You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#1302 (PR #1306) landed the v1.5 InspectorClient runtime + transports + auth subsystem into v2. The port included all 19 v1.5 test files (~11,170 LOC) verbatim under clients/web/src/test/core/, but 13 of them are currently excluded from the unit vitest project because they can't run under happy-dom. This issue tracks closing those three deferred gaps so the PR's "no regression vs. v1.5" intent is actually backed by passing tests.
Gap 1 — Integration tests excluded from the unit project
These tests are listed in clients/web/vite.config.ts (projects[0].test.exclude, marked TODO(#1302 follow-up)). They fail in the unit project because they:
Spawn real HTTP / stdio servers via test-servers/ (createTestServerHttp, getTestMcpServerCommand, etc.)
Run end-to-end OAuth flows that require real network round-trips
Use node:fs / node:os / node:net for file storage or socket binding
Or (in the auth/discovery.test.ts and auth/state-machine.test.ts cases) mock @modelcontextprotocol/sdk/client/auth.js but the mock identity is lost in happy-dom + Vitest 4, so a real fetch fires and CORS blocks it
Affected files:
File
LOC
Why excluded
inspectorClient.test.ts
4,005
Spawns stdio/HTTP test servers, drives full client lifecycle
inspectorClient-oauth.test.ts
553
OAuth flow against TestServerOAuth
inspectorClient-oauth-e2e.test.ts
1,880
E2E OAuth across SSE + streamable-HTTP × static/CIMD/DCR modes
inspectorClient-oauth-fetchFn.test.ts
200
Verifies fetchFn is threaded through OAuth
inspectorClient-oauth-remote-storage-e2e.test.ts
507
OAuth + RemoteOAuthStorage against a live Hono server
transport.test.ts
192
Real stdio / streamable-HTTP transports
remote-transport.test.ts
1,003
Spawns Hono remote server + MCP test servers
remote-server-config.test.ts
58
Hono server config parsing under real env vars
storage-adapters.test.ts
327
File + remote storage adapters (node:fs, HTTP)
auth/storage-node.test.ts
521
NodeOAuthStorage against the filesystem
auth/oauth-callback-server.test.ts
196
Binds a real http.Server
auth/discovery.test.ts
317
SDK auth-module mock identity lost under happy-dom + Vitest 4
auth/state-machine.test.ts
374
Same as above
Gap 2 — Coverage gate doesn't measure source files exercised only by those tests
clients/web/vite.config.ts (coverage.exclude) currently excludes the corresponding source paths so the per-file gate from #1301 still passes:
core/mcp/inspectorClient.ts
core/mcp/oauthManager.ts
core/mcp/fetchTracking.ts
core/mcp/messageTrackingTransport.ts
core/mcp/config.ts
core/mcp/node/**
core/mcp/remote/**
core/auth/**
core/storage/**
core/logging/**
test-servers/**
Once each test family comes back online, the corresponding entry in coverage.exclude should be dropped so the gate enforces ≥90/85/80/50 on those files.
Gap 3 — Manual smoke tests per the original AC on #1302 still unverified
new InspectorClient({ transport: 'stdio', command: 'node', args: ['…'] }) connects against a real stdio MCP server
new InspectorClient({ transport: 'http', url: '…' }) connects against a streamable-HTTP server
OAuth flow completes against at least one provider
These can probably be verified by hand once gap 1 is closed (the integration tests cover all three cases), but they should be explicitly signed off before declaring "no regression vs. v1.5."
Proposed approach
Add a node-env vitest project to clients/web/vite.config.ts, alongside unit and storybook:
include: the 13 file paths currently in unit.exclude
No setupFiles (or a minimal node-side one — no happy-dom cleanup)
Wire it into CI (probably a new test:integration script alongside test:storybook) and update AGENTS.md.
Sort out the SDK-mock identity issue for auth/discovery.test.ts and auth/state-machine.test.ts — these don't need a real network, just a working vi.mock("@modelcontextprotocol/sdk/client/auth.js", …). Likely a Vitest module-resolution tweak or a small mock helper.
Drop entries from coverage.exclude as each test family comes online, verifying the gate stays green.
Background
#1302 (PR #1306) landed the v1.5 InspectorClient runtime + transports + auth subsystem into v2. The port included all 19 v1.5 test files (~11,170 LOC) verbatim under
clients/web/src/test/core/, but 13 of them are currently excluded from the unit vitest project because they can't run under happy-dom. This issue tracks closing those three deferred gaps so the PR's "no regression vs. v1.5" intent is actually backed by passing tests.Gap 1 — Integration tests excluded from the unit project
These tests are listed in
clients/web/vite.config.ts(projects[0].test.exclude, markedTODO(#1302 follow-up)). They fail in the unit project because they:test-servers/(createTestServerHttp,getTestMcpServerCommand, etc.)node:fs/node:os/node:netfor file storage or socket bindingauth/discovery.test.tsandauth/state-machine.test.tscases) mock@modelcontextprotocol/sdk/client/auth.jsbut the mock identity is lost in happy-dom + Vitest 4, so a real fetch fires and CORS blocks itAffected files:
inspectorClient.test.tsinspectorClient-oauth.test.tsTestServerOAuthinspectorClient-oauth-e2e.test.tsinspectorClient-oauth-fetchFn.test.tsfetchFnis threaded through OAuthinspectorClient-oauth-remote-storage-e2e.test.tsRemoteOAuthStorageagainst a live Hono servertransport.test.tsremote-transport.test.tsremote-server-config.test.tsstorage-adapters.test.tsnode:fs, HTTP)auth/storage-node.test.tsNodeOAuthStorageagainst the filesystemauth/oauth-callback-server.test.tshttp.Serverauth/discovery.test.tsauth/state-machine.test.tsGap 2 — Coverage gate doesn't measure source files exercised only by those tests
clients/web/vite.config.ts(coverage.exclude) currently excludes the corresponding source paths so the per-file gate from #1301 still passes:core/mcp/inspectorClient.tscore/mcp/oauthManager.tscore/mcp/fetchTracking.tscore/mcp/messageTrackingTransport.tscore/mcp/config.tscore/mcp/node/**core/mcp/remote/**core/auth/**core/storage/**core/logging/**test-servers/**Once each test family comes back online, the corresponding entry in
coverage.excludeshould be dropped so the gate enforces ≥90/85/80/50 on those files.Gap 3 — Manual smoke tests per the original AC on #1302 still unverified
The acceptance criteria on #1302 included:
new InspectorClient({ transport: 'stdio', command: 'node', args: ['…'] })connects against a real stdio MCP servernew InspectorClient({ transport: 'http', url: '…' })connects against a streamable-HTTP serverThese can probably be verified by hand once gap 1 is closed (the integration tests cover all three cases), but they should be explicitly signed off before declaring "no regression vs. v1.5."
Proposed approach
clients/web/vite.config.ts, alongsideunitandstorybook:name: 'integration'environment: 'node'testTimeout: 30000,hookTimeout: 30000(matches v1.5'score/vitest.config.ts)include: the 13 file paths currently inunit.excludesetupFiles(or a minimal node-side one — nohappy-domcleanup)test:integrationscript alongsidetest:storybook) and updateAGENTS.md.auth/discovery.test.tsandauth/state-machine.test.ts— these don't need a real network, just a workingvi.mock("@modelcontextprotocol/sdk/client/auth.js", …). Likely a Vitest module-resolution tweak or a small mock helper.coverage.excludeas each test family comes online, verifying the gate stays green.Acceptance criteria
npm run validatecontinues to pass; CI runs the new integration projectcoverage.excludethat points at v1.5-ported source has been removed, and the per-file gate (≥90/85/80/50) passes for those filesclients/web/vite.config.tsno longer carries anyTODO(#1302 follow-up)markersOut of scope
test-servers/orcore/auth/node/for the browser. These are intentionally node-only.branchesthreshold above 50% on the newly-measured files (see Audit per-file branch-coverage outliers and consider raising the 50% gate #1271 for that).