potiuk opened a new pull request, #5:
URL: https://github.com/apache/comdev/pull/5
## Summary
Targets PR #2's branch (`apache:rbowen-ponymail-mcp`). The package shipped
without tests or CI — this adds both, using only built-in Node tooling so the
dependency tree stays unchanged.
- **`mcp/ponymail-mcp/restrictions.test.js`** — 15 unit tests covering
pattern grammar (`prefix@`, `@domain`, `prefix@domain`), env-var parsing edge
cases (`none`, `""`, mixed case, whitespace), case-insensitive input matching,
every public export (`restrictionFor` / `restrictionForAddress` /
`isRestricted` / `restrictionError` / `listRestrictions`), and falsy-input
tolerance.
- **`mcp/ponymail-mcp/auth.test.js`** — 8 unit tests for the
session-persistence helpers (`loadSession`, `clearSession`). Each test runs in
a child process with `HOME` pointed at a temp directory so the on-disk
`session.json` is fully isolated. Covers: missing file, fresh cookie, expired
cookie, missing-timestamp behaviour, malformed JSON, missing cookie field, and
`clearSession` idempotency. The interactive `performLogin()` flow is out of
scope for unit tests (browser, local HTTP server, network validation).
- **`mcp/ponymail-mcp/package.json`** — adds `npm test` script using
`node:test` with the spec reporter, and declares `engines.node: >=20`.
- **`.github/workflows/ponymail-mcp-tests.yml`** — runs the suite on push/PR
(path-filtered to `mcp/ponymail-mcp/**`) on Node 20 and 22.
### Workflow hardening
- Top-level `permissions: {}` (deny-all) with per-job `contents: read`.
- Third-party actions pinned to commit SHAs with version comments.
- `actions/checkout` sets `persist-credentials: false`.
- 10-minute job timeout.
### Why a child-process per test
`restrictions.js` captures `PONYMAIL_RESTRICTED_LISTS` at module load, and
`auth.js` computes `SESSION_FILE` from `os.homedir()` at module load. Tests
need different env per case, so each spawns a fresh node process. Slow (~24ms
per test) but unambiguous.
## Notes for downstream PRs
PR #3 (built on top of this branch) already adds tests for the allowlist
mechanism it introduces; if this lands first, PR #3 will need a one-line rebase
to merge the `package.json` `test` script. Happy to handle that rebase.
## Test plan
- [x] `cd mcp/ponymail-mcp && npm install && npm test` passes locally (23/23)
- [ ] CI workflow turns green on Node 20 and 22 once the PR is opened
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
