add tests

Author: betegon

packages/core/test/lib/integrations/mcp-server/piiFiltering.test.ts

@@ -13,33 +13,31 @@ describe('MCP Server PII Filtering', () => {
     vi.clearAllMocks();
   });
 
-  describe('Integration Tests', () => {
+  describe('Integration Tests - Network PII', () => {
     let mockMcpServer: ReturnType<typeof createMockMcpServer>;
-    let wrappedMcpServer: ReturnType<typeof createMockMcpServer>;
     let mockTransport: ReturnType<typeof createMockTransport>;
 
     beforeEach(() => {
       mockMcpServer = createMockMcpServer();
-      wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
       mockTransport = createMockTransport();
       mockTransport.sessionId = 'test-session-123';
     });
 
-    it('should include PII data when sendDefaultPii is true', async () => {
-      // Mock client with sendDefaultPii: true
+    it('should include network PII when sendDefaultPii is true', async () => {
       getClientSpy.mockReturnValue({
         getOptions: () => ({ sendDefaultPii: true }),
         getDsn: () => ({ publicKey: 'test-key', host: 'test-host' }),
         emit: vi.fn(),
       } as unknown as ReturnType<typeof currentScopes.getClient>);
 
+      const wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
       await wrappedMcpServer.connect(mockTransport);
 
       const jsonRpcRequest = {
         jsonrpc: '2.0',
         method: 'tools/call',
         id: 'req-pii-true',
-        params: { name: 'weather', arguments: { location: 'London', units: 'metric' } },
+        params: { name: 'weather', arguments: { location: 'London' } },
       };
 
       const extraWithClientInfo = {
@@ -51,35 +49,31 @@ describe('MCP Server PII Filtering', () => {
 
       mockTransport.onmessage?.(jsonRpcRequest, extraWithClientInfo);
 
-      expect(startInactiveSpanSpy).toHaveBeenCalledWith({
-        name: 'tools/call weather',
-        op: 'mcp.server',
-        forceTransaction: true,
-        attributes: expect.objectContaining({
-          'client.address': '192.168.1.100',
-          'client.port': 54321,
-          'mcp.request.argument.location': '"London"',
-          'mcp.request.argument.units': '"metric"',
-          'mcp.tool.name': 'weather',
+      expect(startInactiveSpanSpy).toHaveBeenCalledWith(
+        expect.objectContaining({
+          attributes: expect.objectContaining({
+            'client.address': '192.168.1.100',
+            'client.port': 54321,
+          }),
         }),
-      });
+      );
     });
 
-    it('should exclude PII data when sendDefaultPii is false', async () => {
-      // Mock client with sendDefaultPii: false
+    it('should exclude network PII when sendDefaultPii is false', async () => {
       getClientSpy.mockReturnValue({
         getOptions: () => ({ sendDefaultPii: false }),
         getDsn: () => ({ publicKey: 'test-key', host: 'test-host' }),
         emit: vi.fn(),
       } as unknown as ReturnType<typeof currentScopes.getClient>);
 
+      const wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
       await wrappedMcpServer.connect(mockTransport);
 
       const jsonRpcRequest = {
         jsonrpc: '2.0',
         method: 'tools/call',
         id: 'req-pii-false',
-        params: { name: 'weather', arguments: { location: 'London', units: 'metric' } },
+        params: { name: 'weather', arguments: { location: 'London' } },
       };
 
       const extraWithClientInfo = {
@@ -96,8 +90,6 @@ describe('MCP Server PII Filtering', () => {
           attributes: expect.not.objectContaining({
             'client.address': expect.anything(),
             'client.port': expect.anything(),
-            'mcp.request.argument.location': expect.anything(),
-            'mcp.request.argument.units': expect.anything(),
           }),
         }),
       );
@@ -111,130 +103,41 @@ describe('MCP Server PII Filtering', () => {
         }),
       );
     });
-
-    it('should filter tool result content when sendDefaultPii is false', async () => {
-      // Mock client with sendDefaultPii: false
-      getClientSpy.mockReturnValue({
-        getOptions: () => ({ sendDefaultPii: false }),
-      } as ReturnType<typeof currentScopes.getClient>);
-
-      await wrappedMcpServer.connect(mockTransport);
-
-      const mockSpan = {
-        setAttributes: vi.fn(),
-        setStatus: vi.fn(),
-        end: vi.fn(),
-      } as unknown as ReturnType<typeof tracingModule.startInactiveSpan>;
-      startInactiveSpanSpy.mockReturnValueOnce(mockSpan);
-
-      const toolCallRequest = {
-        jsonrpc: '2.0',
-        method: 'tools/call',
-        id: 'req-tool-result-filtered',
-        params: { name: 'weather-lookup' },
-      };
-
-      mockTransport.onmessage?.(toolCallRequest, {});
-
-      const toolResponse = {
-        jsonrpc: '2.0',
-        id: 'req-tool-result-filtered',
-        result: {
-          content: [{ type: 'text', text: 'Sensitive weather data for London' }],
-          isError: false,
-        },
-      };
-
-      mockTransport.send?.(toolResponse);
-
-      // Tool result content should be filtered out, but metadata should remain
-      const setAttributesCall = mockSpan.setAttributes.mock.calls[0]?.[0];
-      expect(setAttributesCall).toBeDefined();
-      expect(setAttributesCall).not.toHaveProperty('mcp.tool.result.content');
-      expect(setAttributesCall).toHaveProperty('mcp.tool.result.is_error', false);
-      expect(setAttributesCall).toHaveProperty('mcp.tool.result.content_count', 1);
-    });
   });
 
   describe('filterMcpPiiFromSpanData Function', () => {
     it('should preserve all data when sendDefaultPii is true', () => {
       const spanData = {
         'client.address': '192.168.1.100',
         'client.port': 54321,
-        'mcp.request.argument.location': '"San Francisco"',
-        'mcp.tool.result.content': 'Weather data: 18°C',
-        'mcp.tool.result.content_count': 1,
-        'mcp.prompt.result.description': 'Code review prompt for sensitive analysis',
-        'mcp.prompt.result.message_content': 'Please review this confidential code.',
-        'mcp.prompt.result.message_count': 1,
-        'mcp.resource.result.content': 'Sensitive resource content',
-        'mcp.logging.message': 'User requested weather',
         'mcp.resource.uri': 'file:///private/docs/secret.txt',
-        'mcp.method.name': 'tools/call', // Non-PII should remain
+        'mcp.method.name': 'tools/call',
+        'mcp.tool.name': 'weather',
       };
 
       const result = filterMcpPiiFromSpanData(spanData, true);
 
-      expect(result).toEqual(spanData); // All data preserved
+      expect(result).toEqual(spanData);
     });
 
-    it('should remove PII data when sendDefaultPii is false', () => {
+    it('should only remove network PII when sendDefaultPii is false', () => {
       const spanData = {
         'client.address': '192.168.1.100',
         'client.port': 54321,
-        'mcp.request.argument.location': '"San Francisco"',
-        'mcp.request.argument.units': '"celsius"',
-        'mcp.tool.result.content': 'Weather data: 18°C',
-        'mcp.tool.result.content_count': 1,
-        'mcp.prompt.result.description': 'Code review prompt for sensitive analysis',
-        'mcp.prompt.result.message_count': 2,
-        'mcp.prompt.result.0.role': 'user',
-        'mcp.prompt.result.0.content': 'Sensitive prompt content',
-        'mcp.prompt.result.1.role': 'assistant',
-        'mcp.prompt.result.1.content': 'Another sensitive response',
-        'mcp.resource.result.content_count': 1,
-        'mcp.resource.result.uri': 'file:///private/file.txt',
-        'mcp.resource.result.content': 'Sensitive resource content',
-        'mcp.logging.message': 'User requested weather',
         'mcp.resource.uri': 'file:///private/docs/secret.txt',
-        'mcp.method.name': 'tools/call', // Non-PII should remain
-        'mcp.session.id': 'test-session-123', // Non-PII should remain
+        'mcp.method.name': 'tools/call',
+        'mcp.tool.name': 'weather',
+        'mcp.session.id': 'test-session-123',
       };
 
       const result = filterMcpPiiFromSpanData(spanData, false);
 
-      // Client info should be filtered
       expect(result).not.toHaveProperty('client.address');
       expect(result).not.toHaveProperty('client.port');
-
-      // Request arguments should be filtered
-      expect(result).not.toHaveProperty('mcp.request.argument.location');
-      expect(result).not.toHaveProperty('mcp.request.argument.units');
-
-      // Specific PII content attributes should be filtered
-      expect(result).not.toHaveProperty('mcp.tool.result.content');
-      expect(result).not.toHaveProperty('mcp.prompt.result.description');
-
-      // Count attributes should remain as they don't contain sensitive content
-      expect(result).toHaveProperty('mcp.tool.result.content_count', 1);
-      expect(result).toHaveProperty('mcp.prompt.result.message_count', 2);
-
-      // All tool and prompt result content should be filtered (including indexed attributes)
-      expect(result).not.toHaveProperty('mcp.prompt.result.0.role');
-      expect(result).not.toHaveProperty('mcp.prompt.result.0.content');
-      expect(result).not.toHaveProperty('mcp.prompt.result.1.role');
-      expect(result).not.toHaveProperty('mcp.prompt.result.1.content');
-
-      expect(result).toHaveProperty('mcp.resource.result.content_count', 1);
-      expect(result).toHaveProperty('mcp.resource.result.uri', 'file:///private/file.txt');
-      expect(result).toHaveProperty('mcp.resource.result.content', 'Sensitive resource content');
-
-      // Other PII attributes should be filtered
-      expect(result).not.toHaveProperty('mcp.logging.message');
       expect(result).not.toHaveProperty('mcp.resource.uri');
 
-      // Non-PII attributes should remain
       expect(result).toHaveProperty('mcp.method.name', 'tools/call');
+      expect(result).toHaveProperty('mcp.tool.name', 'weather');
       expect(result).toHaveProperty('mcp.session.id', 'test-session-123');
     });
 
@@ -243,10 +146,11 @@ describe('MCP Server PII Filtering', () => {
       expect(result).toEqual({});
     });
 
-    it('should handle span data with no PII attributes', () => {
+    it('should handle span data with no network PII attributes', () => {
       const spanData = {
         'mcp.method.name': 'tools/list',
         'mcp.session.id': 'test-session',
+        'mcp.tool.name': 'weather',
       };
 
       const result = filterMcpPiiFromSpanData(spanData, false);

packages/core/test/lib/integrations/mcp-server/semanticConventions.test.ts

@@ -26,7 +26,7 @@ describe('MCP Server Semantic Conventions', () => {
 
     beforeEach(() => {
       mockMcpServer = createMockMcpServer();
-      wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
+      wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer, { recordInputs: true, recordOutputs: true });
       mockTransport = createMockTransport();
       mockTransport.sessionId = 'test-session-123';
     });

packages/core/test/lib/integrations/mcp-server/transportInstrumentation.test.ts

@@ -190,7 +190,7 @@ describe('MCP Server Transport Instrumentation', () => {
 
     beforeEach(() => {
       mockMcpServer = createMockMcpServer();
-      wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
+      wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer, { recordInputs: true });
       mockStdioTransport = createMockStdioTransport();
       mockStdioTransport.sessionId = 'stdio-session-456';
     });
@@ -308,15 +308,15 @@ describe('MCP Server Transport Instrumentation', () => {
     it('should test wrapTransportOnMessage directly', () => {
       const originalOnMessage = mockTransport.onmessage;
 
-      wrapTransportOnMessage(mockTransport);
+      wrapTransportOnMessage(mockTransport, false);
 
       expect(mockTransport.onmessage).not.toBe(originalOnMessage);
     });
 
     it('should test wrapTransportSend directly', () => {
       const originalSend = mockTransport.send;
 
-      wrapTransportSend(mockTransport);
+      wrapTransportSend(mockTransport, false);
 
       expect(mockTransport.send).not.toBe(originalSend);
     });
@@ -345,12 +345,17 @@ describe('MCP Server Transport Instrumentation', () => {
         params: { name: 'test-tool', arguments: { input: 'test' } },
       };
 
-      const config = buildMcpServerSpanConfig(jsonRpcRequest, mockTransport, {
-        requestInfo: {
-          remoteAddress: '127.0.0.1',
-          remotePort: 8080,
+      const config = buildMcpServerSpanConfig(
+        jsonRpcRequest,
+        mockTransport,
+        {
+          requestInfo: {
+            remoteAddress: '127.0.0.1',
+            remotePort: 8080,
+          },
         },
-      });
+        true, // recordInputs
+      );
 
       expect(config).toEqual({
         name: 'tools/call test-tool',
@@ -655,4 +660,54 @@ describe('MCP Server Transport Instrumentation', () => {
       expect(mockSpan.end).toHaveBeenCalled();
     });
   });
+
+  describe('Wrapper Options', () => {
+    it('should NOT capture request arguments by default (recordInputs: false)', async () => {
+      const mockMcpServer = createMockMcpServer();
+      const wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
+      const transport = createMockTransport();
+
+      await wrappedMcpServer.connect(transport);
+
+      transport.onmessage?.(
+        {
+          jsonrpc: '2.0',
+          method: 'tools/call',
+          id: 'tool-1',
+          params: { name: 'weather', arguments: { location: 'London' } },
+        },
+        {},
+      );
+
+      expect(startInactiveSpanSpy).toHaveBeenCalledWith(
+        expect.objectContaining({
+          attributes: expect.not.objectContaining({
+            'mcp.request.argument.location': expect.anything(),
+          }),
+        }),
+      );
+    });
+
+    it('should NOT capture tool outputs by default (recordOutputs: false)', async () => {
+      const mockMcpServer = createMockMcpServer();
+      const wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
+      const transport = createMockTransport();
+
+      await wrappedMcpServer.connect(transport);
+
+      const setAttributesSpy = vi.fn();
+      const mockSpan = { setAttributes: setAttributesSpy, end: vi.fn() };
+      startInactiveSpanSpy.mockReturnValueOnce(mockSpan as any);
+
+      transport.onmessage?.({ jsonrpc: '2.0', method: 'tools/call', id: 'tool-1', params: { name: 'weather' } }, {});
+
+      await transport.send?.({
+        jsonrpc: '2.0',
+        id: 'tool-1',
+        result: { content: [{ type: 'text', text: 'Sunny' }], isError: false },
+      });
+
+      expect(setAttributesSpy).not.toHaveBeenCalled();
+    });
+  });
 });