Problem
After the sub-MCP write tools landed (#144 / #149), test coverage did not follow. The only test files in the repo are:
packages/mcp-core/src/__tests__/api-client.test.ts
packages/mcp-core/src/auth/__tests__/{context,index,oauth}.test.ts
packages/mcp/src/tools/__tests__/orgs.test.ts
There are zero tests for any tool in mcp-vault, mcp-fleet, mcp-growth, or mcp-track — including the destructive ones (delete_secret, delete_vault, rotate_secret, activate_release, trigger_agent_run).
(Note: existing issue #70 predates the pivot and references removed tools like events/changelog/config; this issue is specifically about the current sub-MCP write surface.)
Why it matters
These tools build URLs from user input and select per-product base URLs (FLEET_API_URL, GROWTH_API_URL, FerrTrack base). A wrong path, missing encodeURIComponent, wrong HTTP method, or wrong base URL silently hits the wrong API — exactly the class of bug #146 fixed for FerrTrack routing, with no regression test guarding it.
Proposed approach
- Add per-tool tests that mock
apiRequest / fetch and assert: the exact path, HTTP method, base URL, and body for each tool.
- Cover the destructive tools explicitly (correct method + path + that the success message reflects the id).
- Include at least one schema-validation rejection case per tool group (e.g.
create_secret name regex, revoke_token uuid).
Acceptance criteria
- Each write tool in
mcp-vault / mcp-fleet / mcp-growth / mcp-track has a test asserting method, path, and base URL.
- Schema rejection is asserted for at least one input per group.
- Coverage for the
*/tools/ directories is meaningfully above zero.
Problem
After the sub-MCP write tools landed (#144 / #149), test coverage did not follow. The only test files in the repo are:
packages/mcp-core/src/__tests__/api-client.test.tspackages/mcp-core/src/auth/__tests__/{context,index,oauth}.test.tspackages/mcp/src/tools/__tests__/orgs.test.tsThere are zero tests for any tool in
mcp-vault,mcp-fleet,mcp-growth, ormcp-track— including the destructive ones (delete_secret,delete_vault,rotate_secret,activate_release,trigger_agent_run).(Note: existing issue #70 predates the pivot and references removed tools like
events/changelog/config; this issue is specifically about the current sub-MCP write surface.)Why it matters
These tools build URLs from user input and select per-product base URLs (
FLEET_API_URL,GROWTH_API_URL, FerrTrack base). A wrong path, missingencodeURIComponent, wrong HTTP method, or wrong base URL silently hits the wrong API — exactly the class of bug #146 fixed for FerrTrack routing, with no regression test guarding it.Proposed approach
apiRequest/fetchand assert: the exact path, HTTP method, base URL, and body for each tool.create_secretname regex,revoke_tokenuuid).Acceptance criteria
mcp-vault/mcp-fleet/mcp-growth/mcp-trackhas a test asserting method, path, and base URL.*/tools/directories is meaningfully above zero.