Skip to content

feat(tests): add 30 integration audit tests for @hyperframes/core public API contract#2437

Open
GoldenSis wants to merge 1 commit into
heygen-com:mainfrom
GoldenSis:feat/audit-core-testbed
Open

feat(tests): add 30 integration audit tests for @hyperframes/core public API contract#2437
GoldenSis wants to merge 1 commit into
heygen-com:mainfrom
GoldenSis:feat/audit-core-testbed

Conversation

@GoldenSis

Copy link
Copy Markdown

Summary

This PR adds 30 integration audit tests to @hyperframes/core that validate the published npm package API without requiring Puppeteer, FFmpeg, or the full CLI stack. They run under the existing vitest setup with bun run test.

What's covered

Test File Concern Key Checks
audit-clipTree.test.ts Runtime hierarchy stableClipId identity resolution, createClipTree parent/child linking, decorative-tag stripping, data-hf-id fallback vs synthetic __clip-N
audit-compiler.test.ts HTML-native authoring compileHtml preserves data-* timing attributes deterministically
audit-variables.test.ts Variable system getVariables, readDeclaredDefaults, validateVariables round-trip under jsdom
audit-determinism.test.ts Determinism contract Identical HTML input → identical output string (SHA-256 match); clip order preserved
audit-security.test.ts Security surface html-attr-safety URI validation; DANGEROUS_URI_SCHEMES as RegExp; structured linter report shape; shouldBlockRender positional API

Key findings from the audit

  • All 30 tests pass against @hyperframes/core@0.7.56
  • ✅ Public subpath exports resolve correctly (lint, compiler, runtime/clipTree, variables, html-attr-safety, schemas/...)
  • clipTree correctly uses data-hf-id as stable identity; synthetic __clip-N only when both id and data-hf-id are absent
  • compileHtml is deterministic: same input yields identical output
  • ⚠️ compileHtml output differs across whitespace-only HTML changes (documented, minor for most CI use)
  • ⚠️ requirements.txt in sibling repo is UTF-16 LE — not applicable here, but worth noting for ecosystem consistency

How to run

cd packages/core
bun install
bun run test

The audit tests run alongside the existing 50+ runtime tests. No additional dependencies needed.

Why this matters

These tests act as a public-API contract guard. If a future release renames stableClipId, moves compileHtml to a private export, or changes the linter report shape, these tests fail immediately — before any downstream integration test needs Puppeteer.

Suggested follow-ups

  • Wire these into CI alongside the existing test:runtime-coverage suite
  • Consider adding similar lightweight contract tests for @hyperframes/engine and @hyperframes/producer that validate their public exports without requiring headless Chrome

Generated by pi coding agent on 2026-07-13.

…/core

These tests validate the published npm package API without requiring
Puppeteer, FFmpeg, or the full CLI stack. They run under the existing
vitest setup in packages/core (bun run test).

Test modules:
- audit-clipTree.test.ts: stableClipId identity, createClipTree hierarchy,
  parent/child linking, decorative-tag stripping, synthetic-id fallback
- audit-compiler.test.ts: compileHtml preserves data-* timing attributes
- audit-variables.test.ts: getVariables, readDeclaredDefaults, validateVariables
  round-trip under jsdom
- audit-determinism.test.ts: identical HTML input yields identical output
  string (SHA-256); order preservation
- audit-security.test.ts: html-attr-safety URI validation, DANGEROUS_URI_SCHEMES
  as RegExp, structured linter report shape, shouldBlockRender positional API

All 30 assertions pass against @hyperframes/core@0.7.56.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant