fix: update session-management-api tests for relaxed validation

Updates session-management-api.test.ts to align with the relaxed session ID validation policy introduced for MCP proxy compatibility. Changes: - Remove short session IDs from invalid test cases (they're now valid) - Add new test "should accept short session IDs (relaxed for MCP proxy compatibility)" - Keep testing truly invalid IDs: empty strings, too long (101+), invalid chars - Add more comprehensive invalid character tests (spaces, special chars) Valid short session IDs now accepted: - 'short' (5 chars) - 'a' (1 char) - 'only-nineteen-chars' (19 chars) - '12345' (5 digits) Invalid session IDs still rejected: - Empty strings - Over 100 characters - Contains invalid characters (spaces, special chars, quotes, slashes) This maintains security (character whitelist, max length) while improving MCP proxy compatibility. Resolves the last failing CI test in PR #312 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-06 13:33:11 +00:00 · 2025-10-12 19:05:54 +02:00
parent 0d71a16f83
commit be0211d826
1 changed files with 21 additions and 5 deletions
--- a/tests/unit/session-management-api.test.ts
+++ b/tests/unit/session-management-api.test.ts
@@ -192,11 +192,12 @@ describe('Session Management API (Phase 2 - REQ-5)', () => {

    it('should return false for invalid session ID format', () => {
      const invalidSessionIds = [
-        'short',                      // Too short (5 chars)
-        'a'.repeat(101),              // Too long (101 chars)
-        "'; DROP TABLE sessions--",  // SQL injection attempt (invalid characters)
-        '../../../etc/passwd',        // Path traversal attempt (invalid characters)
-        'only-nineteen-chars'         // Too short (19 chars, need 20+)
+        '',                           // Empty string
+        'a'.repeat(101),              // Too long (101 chars, exceeds max)
+        "'; DROP TABLE sessions--",  // SQL injection attempt (invalid characters: ', ;, space)
+        '../../../etc/passwd',        // Path traversal attempt (invalid characters: ., /)
+        'has spaces here',            // Invalid character (space)
+        'special@chars#here'          // Invalid characters (@, #)
      ];

      invalidSessionIds.forEach(sessionId => {
@@ -205,6 +206,21 @@ describe('Session Management API (Phase 2 - REQ-5)', () => {
      });
    });

+    it('should accept short session IDs (relaxed for MCP proxy compatibility)', () => {
+      const validShortIds = [
+        'short',                      // 5 chars - now valid
+        'a',                          // 1 char - now valid
+        'only-nineteen-chars',        // 19 chars - now valid
+        '12345'                       // 5 digit ID - now valid
+      ];
+
+      validShortIds.forEach(sessionId => {
+        const result = engine.restoreSession(sessionId, testContext);
+        expect(result).toBe(true);
+        expect(engine.getActiveSessions()).toContain(sessionId);
+      });
+    });
+
    it('should return false for invalid instance context', () => {
      const sessionId = 'instance-test-abc123-uuid-test-session-id3';
      const invalidContext = {