Merge pull request #66 from sonukapoor/codex/issue-65-cli-integration-tests

sonukapoor · web-flow · commit 9971a2d6d89c · 2026-04-03T16:21:43.000-04:00
test: add CLI integration tests
diff --git a/tests/cli-integration.test.ts b/tests/cli-integration.test.ts
@@ -0,0 +1,270 @@
+import { jest } from "@jest/globals";
+import type { Finding, PackageRef, ScanInput } from "../src/types.js";
+
+const printBannerMock = jest.fn();
+const printHelpMock = jest.fn();
+const parseArgsMock = jest.fn();
+const loadPackagesMock = jest.fn();
+const buildNoPackagesMessageMock = jest.fn();
+const scanPackagesMock = jest.fn();
+const printCacheSummaryMock = jest.fn();
+const logInfoMock = jest.fn();
+const logWarnMock = jest.fn();
+const serializeFindingMock = jest.fn();
+const printSummaryMock = jest.fn();
+const printActionSummaryMock = jest.fn();
+const printPriorityFixesMock = jest.fn();
+const printFixPlanMock = jest.fn();
+const printCoverageMock = jest.fn();
+const printSkippedDependenciesMock = jest.fn();
+const printGroupSummaryMock = jest.fn();
+const printTableMock = jest.fn();
+const printPathHintsMock = jest.fn();
+const printFinalStatusMock = jest.fn();
+const printCompactOutputMock = jest.fn();
+
+jest.unstable_mockModule("../src/cli/help.js", () => ({
+  printBanner: printBannerMock,
+  printHelp: printHelpMock,
+}));
+
+jest.unstable_mockModule("../src/cli/args.js", () => ({
+  parseArgs: parseArgsMock,
+}));
+
+jest.unstable_mockModule("../src/parsers/index.js", () => ({
+  loadPackages: loadPackagesMock,
+  buildNoPackagesMessage: buildNoPackagesMessageMock,
+}));
+
+jest.unstable_mockModule("../src/scanner.js", () => ({
+  scanPackages: scanPackagesMock,
+  buildCoverageNotes: jest.fn(() => ["Coverage note"]),
+}));
+
+jest.unstable_mockModule("../src/output/formatters.js", () => ({
+  logInfo: logInfoMock,
+  logWarn: logWarnMock,
+  printCacheSummary: printCacheSummaryMock,
+  serializeFinding: serializeFindingMock,
+}));
+
+jest.unstable_mockModule("../src/output/printers.js", () => ({
+  printSummary: printSummaryMock,
+  printActionSummary: printActionSummaryMock,
+  printPriorityFixes: printPriorityFixesMock,
+  printFixPlan: printFixPlanMock,
+  printCoverage: printCoverageMock,
+  printSkippedDependencies: printSkippedDependenciesMock,
+  printGroupSummary: printGroupSummaryMock,
+  printTable: printTableMock,
+  printPathHints: printPathHintsMock,
+  printFinalStatus: printFinalStatusMock,
+  printCompactOutput: printCompactOutputMock,
+}));
+
+function createScanInput(overrides?: Partial<ScanInput>): ScanInput {
+  return {
+    mode: "manifest-fallback",
+    source: "package-json",
+    filePath: "/tmp/project/package.json",
+    packages: [],
+    notes: ["Parser note"],
+    warnings: [],
+    skippedDependencies: [],
+    ...overrides,
+  };
+}
+
+function createFinding(overrides?: Partial<Finding>): Finding {
+  return {
+    pkg: {
+      name: "lodash",
+      version: "4.17.20",
+      ecosystem: "npm",
+      paths: [["project", "lodash"]],
+    },
+    vulnerabilities: [{ id: "OSV-123" }],
+    severity: "critical",
+    cveAliases: ["CVE-2026-0001"],
+    dependencyPaths: [["project", "lodash"]],
+    relationship: "direct",
+    firstFixedVersion: "4.17.21",
+    recommendedParentUpgrade: undefined,
+    ...overrides,
+  };
+}
+
+async function runIndexModule() {
+  const exitSpy = jest
+    .spyOn(process, "exit")
+    .mockImplementation(((code?: number) => code as never) as never);
+  const logSpy = jest.spyOn(console, "log").mockImplementation(() => {});
+  const errorSpy = jest.spyOn(console, "error").mockImplementation(() => {});
+
+  try {
+    await import(`../src/index.ts?test=${Date.now()}-${Math.random()}`);
+    await new Promise(resolve => setTimeout(resolve, 0));
+  } finally {
+  }
+
+  const exitCalls = exitSpy.mock.calls.map(call => call[0]);
+  const stdout = logSpy.mock.calls.map(call => call.map(value => String(value)).join(" "));
+  const stderr = errorSpy.mock.calls.map(call => call.map(value => String(value)).join(" "));
+
+  exitSpy.mockRestore();
+  logSpy.mockRestore();
+  errorSpy.mockRestore();
+
+  if (exitCalls.length === 0) {
+    throw new Error("index.ts did not call process.exit");
+  }
+
+  return {
+    exitCode: Number(exitCalls[exitCalls.length - 1] ?? 0),
+    exitCalls,
+    stdout,
+    stderr,
+  };
+}
+
+describe("CLI integration", () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    parseArgsMock.mockReturnValue({
+      options: {
+        failOn: "critical",
+        batchSize: "100",
+        searchDepth: "4",
+        minSeverity: "medium",
+      },
+      projectArg: ".",
+    });
+    buildNoPackagesMessageMock.mockReturnValue("No scannable packages were found.");
+    loadPackagesMock.mockReturnValue(createScanInput());
+    scanPackagesMock.mockResolvedValue([]);
+    serializeFindingMock.mockImplementation((finding: Finding) => ({
+      package: finding.pkg.name,
+      severity: finding.severity,
+    }));
+  });
+
+  it("returns a json payload and exits successfully when no findings are present", async () => {
+    const packages: PackageRef[] = [
+      { name: "lodash", version: "4.17.21", ecosystem: "npm", paths: [["project", "lodash"]] },
+    ];
+    parseArgsMock.mockReturnValue({
+      options: {
+        json: true,
+        failOn: "critical",
+        batchSize: "100",
+        searchDepth: "4",
+        minSeverity: "medium",
+      },
+      projectArg: ".",
+    });
+    loadPackagesMock.mockReturnValue(createScanInput({ packages }));
+
+    const result = await runIndexModule();
+
+    expect(result.exitCode).toBe(0);
+    expect(result.stdout[0]).toContain("Advisory source: OSV");
+    expect(JSON.parse(result.stdout[result.stdout.length - 1] ?? "")).toMatchObject({
+      mode: "manifest-fallback",
+      source: "package-json",
+      packageCount: 1,
+      findingCount: 0,
+      findings: [],
+    });
+  });
+
+  it("exits with a failure code when findings meet the fail-on threshold", async () => {
+    const finding = createFinding();
+    parseArgsMock.mockReturnValue({
+      options: {
+        json: true,
+        failOn: "high",
+        batchSize: "100",
+        searchDepth: "4",
+        minSeverity: "medium",
+      },
+      projectArg: ".",
+    });
+    loadPackagesMock.mockReturnValue(createScanInput({ packages: [finding.pkg] }));
+    scanPackagesMock.mockResolvedValue([finding]);
+
+    const result = await runIndexModule();
+
+    expect(result.exitCode).toBe(1);
+    expect(result.stdout[0]).toContain("Advisory source: OSV");
+    expect(JSON.parse(result.stdout[result.stdout.length - 1] ?? "")).toMatchObject({
+      findingCount: 1,
+      findings: [{ package: "lodash", severity: "critical" }],
+    });
+  });
+
+  it("warns and exits cleanly when no scannable packages are found", async () => {
+    loadPackagesMock.mockReturnValue(createScanInput({ packages: [] }));
+
+    const result = await runIndexModule();
+
+    expect(result.exitCode).toBe(0);
+    expect(logWarnMock).toHaveBeenCalledWith("No scannable packages were found.", expect.anything());
+  });
+
+  it("fails fast for an invalid osv url", async () => {
+    parseArgsMock.mockReturnValue({
+      options: {
+        failOn: "critical",
+        batchSize: "100",
+        searchDepth: "4",
+        minSeverity: "medium",
+        osvUrl: "not-a-url",
+      },
+      projectArg: ".",
+    });
+
+    const result = await runIndexModule();
+
+    expect(result.exitCode).toBe(1);
+    expect(result.stderr.join("\n")).toContain("Invalid value for --osv-url: not-a-url");
+    expect(loadPackagesMock).not.toHaveBeenCalled();
+  });
+
+  it("routes verbose mode through the detailed printer pipeline", async () => {
+    const finding = createFinding({ severity: "medium" });
+    parseArgsMock.mockReturnValue({
+      options: {
+        verbose: true,
+        failOn: "critical",
+        batchSize: "100",
+        searchDepth: "4",
+        minSeverity: "medium",
+        all: false,
+      },
+      projectArg: ".",
+    });
+    loadPackagesMock.mockReturnValue(
+      createScanInput({
+        packages: [finding.pkg],
+        warnings: ["Manifest fallback warning"],
+        skippedDependencies: ["dependencies:debug@^4.3.0"],
+      }),
+    );
+    scanPackagesMock.mockResolvedValue([finding]);
+
+    const result = await runIndexModule();
+
+    expect(result.exitCode).toBe(0);
+    expect(logWarnMock).toHaveBeenCalledWith("Manifest fallback warning", expect.anything());
+    expect(printSummaryMock).toHaveBeenCalled();
+    expect(printActionSummaryMock).toHaveBeenCalled();
+    expect(printPriorityFixesMock).toHaveBeenCalled();
+    expect(printFixPlanMock).toHaveBeenCalled();
+    expect(printCoverageMock).toHaveBeenCalledWith(["Parser note", "Coverage note"]);
+    expect(printSkippedDependenciesMock).toHaveBeenCalledWith(["dependencies:debug@^4.3.0"]);
+    expect(printTableMock).toHaveBeenCalled();
+    expect(printFinalStatusMock).toHaveBeenCalled();
+    expect(printCompactOutputMock).not.toHaveBeenCalled();
+  });
+});
