Lines 88-116javascript
88for (const forbiddenUiField of ["privateKeyPem", "proxyPassword"]) {
89 assertNotIncludes(profilePicker, forbiddenUiField, `profile picker must not render ${forbiddenUiField}`);
90 assertNotIncludes(terminalPanel, forbiddenUiField, `terminal panel must not render ${forbiddenUiField}`);
93// Profile CRUD/preflight routes must reject secrets and return only non-secret/redacted data.
94assertIncludes(profileStore, "FORBIDDEN_SECRET_FIELDS", "profile CRUD helper has route-level secret field rejection");
95for (const secret of ["privateKeyPem", "password", "passphrase", "proxyPassword"]) {
96 assertIncludes(profileStore, secret, `profile CRUD rejects ${secret}`);
98assertIncludes(profileRoute, "createTerminalSshProfile", "profile collection route creates through validated helper");
99assertIncludes(profileIdRoute, "updateTerminalSshProfile", "profile id route updates through validated helper");
100assertIncludes(profileIdRoute, "deleteTerminalSshProfile", "profile id route deletes through profile helper");
101assertIncludes(profileTestRoute, "plan.redacted", "profile resolve API returns redacted launch plan");
102assertNotIncludes(profileTestRoute, "privateKeyPem", "profile test route must not reference private key material");
103assertNotIncludes(profileTestRoute, "proxyPassword", "profile test route must not reference proxy password");
105// Dry-run temp cleanup check for the expected temp prefix behavior.
106const tempDir = await mkdtemp(join(tmpdir(), "ypi-terminal-ssh-test-"));
107const secretPath = join(tempDir, "context.json");
108await writeFile(secretPath, JSON.stringify({ password: "sample-secret" }), { mode: 0o600 });
MediumSecret Pattern
Package contains a possible secret pattern.
scripts/test-terminal-ssh-config.mjsView on unpkg · L108 109if (process.platform !== "win32") {
110 assert.equal(statSync(secretPath).mode & 0o777, 0o600, "secret dry-run file should be 0600");
112await rm(tempDir, { recursive: true, force: true });
113assert.equal(existsSync(tempDir), false, "temp dry-run directory should be removed");
115console.log("terminal SSH config/security dry-run checks passed");