const { describe, test, expect } = require('bun:test')
const {
sanitizeUserInput,
wrapUserContent,
createHardenedSystemPrompt,
shouldBlockInput,
generateBoundary,
normalizeText,
hasAttackContext,
hasLegitimateContext,
isObfuscatedAttack,
CORE_ATTACK_PATTERNS
} = require('./prompt-sanitizer')
describe('Prompt Sanitizer Security', () => {
describe('sanitizeUserInput', () => {
test('allows normal user input', () => {
const result = sanitizeUserInput('Create a WordPress plugin for contact forms')
expect(result.blocked).toBe(false)
expect(result.sanitized).toBe('Create a WordPress plugin for contact forms')
})
test('handles empty input', () => {
const result = sanitizeUserInput('')
expect(result.blocked).toBe(false)
expect(result.sanitized).toBe('')
expect(result.confidence).toBe('none')
})
test('handles null input', () => {
const result = sanitizeUserInput(null)
expect(result.blocked).toBe(false)
expect(result.sanitized).toBe('')
})
test('handles undefined input', () => {
const result = sanitizeUserInput(undefined)
expect(result.blocked).toBe(false)
expect(result.sanitized).toBe('')
})
test('truncates long input', () => {
const longInput = 'a'.repeat(60000)
const result = sanitizeUserInput(longInput, { maxLength: 50000 })
expect(result.sanitized.length).toBe(50000)
expect(result.warnings.length).toBeGreaterThan(0)
})
test('escapes HTML by default', () => {
const result = sanitizeUserInput('')
expect(result.sanitized).toContain('<')
expect(result.sanitized).toContain('>')
expect(result.sanitized).not.toContain('