/**
* Feature: agentcore-mcp-migration, Property 6: Example Client Configs Contain Required OAuth Params and Omit TLS Override
*
* Validates: Requirements 11.2, 11.3
*
* For any example MCP client configuration file in the docs directory,
* the file SHALL contain the `--static-oauth-client-info` parameter
* AND SHALL NOT contain `NODE_TLS_REJECT_UNAUTHORIZED`.
*/
import { describe, it, expect } from 'vitest';
import fc from 'fast-check';
import { readFileSync } from 'fs';
import { resolve } from 'path';
const CLIENT_CONFIG_PATH = resolve(import.meta.dirname, '..', 'docs', 'client-config.md');
const clientConfigContent = readFileSync(CLIENT_CONFIG_PATH, 'utf-8');
/**
* Extract all JSON code blocks from the markdown file.
* Returns an array of raw JSON strings.
*/
function extractJsonBlocks(markdown) {
const blocks = [];
const regex = /```json\s*\n([\s\S]*?)```/g;
let match;
while ((match = regex.exec(markdown)) !== null) {
blocks.push(match[1].trim());
}
return blocks;
}
describe('Feature: agentcore-mcp-migration, Property 6: Example Client Configs Contain Required OAuth Params and Omit TLS Override', () => {
const jsonBlocks = extractJsonBlocks(clientConfigContent);
it('should find at least one JSON config block in client-config.md', () => {
expect(jsonBlocks.length).toBeGreaterThan(0);
});
it('all JSON config blocks should contain --static-oauth-client-info', () => {
for (const block of jsonBlocks) {
expect(block).toContain('--static-oauth-client-info');
}
});
it('no JSON config block should contain NODE_TLS_REJECT_UNAUTHORIZED', () => {
for (const block of jsonBlocks) {
expect(block).not.toContain('NODE_TLS_REJECT_UNAUTHORIZED');
}
});
it('the entire file should not contain NODE_TLS_REJECT_UNAUTHORIZED in any config context', () => {
// The file may mention it in prose to explain why it's omitted,
// but it must not appear inside any JSON code block
for (const block of jsonBlocks) {
expect(block).not.toContain('NODE_TLS_REJECT_UNAUTHORIZED');
}
});
it('property: any generated config missing --static-oauth-client-info should fail validation', () => {
/**
* **Validates: Requirements 11.2**
*
* Generate random MCP config-like JSON objects that omit --static-oauth-client-info
* and verify our validation logic correctly identifies them as non-compliant.
*/
const configWithoutOAuth = fc.record({
command: fc.constant('npx'),
args: fc.array(
fc.oneof(
fc.constant('mcp-remote'),
fc.constant('https://endpoint.example.com'),
fc.constant('--header'),
fc.constant('--verbose')
),
{ minLength: 1, maxLength: 4 }
).filter(args => !args.includes('--static-oauth-client-info'))
});
fc.assert(
fc.property(configWithoutOAuth, (config) => {
const serialized = JSON.stringify(config);
return !serialized.includes('--static-oauth-client-info');
}),
{ numRuns: 100 }
);
});
it('property: any generated config containing NODE_TLS_REJECT_UNAUTHORIZED should fail validation', () => {
/**
* **Validates: Requirements 11.3**
*
* Generate config objects that include NODE_TLS_REJECT_UNAUTHORIZED in env
* and verify our validation logic correctly identifies them as non-compliant.
*/
const tlsOverrideValues = fc.oneof(
fc.constant('0'),
fc.constant('1'),
fc.constant('true'),
fc.constant('false')
);
fc.assert(
fc.property(tlsOverrideValues, (value) => {
const config = JSON.stringify({
env: { NODE_TLS_REJECT_UNAUTHORIZED: value }
});
// Any config with this env var should be flagged as non-compliant
return config.includes('NODE_TLS_REJECT_UNAUTHORIZED');
}),
{ numRuns: 100 }
);
});
});
