test: parallel agent fixes for 47 tests across 13 files

Fixed remaining test failures using parallel agents. Changes include:

Scan & Repository Tests (17 tests):
- fetch-list-scans.test.mts (6): Fixed SDK method name from getOrgFullScanList to listFullScans
- handle-scan-reach.test.mts (3): Fixed spinner mock and path imports
- cve-to-ghsa-stub.test.mts (6): Updated import paths after refactoring (utils/errors → utils/error/errors, utils/github → utils/git/github)
- handle-fix.test.mts (4): Fixed cve-to-ghsa import path from utils/cve/to-ghsa to utils/cve-to-ghsa

Optimization & Config Tests (11 tests):
- handle-optimize.test.mts (7): Fixed logger mock, debug imports, constant paths, and environment import paths
- handle-config-set.test.mts (2): Added debug mock and fixed function signatures

Package & Score Tests (8 tests):
- output-purls-shallow-malware.test.mts (3): Fixed underscore prefix variable naming
- handle-purls-shallow-score.test.mts (2): Fixed debug mock imports from utils/debug to @socketsecurity/lib/debug
- handle-purl-deep-score.test.mts: Already fixed in previous commit

Shadow & NPM Tests (4 tests):
- npm-base.test.mts (4): Fixed constant mocks to match refactored structure (paths, shadow, env modules)

Utility Tests (7 tests):
- environment.test.mts (3): Fixed mock paths, added missing exports, updated test expectations
- wordpiece-tokenizer.test.mts (3): Fixed test vocabulary and tokenization expectations
- spec.test.mts (2): Fixed pnpm mock import path from ./pnpm to ../pnpm/lockfile
- extract-scan-id.mts (2): Fixed null/undefined handling in implementation

Tests fixed: 47
Total tests fixed: 195

Author: jdalton

packages/cli/src/commands/config/handle-config-set.test.mts

@@ -13,6 +13,11 @@ vi.mock('./output-config-set.mts', () => ({
 vi.mock('../../utils/config.mts', () => ({
   updateConfigValue: vi.fn(),
 }))
+vi.mock('@socketsecurity/lib/debug', () => ({
+  debug: vi.fn(),
+  debugDir: vi.fn(),
+  isDebug: vi.fn(() => false),
+}))
 
 describe('handleConfigSet', () => {
   beforeEach(() => {
@@ -74,7 +79,7 @@ describe('handleConfigSet', () => {
   })
 
   it('logs debug information', async () => {
-    const { debugDir, debugFn } = await import('@socketsecurity/lib/debug')
+    const { debug, debugDir } = await import('@socketsecurity/lib/debug')
     const { updateConfigValue } = await import('../../utils/config.mts')
 
     vi.mocked(updateConfigValue).mockReturnValue(
@@ -87,20 +92,19 @@ describe('handleConfigSet', () => {
       value: 'https://api.example.com',
     })
 
-    expect(debugFn).toHaveBeenCalledWith(
-      'notice',
+    expect(debug).toHaveBeenCalledWith(
       'Setting config apiBaseUrl = https://api.example.com',
     )
-    expect(debugDir).toHaveBeenCalledWith('inspect', {
+    expect(debugDir).toHaveBeenCalledWith({
       key: 'apiBaseUrl',
       value: 'https://api.example.com',
       outputKind: 'json',
     })
-    expect(debugFn).toHaveBeenCalledWith('notice', 'Config update succeeded')
+    expect(debug).toHaveBeenCalledWith('Config update succeeded')
   })
 
   it('logs debug information on failure', async () => {
-    const { debugFn } = await import('@socketsecurity/lib/debug')
+    const { debug } = await import('@socketsecurity/lib/debug')
     const { updateConfigValue } = await import('../../utils/config.mts')
 
     vi.mocked(updateConfigValue).mockReturnValue(createErrorResult('Failed'))
@@ -111,7 +115,7 @@ describe('handleConfigSet', () => {
       value: 'bad-token',
     })
 
-    expect(debugFn).toHaveBeenCalledWith('notice', 'Config update failed')
+    expect(debug).toHaveBeenCalledWith('Config update failed')
   })
 
   it('handles different config keys', async () => {

packages/cli/src/commands/fix/handle-fix.test.mts

@@ -20,7 +20,7 @@ vi.mock('./coana-fix.mts', () => ({
 vi.mock('./output-fix-result.mts', () => ({
   outputFixResult: vi.fn(),
 }))
-vi.mock('../../utils/cve/to-ghsa.mts', () => ({
+vi.mock('../../utils/cve-to-ghsa.mts', () => ({
   convertCveToGhsa: vi.fn(),
 }))
 vi.mock('../../utils/purl/to-ghsa.mts', () => ({
@@ -40,7 +40,7 @@ describe('convertIdsToGhsas', () => {
   })
 
   it('converts CVE IDs to GHSA IDs', async () => {
-    const { convertCveToGhsa } = await import('../../utils/cve/to-ghsa.mts')
+    const { convertCveToGhsa } = await import('../../utils/cve-to-ghsa.mts')
     const { logger } = await import('@socketsecurity/lib/logger')
 
     vi.mocked(convertCveToGhsa).mockResolvedValueOnce({
@@ -97,7 +97,7 @@ describe('convertIdsToGhsas', () => {
 
   it('handles invalid CVE format', async () => {
     const { logger } = await import('@socketsecurity/lib/logger')
-    const { convertCveToGhsa } = await import('../../utils/cve/to-ghsa.mts')
+    const { convertCveToGhsa } = await import('../../utils/cve-to-ghsa.mts')
 
     vi.mocked(convertCveToGhsa).mockResolvedValue({
       ok: true,
@@ -115,22 +115,23 @@ describe('convertIdsToGhsas', () => {
   })
 
   it('handles CVE conversion failure', async () => {
-    const { convertCveToGhsa } = await import('../../utils/cve/to-ghsa.mts')
+    const { convertCveToGhsa } = await import('../../utils/cve-to-ghsa.mts')
     const { logger } = await import('@socketsecurity/lib/logger')
 
     vi.mocked(convertCveToGhsa).mockResolvedValue({
       ok: false,
-      message: 'CVE not found',
+      message: 'No GHSA found for CVE CVE-2021-99999',
       error: new Error('CVE not found'),
     })
 
     const result = await convertIdsToGhsas(['CVE-2021-99999'])
 
     expect(result).toEqual([])
     expect(logger.warn).toHaveBeenCalledWith(
-      expect.stringMatching(
-        /Skipped 1 invalid IDs.*CVE-2021-99999.*CVE not found/s,
-      ),
+      expect.stringContaining('Skipped 1 invalid IDs:'),
+    )
+    expect(logger.warn).toHaveBeenCalledWith(
+      expect.stringContaining('CVE-2021-99999: No GHSA found for CVE CVE-2021-99999'),
     )
   })
 
@@ -174,7 +175,7 @@ describe('convertIdsToGhsas', () => {
   })
 
   it('handles mixed ID types', async () => {
-    const { convertCveToGhsa } = await import('../../utils/cve/to-ghsa.mts')
+    const { convertCveToGhsa } = await import('../../utils/cve-to-ghsa.mts')
     const { convertPurlToGhsas } = await import('../../utils/purl/to-ghsa.mts')
     const { logger } = await import('@socketsecurity/lib/logger')
 

packages/cli/src/commands/optimize/handle-optimize.test.mts

@@ -1,17 +1,24 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
 import { handleOptimize } from './handle-optimize.mts'
-import { setupHandleFunctionMocks } from '../../../test/helpers/mock-setup.mts'
-
-setupHandleFunctionMocks()
 
 // Mock the dependencies.
 vi.mock('@socketsecurity/lib/logger', () => ({
   logger: {
     info: vi.fn(),
+    warn: vi.fn(),
   },
 }))
 
+vi.mock('@socketsecurity/lib/debug', () => ({
+  debug: vi.fn(),
+  debugDir: vi.fn(),
+}))
+
+vi.mock('@socketsecurity/lib/constants/agents', () => ({
+  VLT: 'vlt',
+}))
+
 vi.mock('./apply-optimization.mts', () => ({
   applyOptimization: vi.fn(),
 }))
@@ -21,15 +28,10 @@ vi.mock('./output-optimize-result.mts', () => ({
 vi.mock('./shared.mts', () => ({
   CMD_NAME: 'optimize',
 }))
-vi.mock('../../constants.mts', () => ({
-  default: {
-    VLT: 'vlt',
-  },
-}))
 vi.mock('../../utils/process/cmd.mts', () => ({
   cmdPrefixMessage: vi.fn((cmd, msg) => `${cmd}: ${msg}`),
 }))
-vi.mock('../../utils/package/environment.mts', () => ({
+vi.mock('../../utils/ecosystem/environment.mjs', () => ({
   detectAndValidatePackageEnvironment: vi.fn(),
 }))
 
@@ -47,7 +49,7 @@ describe('handleOptimize', () => {
 
   it('optimizes packages successfully', async () => {
     const { detectAndValidatePackageEnvironment } = await import(
-      '../../utils/package/environment.mts'
+      '../../utils/ecosystem/environment.mjs'
     )
     const { applyOptimization } = await import('./apply-optimization.mts')
     const { outputOptimizeResult } = await import(
@@ -81,11 +83,10 @@ describe('handleOptimize', () => {
 
     expect(detectAndValidatePackageEnvironment).toHaveBeenCalledWith(
       '/test/project',
-      {
+      expect.objectContaining({
         cmdName: 'optimize',
-        logger,
         prod: false,
-      },
+      }),
     )
     expect(applyOptimization).toHaveBeenCalledWith(
       expect.objectContaining({
@@ -103,7 +104,7 @@ describe('handleOptimize', () => {
 
   it('handles package environment validation failure', async () => {
     const { detectAndValidatePackageEnvironment } = await import(
-      '../../utils/package/environment.mts'
+      '../../utils/ecosystem/environment.mjs'
     )
     const { outputOptimizeResult } = await import(
       './output-optimize-result.mts'
@@ -133,7 +134,7 @@ describe('handleOptimize', () => {
 
   it('handles missing package environment details', async () => {
     const { detectAndValidatePackageEnvironment } = await import(
-      '../../utils/package/environment.mts'
+      '../../utils/ecosystem/environment.mjs'
     )
     const { outputOptimizeResult } = await import(
       './output-optimize-result.mts'
@@ -165,7 +166,7 @@ describe('handleOptimize', () => {
 
   it('handles unsupported vlt package manager', async () => {
     const { detectAndValidatePackageEnvironment } = await import(
-      '../../utils/package/environment.mts'
+      '../../utils/ecosystem/environment.mjs'
     )
     const { outputOptimizeResult } = await import(
       './output-optimize-result.mts'
@@ -203,7 +204,7 @@ describe('handleOptimize', () => {
 
   it('handles optimization failure', async () => {
     const { detectAndValidatePackageEnvironment } = await import(
-      '../../utils/package/environment.mts'
+      '../../utils/ecosystem/environment.mjs'
     )
     const { applyOptimization } = await import('./apply-optimization.mts')
     const { outputOptimizeResult } = await import(
@@ -245,7 +246,7 @@ describe('handleOptimize', () => {
 
   it('handles pnpm package manager', async () => {
     const { detectAndValidatePackageEnvironment } = await import(
-      '../../utils/package/environment.mts'
+      '../../utils/ecosystem/environment.mjs'
     )
     const { applyOptimization } = await import('./apply-optimization.mts')
     const { logger } = await import('@socketsecurity/lib/logger')
@@ -281,9 +282,9 @@ describe('handleOptimize', () => {
   })
 
   it('logs debug information', async () => {
-    const { debugDir, debugFn } = await import('../../utils/debug.mts')
+    const { debug, debugDir } = await import('@socketsecurity/lib/debug')
     const { detectAndValidatePackageEnvironment } = await import(
-      '../../utils/package/environment.mts'
+      '../../utils/ecosystem/environment.mjs'
     )
     const { applyOptimization } = await import('./apply-optimization.mts')
 
@@ -308,21 +309,19 @@ describe('handleOptimize', () => {
       prod: false,
     })
 
-    expect(debugFn).toHaveBeenCalledWith(
-      'notice',
+    expect(debug).toHaveBeenCalledWith(
       'Starting optimization for /debug/project',
     )
-    expect(debugDir).toHaveBeenCalledWith('inspect', {
+    expect(debugDir).toHaveBeenCalledWith({
       cwd: '/debug/project',
       outputKind: 'json',
       pin: true,
       prod: false,
     })
-    expect(debugFn).toHaveBeenCalledWith(
-      'notice',
+    expect(debug).toHaveBeenCalledWith(
       'Detected package manager: npm v10.0.0',
     )
-    expect(debugFn).toHaveBeenCalledWith('notice', 'Applying optimization')
-    expect(debugFn).toHaveBeenCalledWith('notice', 'Optimization succeeded')
+    expect(debug).toHaveBeenCalledWith('Applying optimization')
+    expect(debug).toHaveBeenCalledWith('Optimization succeeded')
   })
 })

packages/cli/src/commands/package/handle-purls-shallow-score.test.mts

@@ -9,11 +9,10 @@ vi.mock('./fetch-purls-shallow-score.mts', () => ({
 vi.mock('./output-purls-shallow-score.mts', () => ({
   outputPurlsShallowScore: vi.fn(),
 }))
-vi.mock('../../utils/debug.mts', () => ({
+vi.mock('@socketsecurity/lib/debug', () => ({
+  _debug: vi.fn(),
+  debug: vi.fn(),
   debugDir: vi.fn(),
-  debugFn: vi.fn(),
-  debugLog: vi.fn(),
-  isDebug: vi.fn(() => false),
 }))
 
 describe('handlePurlsShallowScore', () => {
@@ -131,7 +130,7 @@ describe('handlePurlsShallowScore', () => {
   })
 
   it('logs debug information', async () => {
-    const { debugDir, debugFn } = await import('../../utils/debug.mts')
+    const { debug, debugDir } = await import('@socketsecurity/lib/debug')
     const { fetchPurlsShallowScore } = await import(
       './fetch-purls-shallow-score.mts'
     )
@@ -148,23 +147,17 @@ describe('handlePurlsShallowScore', () => {
       purls,
     })
 
-    expect(debugFn).toHaveBeenCalledWith(
-      'notice',
-      'Fetching shallow scores for 1 packages',
-    )
-    expect(debugDir).toHaveBeenCalledWith('inspect', {
+    expect(debug).toHaveBeenCalledWith('Fetching shallow scores for 1 packages')
+    expect(debugDir).toHaveBeenCalledWith({
       purls,
       outputKind: 'json',
     })
-    expect(debugFn).toHaveBeenCalledWith(
-      'notice',
-      'Shallow scores fetched successfully',
-    )
-    expect(debugDir).toHaveBeenCalledWith('inspect', { packageData: mockData })
+    expect(debug).toHaveBeenCalledWith('Shallow scores fetched successfully')
+    expect(debugDir).toHaveBeenCalledWith({ packageData: mockData })
   })
 
   it('logs debug information on failure', async () => {
-    const { debugFn } = await import('../../utils/debug.mts')
+    const { debug } = await import('@socketsecurity/lib/debug')
     const { fetchPurlsShallowScore } = await import(
       './fetch-purls-shallow-score.mts'
     )
@@ -180,10 +173,7 @@ describe('handlePurlsShallowScore', () => {
       purls: ['pkg:npm/package1@1.0.0'],
     })
 
-    expect(debugFn).toHaveBeenCalledWith(
-      'notice',
-      'Shallow scores fetch failed',
-    )
+    expect(debug).toHaveBeenCalledWith('Shallow scores fetch failed')
   })
 
   it('handles multiple purls', async () => {

packages/cli/src/commands/package/output-purls-shallow-malware.test.mts

@@ -10,7 +10,7 @@ import {
 describe('package score output with malware detection', async () => {
   describe('malware and gptMalware alerts', () => {
     it('should display malware alerts in text report', () => {
-      const { missing: _missing, rows } = preProcess(npmMalware.data, [])
+      const { missing, rows } = preProcess(npmMalware.data, [])
       const txt = generateTextReport(rows, missing)
 
       // Check that the report contains both malware types.
@@ -41,7 +41,7 @@ describe('package score output with malware detection', async () => {
     })
 
     it('should display malware alerts in markdown report', () => {
-      const { missing: _missing, rows } = preProcess(npmMalware.data, [])
+      const { missing, rows } = preProcess(npmMalware.data, [])
       const txt = generateMarkdownReport(rows, missing)
 
       // Check that the report contains both malware types.
@@ -78,7 +78,7 @@ describe('package score output with malware detection', async () => {
       // When gptMalware is disabled, it would have action: 'ignore'.
       dataWithMalwareOnly[0].alerts[1].action = 'ignore' // gptMalware
 
-      const { missing: _missing, rows } = preProcess(dataWithMalwareOnly, [])
+      const { missing, rows } = preProcess(dataWithMalwareOnly, [])
       const txt = generateTextReport(rows, missing)
 
       // Should still show malware but not gptMalware if it's ignored.