[audit] test-gap: 11 write operations missing from exhaustive MCP bridge read-only test #515
Description
Problem
The exhaustive_write_operations_not_read_only test in src-tauri/src/mcp_bridge/state.rs:283 is designed to ensure all write operations are correctly classified as non-read-only. However, 11 write operations defined in vmark-mcp-server/src/bridge/core-types.ts are missing from the test:
selection.delete(core-types.ts:48)block.toggle(core-types.ts:59)table.addRowBefore(core-types.ts:68)table.addRowAfter(core-types.ts:69)table.deleteRow(core-types.ts:70)table.addColumnBefore(core-types.ts:71)table.addColumnAfter(core-types.ts:72)table.deleteColumn(core-types.ts:73)table.toggleHeaderRow(core-types.ts:74)smartInsert(core-types.ts:144)insertMedia(core-types.ts:146)
Impact
The test's purpose is regression prevention — catching accidental misclassification of write ops as read-only. Missing entries defeat this purpose. Currently not a runtime bug because unknown operations default to "not read-only" (write), but a future refactor could accidentally add them to the read-only list without the test catching it.
Suggested Fix
Add all 11 missing operations to the write_ops array in the test:
let write_ops = [
// ... existing entries ...
"selection.delete",
"block.toggle",
"table.addRowBefore",
"table.addRowAfter",
"table.deleteRow",
"table.addColumnBefore",
"table.addColumnAfter",
"table.deleteColumn",
"table.toggleHeaderRow",
"smartInsert",
"insertMedia",
];Files
src-tauri/src/mcp_bridge/state.rs:283-342(test)vmark-mcp-server/src/bridge/core-types.ts:48-146(source of truth for operation types)