platform (Go) (pull_request) Failing after 17m4s
CI / all-required (pull_request) Failing after 5s
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 24s
CI / Detect changes (pull_request) Successful in 43s
E2E API Smoke Test / detect-changes (pull_request) Successful in 45s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 48s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 50s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 33s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 21s
qa-review / approved (pull_request) Failing after 20s
gate-check-v3 / gate-check (pull_request) Failing after 24s
security-review / approved (pull_request) Failing after 17s
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m43s
sop-checklist-gate / gate (pull_request) Successful in 22s
sop-tier-check / tier-check (pull_request) Successful in 22s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 8s
CI / Canvas (Next.js) (pull_request) Successful in 12s
CI / Python Lint & Test (pull_request) Successful in 9s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 9s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 11s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Failing after 6m38s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 8m2s
CI / Platform (Go) (pull_request) Failing after 17m4s
CI / all-required (pull_request) Failing after 5s
This commit is contained in:
parent
9eb33a9d3c
commit
f0a751ca90
@ -9,6 +9,7 @@ import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"errors"
|
||||
@ -536,7 +537,12 @@ func TestMCPHandler_CommitMemory_CleanContent_PassesThrough(t *testing.T) {
|
||||
// tools/call — recall_memory
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestMCPHandler_RecallMemory_GlobalScope_Blocked(t *testing.T) {
|
||||
// TestMCPHandler_RecallMemory_GlobalScope_ScrubsInternalError verifies C3 is
|
||||
// enforced and the OFFSEC-001 scrub contract is applied. The tool returns a
|
||||
// descriptive error mentioning GLOBAL scope; dispatchRPC must replace it with
|
||||
// a constant "tool call failed" message so internal implementation details
|
||||
// never reach the caller.
|
||||
func TestMCPHandler_RecallMemory_GlobalScope_ScrubsInternalError(t *testing.T) {
|
||||
h, mock := newMCPHandler(t)
|
||||
// No DB expectations — handler must abort before touching the DB.
|
||||
|
||||
@ -556,7 +562,20 @@ func TestMCPHandler_RecallMemory_GlobalScope_Blocked(t *testing.T) {
|
||||
var resp mcpResponse
|
||||
json.Unmarshal(w.Body.Bytes(), &resp)
|
||||
if resp.Error == nil {
|
||||
t.Error("expected JSON-RPC error for GLOBAL scope recall, got nil")
|
||||
t.Fatal("expected JSON-RPC error for GLOBAL scope recall, got nil")
|
||||
}
|
||||
// OFFSEC-001 scrub contract: error code is -32000 (server error).
|
||||
if resp.Error.Code != -32000 {
|
||||
t.Errorf("expected error code -32000, got %d", resp.Error.Code)
|
||||
}
|
||||
// Message must be the constant scrubbed string — no "GLOBAL" or bridge
|
||||
// implementation details leaked to the caller.
|
||||
if resp.Error.Message != "tool call failed" {
|
||||
t.Errorf("error message should be constant 'tool call failed', got: %q", resp.Error.Message)
|
||||
}
|
||||
// Defence-in-depth: the original error body must not appear in the response.
|
||||
if strings.Contains(resp.Error.Message, "GLOBAL") || strings.Contains(resp.Error.Message, "bridge") {
|
||||
t.Error("scrubbed error message must not contain original error keywords")
|
||||
}
|
||||
if err := mock.ExpectationsWereMet(); err != nil {
|
||||
t.Errorf("unexpected DB calls on GLOBAL scope block: %v", err)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user