Add Vitest security test suite and update security evaluation doc

Set up Vitest with server (node) and client (jsdom) test projects. 79 tests across 8 files verify all Phase 0-1 security controls: escapeHtml sanitization, DOMPurify markdown XSS prevention, CSRF enforcement, security headers, rate limiting, auth guards, profile field allowlist, and login anti-enumeration. Updated SECURITY_EVALUATION.md with remediation status, implementation summary, and automated test coverage details.
2026-03-01 12:30:06 +00:00 · 2026-03-01 12:30:06 +00:00 · 29c96a207e
commit 29c96a207e
parent d5c95ace0a
14 changed files with 2454 additions and 3 deletions
--- a/vitest.config.js
+++ b/vitest.config.js
@ -0,0 +1,25 @@
+import { defineConfig } from 'vitest/config'
+
+export default defineConfig({
+  test: {
+    projects: [
+      {
+        test: {
+          name: 'server',
+          include: ['tests/server/**/*.test.js'],
+          environment: 'node',
+          globals: true,
+          setupFiles: ['./tests/server/setup.js']
+        }
+      },
+      {
+        test: {
+          name: 'client',
+          include: ['tests/client/**/*.test.js'],
+          environment: 'jsdom',
+          globals: true
+        }
+      }
+    ]
+  }
+})